AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Cyberpills.news

California state worker union data breachSuspected unauthorized access to confidential SEIU member dataThe state workers union SEIU Local 1000 in California was hit by a ransomware attack that potentially exposed sensitive data of approximately 96,000 workers. The attack was attributed to the LockBit 3.0 group.

Cyber security: combating bank data theftThe growing threat of infostealers in the banking sectorInfostealers are malware that steal sensitive data, such as banking credentials. Banks must use advanced security systems and teach customers to avoid risks. In the event of attacks, rapid reaction plans limit the damage.

Tensions and strategies: the TikTok case and US cybersecurityData management and cooperation: TikTok between security and privacyTikTok is facing concerns in the US over data security. It has taken steps to protect privacy, such as limiting access to data and improving transparency. The debate about its use continues.

Cyber security: the deepfake risk in virtual meetingsPrevention and response strategies to deepfake attacks in virtual conferencesDeepfakes in video conferencing are a threat to corporate security. Advanced systems are used to defend themselves and companies must respect privacy laws by constantly monitoring the network.

Cyber attack on Cloudflare by alleged state APTEmergency intervention and investigation into the operations of an APT against the network security giantCloudflare suffered an advanced cyberattack that breached its Atlassian systems, resulting in the theft of documents and source code. They responded by replacing credentials and isolating systems.

Security incident for AnyDesk softwareStrengthened security and preventative actions following the AnyDesk cyber breachRemote desktop service AnyDesk suffered a cyber attack following an internal audit. The company is taking action with security measures, such as certificate cancellation and replacement, and advises users to change passwords and update software.

FTX collapse: the $400 million SIM swapper hitTechnological intrigue and social engineering: the shocking revelation behind the FTX theftA gang of SIM swappers stole $400 million in cryptocurrency from the FTX exchange, using a cloned SIM. Three main suspects used money laundering techniques to hide the theft.

Security alert: critical issues detected in GNU C libraryA serious bug discovered in the C standard library: the alert involves multiple Linux distributionsA serious flaw (CVE-2023-6246) has been discovered in the GNU C Library (glibc) affecting many versions of Linux, allowing potential attacks to gain root privileges.

CERT-UA alert: PurpleFox outbreak in UkraineUnder attack: measures to combat PurpleFox's infiltration into UkraineThe Ukrainian CERT-UA has detected a wide spread of PurpleFox malware, recommending updating systems and using antivirus to identify and remove the virus.

Critical vulnerability for Mercedes-Benz: GitHub token exposureInadvertent exposure of a company token puts Mercedes-Benz's IT security to the testMercedes-Benz faced a data leak because an employee exposed a GitHub token, allowing access to important source code. The company responded by revoking the token and strengthening security measures.

Cyber security & cloud congress 2024: synergy between expertsCutting-edge innovations and strategies in the cybersecurity and cloud landscapeThe 2024 Cyber Security & Cloud Congress in Santa Clara is an event for IT security professionals, featuring cybersecurity and cloud conferences, expert speakers and networking opportunities.

The CYSEC Qatar Cybersecurity Summit 2024Innovation and security in the spotlight at the next cybersecurity conference in DohaThe CYSEC Summit in Qatar is a major cybersecurity event that brings together experts to discuss cybersecurity and strategies to address digital challenges in the country.

Cybersecurity and the promise of NeuralinkInnovation and data protection challenges in the neural chip eraElon Musk's Neuralink is developing brain chips that allow you to control devices with your mind. There is excitement about the possible benefits but also concern about cybersecurity.

FBI alert: couriers are a tool for new fraudsExploitation of delivery services for financial scams: the modus operandi of cyber criminalsThe FBI warns that scammers are posing as tech support workers or officials to convince people, often elderly people, to give them valuable assets such as gold, using couriers.

Analysis of critical issues in biometric authentication systemsBiometric security integrity challenges and solutionsA study by Altroconsumo has revealed vulnerabilities in smartphone facial recognition systems. Recommend using more secure methods such as fingerprints or pins to protect data. Juniper Research predicts an increase in the use of biometrics in payments.

Windows security alert: Phemedrome malware bypasses Microsoft DefenderTreacherous overtake: Phemedrome malware leaves Microsoft's defenses behindA malware called Phemedrome is attacking Windows systems by exploiting a security flaw in Microsoft Defender SmartScreen to steal data.

HP Enterprise data breach: Nobelium investigatedIn-depth analysis of the recent cyber attack on HP Enterprise and possible connections with past episodesHP Enterprise suffered a cyber attack where data was stolen from its emails, probably by Midnight Blizzard, a group linked to Russian intelligence. The connection with other similar attacks is being investigated.

Massive data exposure: global breach discoveredIncredible security incident: 26 billion data exposedA 12 terabyte database with 26 billion sensitive records has been exposed online. Researchers recommend strong passwords and multi-factor authentication to protect yourself.

