Gruppo ECP Advpress Automationtoday AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit Gruppo ECP Advpress Automationtoday AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Cyberpills.news

Angelina Xu: brilliant MIT student wins eighth ESET fellowship for women in cybersecurityFrom Ridge High School to MIT, Angelina Xu demonstrates the power of diversity in STEM and stands out for her contributions to the cybersecurity field, encouraging other women to pursue careers in this...Basking Ridge High School alumna Angelina Xu was recently awarded another prestigious award – the 8th Annual Women in Cybersecurity Scholarship offered by ESET North America. Angelina, a 2021 graduate of Ridge High School, is one of four women selected to receive this scholarship.A brilliant academic j...

Galvanick leads innovation in industrial safety with $10 million in fundingCybersecurity startup plans to revolutionize critical infrastructure defense with backing from well-known investorsGalvanick, an early start-up working on an Extended Detection & Response (XDR) platform for industrial infrastructure, has secured $10 million in venture capital funding. This Los Angeles-based company was co-founded by cybersecurity veterans from the US government and Amazon. Several investment firms...

Toyota: prolonged data exposure due to cloud configuration glitchAutomobile giant conducts thorough security checks after years-long customer data breach impacts both domestic and international clientsRenowned Japanese automobile manufacturer Toyota revealed this week that a glitch in its cloud configuration has resulted in a multi-year exposure of its customer data. The security flaw affected environments managed by Toyota Connected Corporation (TC), encompassing a wide range of information including...

Critical flaw discovered in the ReportLab Toolkit: remote code execution riskAn exploit for a ReportLab vulnerability, used to generate PDFs from HTML, puts millions of users at risk. A security update is availableA researcher has revealed a hands-on experiment of a flaw that allows remote code execution, known as RCE, that affects the ReportLab Toolkit. This tool, a Python library widely used by many projects to convert HTML files to PDF, has a monthly download volume of about 3.5 million on the PyPI (Python...

Critical flaws revealed in Sonos One speakersCybersecurity specialists have exposed flaws that allow remote code execution and the disclosure of sensitive dataThe Zero Day Initiative (ZDI) revealed a number of security issues surrounding Sonos One wireless speakers in its latest report last week. These flaws could be exploited to achieve disclosure of sensitive information and remote code execution.Details of the vulnerabilities discovered in the Pwn2Own hacking...

Fortify your web applications: comprehensive guide to penetration testing and PTaaS for continuou...Discover the seven stages of effective pen testing and the benefits of Pen Testing as a Service (PTaaS) for proactive and continuous web application securityWith the increasing sophistication of cyber-attacks, organizations are recognizing the critical need to protect their web applications from security vulnerabilities. Penetration testing, or pen testing, has emerged as a common practice for identifying and addressing such vulnerabilities. This article...

Expanding cyber threat: GobRAT targets Linux routers in JapanAttack detected by JPCERT Coordination Center compromises router security, obfuscating malware as Apache process and establishing dangerous remote accessThe cybersecurity world has recently been rocked by a new remote access trojan, written in Golang and known as GobRAT. This insidious software targets Linux routers in Japan, and its initial attack strategy involves locating a router whose WEBUI is freely accessible to the public. The trojan then exploits...

Security issue in the WordPress Gravity Forms pluginMore than 930,000 websites could be exposed to security risks due to unauthenticated injection of PHP objects in the popular pluginThe popular WordPress plugin "Gravity Forms", currently used by over 930,000 websites, is vulnerable to unauthenticated PHP object injection. "Gravity Forms" is a customizable form-building tool used by website owners to make payments, registrations, file uploads, or any other forms needed for visitor-site...

The revolutionary impact of machine learning in cybersecurityAn overview of the crucial role of machine learning in strengthening defenses against emerging cyber threats and attacksMachine learning has emerged as one of the most dynamic fields in data science, acting as a subset of artificial intelligence that allows systems to learn from data and make accurate predictions, detect anomalies or make recommendations through various techniques. These methods extract insights from...

Microsoft discovers vulnerabilities in macOS operating systemsMigraine vulnerability allows attackers to bypass System integrity protection security feature, with serious implications on data protection and system stabilityTech giant Microsoft and its security team have discovered and reported to Apple a significant vulnerability in macOS operating systems, dubbed "Migraine". This security flaw, which has the identification number CVE-2023-32369, has raised serious concerns in terms of data protection and system stability....

Critical vulnerability in Gigabyte motherboard firmware: millions of PCs at riskEclypsium detects a hidden and insecure backdoor in the Taiwanese manufacturer's motherboards, opening the door to potential cyberattacksMillions of PC motherboards have been sold with a backdoor in the firmware, recent studies have revealed. This poses a significant security risk, as it makes the work of cybercriminals easier. In fact, the ability to hide malicious programs in the computer's UEFI firmware, which governs the loading of...