New "Kasseika" ransomware tactic discoveredAdvanced Kasseika ransomware attack methodology evades digital defensesA ransomware variant called Kasseika uses a vulnerable driver to disable antivirus and encrypt data. It starts with an email scam and then spreads across the internet. Demands 50 Bitcoin ransom.

Discovery of vulnerable e-commerce sites internationallySecurity measures against the increase in attacks on online sales sitesThe recent operation by Europol and Enisa uncovered measures against "digital skimming" which steals sensitive data from e-commerce sites. They suggest precautions such as updating systems and using protective technologies such as 3D Secure.

Australian sanctions against Russian cyber criminalPunitive measures against those responsible for the attack on MedibankMedibank hack exposed data of 10M Australians. The government has sanctioned Russian Ermakov, a suspect in the attack, and is strengthening national cybersecurity.

Global investigation reveals security weaknesses in Windows assetsCritical discoveries in Windows infrastructures highlight the urgency for robust security strategiesAnalysis of 2.5 million vulnerabilities reveals that half of the most serious ones affect Windows 10. Critical threats are reduced and construction manages cybersecurity better than mining. Penetration testing is key.

Innovative detection method of spyware on iOSDiscover the new frontier of mobile security: iShutdown and the fight against spyware attacks on iPhoneThe Kaspersky laboratory created iShutdown, a method to discover Pegasus spyware on iPhone by analyzing the Shutdown.log system file. It offers non-invasive diagnosis and helps protect against advanced malware.

Data leak: 71 million online credentials exposedThe serious security breach reveals the need for enhanced protective measures for usersA hacker has leaked 71 million user credentials online from major platforms such as Facebook and Roblox. The data includes emails and 25 million unencrypted passwords. We recommend using strong passwords and two-factor authentication.

What is IP Spoofing and the threats it posesAddress sophisticated network security threatsIP spoofing is a cyber attack where the IP address is spoofed to hide the hacker's identity and fool security systems. It is used to steal data or cause disruptions.

Online integrity and performance: Cloudflare defending the webCloudflare as a bulwark against threats and a web performance acceleratorCloudflare offers a reverse proxy service that protects websites from attacks and improves their performance. However, there are tools like CloakQuest3r that can discover the real IP addresses of protected servers.

Rogueware: the deceptive veil of fake antivirusesStrategies and tips for defending against fake security softwareRogueware is malware that looks like legitimate antivirus and tricks users with false security alerts into paying for a "full" version. It is essential to inform and update security defenses to prevent them.

Security alert: Ivanti Connect Secure VPN under attackIncrease in attacks on Ivanti VPN systems highlights critical issues in corporate cybersecurityTwo serious vulnerabilities, CVE-2023-46805 and CVE-2024-21887, affected Ivanti VPNs, with attacks starting in December 2023. It is estimated that there are over 18,000 devices at risk globally. Ivanti has provided safety guidelines.

Transatlantic dynamics in cybersecurityResponse strategies and cooperation between the EU and the US in the context of digital securityThe article compares cybersecurity strategies in the US and EU, highlighting their focus on resilience and cooperation against cyber threats, with ENISA supporting Europe in analyzing and managing cyber challenges.

Security risk: NoaBot affects Linux systemsEmergency in Linux-based systems: NoaBot exploits SSH vulnerabilities for covert cryptocurrency miningNoaBot is a new malware that targets Linux devices for use in cryptocurrency mining. It hides better than other viruses and spreads by cracking weak SSH passwords. Akamai has studied and tracked NoaBot, providing advice on how to recognize and stop it.

Alert for a serious vulnerability in SharePointThe invisible threat: a security flaw to monitor carefullyA serious vulnerability in Microsoft SharePoint, code CVE-2023-29357, could be exploited for ransomware attacks. It is urgent to install the released updates to prevent possible security breaches.

Cybercrime in Ukraine: cryptojacking operation dismantledInternational operation against illegal cryptocurrency miningA 29-year-old man who illegally created a million virtual servers to generate cryptocurrencies, earning $2 million, has been arrested in Ukraine. Europol and local police worked together to stop him after reports of suspicious activity.

Cybersecurity emergency: Google cookies in the sights of hackersSecurity experts alert: Google session data vulnerability under hacker attackA report indicates that there is malware stealing Google session cookies to access user accounts. Even changing your password doesn't stop the attack. Google is working to fix the problem.

AsyncRAT: a large-scale cyber breachInfiltration and evasive strategies: the RAT that threatens digital securityAsyncRAT, a remote access tool for Windows, was used in a cyberattack to infiltrate and steal data from systems, targeting critical infrastructure in the US.

Security alert: malicious packets detected on PyPIPrevention measures and security awareness in response to the cyber threat on PyPIESET has discovered 116 malicious packages on PyPI that could install malware and infostealers to steal data and cryptocurrencies. Developers need to be careful and check the code.

Quantum computing: the next frontiers of 2024Advances and challenges of quantum computing in the new yearQuantum computing is advancing, with new security standards coming in 2024. It will combine with artificial intelligence to improve performance, and advances in quantum hardware are expected.