JumpCloud winner of the 2023 Fortress cybersecurity awardIndustry recognition for innovative open directory platform, bulwark against cyber threatsThe Corporate Intelligence Group announced on May 31, 2023, in Louisville, Colorado, that JumpCloud Inc. has been awarded the prestigious accolade of the 2023 Fortress Award for Cybersecurity, in the Authentication and Identity category. This industry award recognizes and honors the world's leading companies...

Zyxel fixes major vulnerability in home NAS devicesUsers are advised to update their systems immediately to avoid potential cyber-attacksZyxel, a company renowned for the production of network connected storage devices (NAS) for home use, has solved a significant security problem. The vulnerability, named CVE-2023-27988, was a high-severity security risk involving authenticated command injection. This security issue was seen in the device...

SpinOk spyware found in over 100 android apps with 421 million downloadsMalicious software, identified by Doctor Web, steals data and interacts with users through bogus games and prizes, endangering privacyThe antivirus company, Doctor Web, has detected spy software in more than 100 Android applications. These applications have amassed over 421 million downloads on Google Play. The malicious entity, dubbed 'SpinOk' by Doctor Web, comes in the form of a marketing SDK.SpinOk hidden features and user interaction...

Virtual assistants: from protagonists to pop-ups on the stage of artificial intelligenceA worrying stasis as modern artificial intelligence advances by leaps and boundsIn recent years, the roar of tech giants like Google and Amazon has resounded in every corner of the planet, thanks to well-known personalities: Google Assistant and Alexa. These virtual assistants have invaded our homes, promising to revolutionize their daily lives with a simple voice command. But the...

Proactive cyber defense: a necessity in the digital ageHow collective strategy, innovation and holistic approach can ensure the security of our digital ecosystem in a fast-changing worldThe increase in incidents related to cyber crime, which have recently hit law enforcement agencies and one of the country's online payment providers, highlight how in this digital age nothing is inviolable. Importantly, these high-profile attacks occurred during military exercises and a time of rising...

Digital intrigues: the siege of cybercriminals on the video game industryFrom the explosion of DDoS to the exploit of APIs and web applications: how the gaming industry can counter the growing threat of cybercrimeIn recent years, the video game industry has experienced exponential growth, attracting millions of gamers around the world thanks to a wide range of interactive experiences. However, this popularity has attracted the attention of cybercriminals, who seek to exploit its vulnerabilities. The reasons why...

OneMain financial hit with $4.25M fine over cybersecurity lapsesNYDFS imposes multimillion penalty on lender for alleged violations of the cybersecurity regulationThe New York Department of Financial Services (NYDFS) has recently publicized a $4.25 million fine against OneMain Financial Group LLC. The reason behind this stringent measure relates to OneMain's alleged violations of the Cybersecurity Regulation, also known as 23 NYCRR Part 500.Specific information...

Charlotte AI: the innovative cyber security assistant launched by CrowdStrikeA breakthrough innovation that promises to close the skills gap, automate repetitive tasks and accelerate response to cyber threatsCrowdStrike, a leading cybersecurity company, has announced the launch of Charlotte AI, an innovative assistant powered by generative artificial intelligence. This AI-powered cyber security analyst can be used by users of different skill sets, from newbies to experts, to tackle critical cyber security...

Artificial intelligence regulation in China: the new draft measuresChina aims for broader control over generative AI: focus on core socialist values, regulation of training data and protection of users rightsJust four months after the first legislative measures regarding AI, called "Deep Synthesis Measures on Internet Information Services Administration", the CAC (Cybersecurity Administration of China) introduced the "Deep Synthesis Measures". AI draft". This sudden return to the legislative table appears...

Cyber security emergency: checkmate in the Dallas courtBrazos county responds to vyberattacks: from dramatic consequences to building a dtrong defense lineCyber attacks undermine the security of vital data, which can cause dramatic consequences. A case in point occurred recently in the United States, when the Dallas Municipal Courthouse became the target of such an attack. The result was catastrophic: the building was closed for nearly a month. This incident...

NSSG secures prestigious Comex 2013 cyber security award for 2023Demonstrating exemplary commitment and performance, NSSG marks a significant milestone in global cybersecurity leadershipThe distinguished National Security Services Group (NSSG), renowned for its exceptional cybersecurity services, has received the prestigious Comex 2013 cyber security award for the year 2023. This notable achievement fortifies the company's global standing, elevating it to the ranks of esteemed corporations...

Josh Lospinoso and artificial intelligence: a balance between innovation and securityThe founder of Shift5 illustrates the potential and threats of AI in the field of cyber security, warning about possible vulnerabilitiesJosh Lospinoso, a cybersecurity veteran, has an impressive resume. In 2017, its first cybersecurity startup was acquired by Raytheon/Forcepoint. His second venture, Shift5, partners with the US military, railroad operators, and airlines like JetBlue. Lospinoso, a 2009 West Point graduate and Rhodes Scholar,...

Illuminate 2023: the future of digital innovation converges in ItalyThe famous international technology conference organized by IAMCP arrives in Lecce for 2 days of insights, networking and training on the latest technological trendsA meeting of global importance in the innovation sector, known as "Illuminate", arrives in Italy, precisely in Lecce, on June 6 and 7, 2023. Organized annually by the International Association of Microsoft Partners (IAMCP), Illuminate has consolidated itself as an exclusive and unmissable event after...

Generative AI abuse: a growing threat to online securityActiveFence report reveals how generative AI is being used for child abuse material production, disinformation propagation and extremismMalevolent actors are abusing Generative Artificial Intelligence (AI) to commit child sexual abuse (CSAM), disinformation, fraud and extremism, says ActiveFence. According to Noam Schwartz, CEO and founder of ActiveFence, "The explosion of generative AI has far-reaching implications for all corners of...

DogeRAT: the new open source danger for AndroidWarning to users: sophisticated malware sneaks through supposedly safe applications, with India as the main targetIn a sophisticated malware campaign, DogeRAT, a new open source Remote Access Trojan (RAT), is primarily targeting Android users in India. This malware is distributed through social media and messenger platforms, masquerading as legitimate applications such as Opera Mini, OpenAI ChatGOT and premium versions...

The national cybersecurity strategy: protection, resilience and digital autonomy for ItalyTackling cyber threats, promoting the national economy and spreading a culture of security to guarantee the country's digital futureOn May 18, the National Cybersecurity Strategy (2022-2026) was approved by the ACN (National Cybersecurity Agency) during a meeting of the Interministerial Cybersecurity Committee chaired by Prime Minister Mario Draghi. This decision was taken at a time of emergency for the cyber attacks that have hit...

The crucial importance of cybersecurity in the education sectorInvest in effective and resilient protections to counter the emerging wave of cyberattacks in educational institutionsThe importance of cybersecurity investment in education cannot be emphasized enough. The expenses associated with a cyber attack can significantly exceed the costs of a solid cyber security strategy. The dangers of networks should never be minimized, especially when thousands of sensitive data are at...

Thwarting ransomware attacksHow modern technology solutions deliver faster, more complete recovery after an attackRansomware attacks are becoming a regular occurrence in today's news, exposing the vulnerability of businesses that depend on data for day-to-day functioning. Not only IT and security professionals, but also business managers are increasingly confronted with this threat.Companies are particularly vulnerable...

BrutePrint: the impact of mobile phone fingerprint vulnerabilitiesA novel, low-cost attack technique bypasses biometric safeguards, leveraging undisclosed vulnerabilities in the mobile fingerprint authentication systemIn recent scientific advancements, an economical method, termed "BrutePrint", has been identified that can exploit fingerprints on mobile phones for unauthorized access and eventual control of the devices. This innovative strategy surpasses the preventative barriers designed to inhibit recurrent unsuccessful...

Chatbot and legal practice: when the AI is wrongPossible legal sanctions for the lawyer who used the OpenAI chatbot in the case of a client injured in flightIn the age of artificial intelligence, many people are wondering if this technology could somehow replace humans in the workplace. However, as a recent legal case illustrates, this is not necessarily true of all professions.Schwartz, an attorney at the major law firm, recently enlisted the help of ChatGpt,...

Spain's plan to curb encryption sparks controversy: an in-depth look at global cybersecurity issuesFrom Meta's record GDPR fine to allegations against NSO Group's Pegasus spywareIn a document recently exposed, it was unveiled that Spanish officials are looking to impose restrictions on end-to-end encryption across the European Union. This came to light as part of a wider European investigation concerning proposals to scrutinize private messages for material related to child...

Cybersecurity threats loom over enterprises, with 65% impacted in a yearA report by Netwrix reveals a significant rise in cybersecurity incidents, with large corporations becoming more frequent targets for ransomware and malware attacks, while smaller businesses underestimate...In the corporate world, cybersecurity threats continue to grow at an alarming pace. Over the past year, a staggering 65% of enterprises reported experiencing a cyberattack, mirroring a similar trend observed across businesses of various scales where 68% have fallen victim, as reported by Netwrix. The...

AI and predictive policing: an ethical dilemma in the digital ageFrom the debate on the ethical use of AI to the new regulations in sight, the article explores the implications of predictive policing and the impact on the individual and societyThe landscape of ethics in Artificial Intelligence (AI) is marked by lively debate. One of the most controversial aspects concerns the use of AI in sectors that could have a significant impact on human rights, as in the case of Predictive Policing.This term refers to the process of collecting and analyzing...