New EU regulation to strengthen cybersecurityImpacts and developments of the new EU directive on cyber resilienceThe EU has introduced new rules on cybersecurity, creating the IICB to improve resilience against cyber attacks. The Cert-EU has new intelligence and support functions.

Difficulty in accessing italian users via SPID on EU LoginInteroperability of digital identities: nodes and disservices in the SPID authentication system for Italian usersMany Italians are having problems accessing European web services via SPID, due to a persistent error. At the root of the problem would be the Italian eIDAS node, still in the process of being updated. This latest delay is negatively impacting users' job opportunities.

Large-scale theft of cryptocurrencies via phishingAnalysis of sophisticated cybercriminal strategies in the cryptocurrency sectorThe text reports that in 2023 a powerful malware, called "Wallet drainer", caused a loss of 295 million dollars in cryptocurrencies to 324,000 users. There are criminal groups, such as Monkey Drainer and Inferno Drainer, who have perpetrated phishing attacks by evading security systems. Despite advertising...

Discovery of a sophisticated malware attack against iPhonesExploited 4 zero-day vulnerabilities in a multi-faceted deadly malware attack on Apple devicesThe recent “Triangulation” hacker attack targeted iPhone users using undocumented vulnerabilities. The “backdooring” method was used to gain unauthorized access to systems and spread malware via iMessage by exploiting four zero-day vulnerabilities. Analysis revealed that the attacks were successful by expl...

Yahoo data breaches: Food for thought on cybersecurityThe implications of the Yahoo data breach and the need for greater cybersecurityThe article discusses cyber breaches suffered by Yahoo in 2013 and 2014 that exposed data of billions of users. The attack was facilitated by phishing techniques and outdated encryption. Yahoo's secrecy and poor data security management led to serious consequences, including a hefty fine. After the incident,...

Black Basta decryption: ransomware flaw discovered and decryptor createdSRLabs exposes Black Basta's fake invincibility: compromised encryption offers a bastion of hope for victimsSRLabs researchers have discovered a flaw in the encryption software of the Black Basta ransomware, creating a decryptor to recover encrypted files. The decryptor, called 'Black Basta Buster', exploits a weakness in the encryption algorithm used. However, the flaw has been fixed, preventing the use of...

Google faces and settles $5 billion privacy disputePotential bypass identified in Chrome's incognito mode. Possible solutionsGoogle has settled a $5 billion legal dispute over the tracking of incognito mode user data on its Chrome browser. One programmer, Jesse Li, discovered how websites can detect whether a user is using incognito mode thanks to the way Chrome handles FileSystem API data. This could be prevented if Google...

Cyber security in space: the latest trendsChallenges and innovative approaches to protecting space operationsThe growing interest in the commercialization of space has highlighted the importance of cyber security. In particular, artificial intelligence and data analytics technologies used in space tourism and small satellite networks are attractive targets for cybercrime. Faced with this threat, NASA has published...

International operation dismantles Kingdom MarketThe international collaboration leads to the seizure of the servers and the discovery of new investigative leadsGerman authorities, in collaboration with the USA, Switzerland and Moldova, have busted the virtual darknet black market, Kingdom Market. This portal sold drugs, cybercrime kits and fake documents, accepting payments in cryptocurrencies. The seizure of the servers made it possible to launch investigations...

India's request to Apple: ease security warningsBetween transparency to customers and diplomatic pressure: the difficult balance of tech companiesThe Indian government has asked Apple to moderate the impact of security warnings sent to iPhone users about possible attacks by state entities. This request highlights the challenges tech companies face in balancing digital security and geopolitical dynamics.

Cyber intrusion hits Yakult Australia and New ZealandDragonForce releases 95GB of leaked data: Buttonware known for production of popular probiotic beverageThe well-known company Yakult Australia was the victim of a cyber attack. The "DragonForce" criminal group claimed responsibility for the raid, during which 95GB of company data was allegedly stolen and subsequently disclosed. Despite the accident, the company's offices are operational. The investigations...

NASA issues guidance on space cybersecurityA proactive response to growing security threats in the aerospace industryNASA has released a manual for cybersecurity in space, designed to protect against growing vulnerabilities in the aerospace sector. The guidelines recommend continuous risk monitoring, application of domain separation and least privilege principles, as well as rigorous authentication of personnel and...

Corewell Health security breachData from over a million Michigan residents stolenMichigan healthcare provider Corewell Health's cybersecurity was breached, exposing sensitive data of more than a million residents. The compromised information includes personal and medical data. HealthEC, the platform involved, has started sending notifications to affected individuals, offering free...

The EU Commission launches incentives for cybersecurityCybersecurity development: from AI enhancement to post-quantum cryptography, EU incentivesThe European Commission will invest 84 million euros in six calls to strengthen cybersecurity. These funds are intended to promote artificial intelligence in security operations, strengthen the cyber resistance of SMEs, and facilitate the migration towards encryption systems resistant to quantum...