Innovative phishing approach exploits browser-based file archivingThe latest cybercrime method mirrors genuine file archiving software within web browsers, capitalizing on new top-level domains and raising cybersecurity concernsAn innovative phishing approach named "browser-based file archiving" offers a way to impersonate file archiving software, like WinRAR, in a web browser, occurring when a victim lands on a .ZIP website.Revealed by security researcher mr.d0x, the tactic involves making use of a .zip website to present...

The Microsoft Bing chatbot is reborn: the initiative of an entrepreneurThrough astute use of AI, Cristiano Giardina brings the unique personality of the Sydney chatbot to life, highlighting the potential and risks of manipulating generative language patternsMicrosoft Bing Chatbot, known for its unique and peculiar personality known as Sydney, seemed to have lost its essence when the tech giant decided to terminate its distinctive functioning. However, a reimagined version of the bot, complete with its quirky nature, has been brought back to life thanks...

IT security: Rome welcomes the SMI open dayThe importance of cybercrime prevention: experts and industry leaders discuss strategies and technologies for greater data protectionIn an increasingly digitized society, information security is a fundamental aspect. In 2022, a worrying increase in cybercrime reports was recorded: more than 22,000 in Milan, over 20,000 in Rome, more than 16,000 in Turin and 15,000 in Naples. In the face of this growing threat, it is of paramount importance...

ABB encounters ransomware assault: sensitive data reportedly exfiltratedSwiss industrial powerhouse endures cyber attack: operations maintain continuity despite malware intrusion on select systems. No evidence of customer systems being impactedIn a recent announcement, ABB, the Switzerland-based industrial behemoth, verified its encounter with a ransomware assault. The culprits were reported to have extracted some sensitive information during the cyber attack.The organization circulated an official statement and a set of Frequently Asked Questions...

The European Union launches a 71 million euro tender for IT securityNew opportunities for operational and technical capacity building: call for proposals by September 2023 under the European Digital Work Program 2023-2024The European Cyber Security Authority (ECCC) and the European Commission have recently launched a new call for projects, with a total value of 71 million euros. This call is part of the European Digital Work Program 2023-2024 and aims to implement cyber security measures to enhance operational cooperation...

Cyber warfare: Volt Typhoon's blow to USA securityMicrosoft reports bold cyber attack from China: military powerhouse Guam in Pacific is targeted by cyber espionage operationThe Chinese government-backed Volt Typhoon cyber-gang has carried out a series of cyber attacks on US networks, intending to disrupt lines of communication between Washington and Asia. Such activity has been reported by the United States and Microsoft, and below we present the known details and potential...

Olidata takes part in the expo & cyber security forum in PescaraThe president of Olidata presents the new corporate courseOlidata participated in the Expo & Cyber Security Forum in Pescara, a reference event in Central-Southern Italy dedicated to Physical, Logical and Integrated Security players. The president of Olidata, Cristiano Rufini, presented the new corporate course during his speech. He stated that the Group's...

Cyber attacks halved in one yearMedical device alert: let's not let our guard downCyber attacks in Italy are declining in early 2023. However, the risk associated with medical devices is increasing. Exprivia brings it back.The IT consulting firm has seen a 50% drop in cyberattacks over the previous year. But despite this positive data, experts warn that we must not let our guard down.In...

Critical vulnerability affects Samsung devices: CISA alertThe US cyber security agency reports a new flaw affecting Samsung devices with Android 11, 12 and 13. The risk is the circumvention of the ASLR protection system, fearing possible targeted attacksThe US government agency specializing in infrastructure and cyber security, known as the US Infrastructure and Cyber Security Agency (CISA), recently reported a new entry in its Catalog of Known and Exploited Vulnerabilities. This vulnerability, labeled CVE-2023-21492 and with a CVSS severity score of...

How to defend yourself against online scams and protect our privacyThe advice of Nunzia Ciardi, an expert in computer securityNunzia Ciardi is the deputy director of the National Cybersecurity Agency, the body responsible for preventing and countering the cyber attacks that threaten our country. He will participate in the Parole_Ostili festival in Trieste, where he will talk about how to be aware of the risks and opportunities...

Cyber threats on the rise in 2022: what to expect in 2023From regulatory strengthening to certifications, here are the challenges and preventive measures to protect public bodies, businesses and citizens from growing cyber attacksDuring 2022, public and private bodies, businesses and individual citizens have faced increasingly complex cyber threats. In order to counter these cyber threats to the country's system, measures have been taken to strengthen the regulatory framework both at national and European level. But what can...

IT security: growing attacks and new protection plansCyberattacks up 7% globally and new plans to protect against ransomwareThe rise of cyberattacks on a global scale is a worrying phenomenon, with ransomware continuing to be the main threat to the public. That's the conclusion that emerged from the latest report published by Check Point Research, a company specializing in information security. According to analysts, during...