Cyberpills.news

Discovery of an AiTM attack campaign on Microsoft 365A detailed exploration of AiTM attack techniques and mitigation strategies to protect Microsoft 365 from advanced compromisesIn July 2024, the Field Effect security team discovered “Adversary-in-the-Middle” (AiTM) attacks against Microsoft 365, using Axios to steal user credentials, including MFA codes, via phishing. Monitoring, credential rotation and anti-phishing training are recommended.

Apple ID security: prevent phishing attacks with two-factor authenticationLearn how cybercriminals exploit phishing and learn how to defend your Apple ID with simple but effective security measuresApple ID users are being hacked via phishing emails and SMS that appear legitimate. Hackers steal credentials to lock out accounts and access funds. Enabling two-factor authentication (2FA) is vital to protecting yourself by avoiding clicking on suspicious links.

GDPR scandal: Vinted under investigation for serious user data breachesTransparency issues and misuse of data: Vinted in the crosshairs of European data protection authoritiesVinted was fined by the Lithuanian regulator for GDPR violations, including obstacles to data deletion, use of non-transparent "shadow bans", and poor data protection measures. The fine is 2.3 million euros. The company intends to appeal the sanction.

Cybersecurity in crisis: consequences of the mega data theft in a Chinese travel agencyMassive travel data theft uncovered: How hackers breached the defenses of a popular Chinese travel agency, possible legal repercussions, and future defense strategiesA cyber attack hit a Chinese travel agency, exposing the data of 7.5 million tourists. The attackers used advanced techniques such as phishing and malware. The event highlights the urgency of improving safety measures and staff training.

The hidden truth: the cyber attack on OpenAI and its consequencesThe cyberattack that OpenAI kept hidden discovered: implications, criticisms and the future of AI securityOpenAI suffered a cyber attack in 2023 without informing the public. Although sensitive data was compromised, critical systems remained intact. The company has since improved security, but criticism of the incident and the spread of modified versions of ChatGPT raise concerns.

Ethereum mail list breach: large-scale phishingLearn how cybercriminals targeted Ethereum users with a sophisticated phishing campaign, and what security measures have been implemented to prevent future threatsOn June 23, the Ethereum mailing list provider was hacked, exposing 35,794 emails to a phishing attack. Hackers sent fake investment offers to steal cryptocurrencies. Ethereum responded by tightening security and notifying users.

Hacker attack compromises Ticketmaster: the value of the theft exceeds 22 billion dollarsSensitive data and millionaire tickets in the hands of the ShinyHunters groupA devastating hacker attack by the ShinyHunters group hit Live Nation and Ticketmaster, stealing data on 193 million tickets, including 440,000 for Taylor Swift, with a total estimated value of $22.7 billion.

Security alert for MSI Center: critical vulnerability discovered in Windows systemsA critical flaw in Windows systems allows limited users to obtain administrator privileges: find out how to protect yourself and what solutions to implement to avoid cyber attacksA vulnerability (CVE-2024-37726) was discovered in MSI Center on Windows, allowing elevation of privilege. Users should update to version 2.0.38.0 to mitigate risks. This flaw can allow total control of the system by attackers.

Operation Morpheus: Europol hits cybercrime hardA vast network of illegal servers discovered and neutralized: the global fight against cyber threats enters a new phaseOperation Morpheus, coordinated by Europol, disabled nearly 600 Cobalt Strike servers used by cybercriminals. Pirated versions of this pentesting tool have been exploited for cyber attacks. Public-private collaboration has been crucial to this success.

regreSSHion vulnerability discovered in OpenSSHLearn how an old vulnerability returns in a new, threatening form and what steps to take to secure your OpenSSH systemsA flaw in OpenSSH, called regreSSHion and identified as CVE-2024-6387, allows remote attacks. This bug is a regression of an old CVE from 2006. Major Linux distributions have released updates to address the issue.

Indirector vulnerability discovered in modern Intel CPUsNew Intel CPU security threat: learn how the Indirector attack can compromise your data and key techniques to protect yourselfA new vulnerability called Indirector affects recent Intel processors, exploiting flaws in the IBP and BTB components to access sensitive data. Intel has recommended mitigation measures but they may affect performance. The discovery will be presented at the USENIX Security Symposium.

Serious vulnerability discovered in Rabbit R1: all user data at riskVulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?The Rabbitude Group has discovered a vulnerability in the Rabbit R1 AI device that exposes crucial API keys. These keys allow unauthorized access to users' personal data. Rabbit has revoked an API key and is investigating, but has found no evidence of violations so far.

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackersBrain Cipher is a new ransomware group that hit a data center in Indonesia, encrypting government servers and disrupting vital services. They demanded a ransom of $8 million in Monero. Ransomware encrypts both data and file names, making recovery difficult.

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incidentOver the weekend, a security incident hit Patelco Credit Union in California, blocking access to funds for nearly half a million customers. The company has had to shut down several banking systems and is working with experts to resolve the issue.

Severe vulnerabilities in Juniper Networks devices: urgent security updatesThe critical issue that exposes corporate networks to serious risks and the immediate measures to be takenJuniper Networks has released security patches to fix a serious vulnerability in Junos OS. This flaw, rated 10.0, allows arbitrary code execution and denial of service. Immediate update is recommended to protect company IT infrastructures.

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threatTeamViewer suffered a cyber attack but reassured that customer data is safe. The company works with security experts to investigate and strengthen system protection. The incident highlights the importance of cybersecurity for all businesses.

Polyfill JS supply chain attack: what happenedA detailed analysis of the cyber attack that compromised a library essential for JavaScript compatibility in browsersSupply chain attacks on open source projects have increased in recent times. Polyfill JS, used to improve browser compatibility, was compromised by a malicious domain. Developers should remove references to this domain to protect themselves.

Security alert: supposed LockBit intrusion into the Federal Reserve systemPossible consequences and responses of the authorities to the alleged cyber breach of the Federal ReserveLockBit claims to have hacked the US Federal Reserve, stealing 33 TB of sensitive data. However, concrete evidence is lacking. The FBI recovered decryption keys to help victims. Experts remain skeptical, considering this claim a possible visibility maneuver.

China's strategy in cyber space: civilian hackers and state supportCivilian hackers and digital sovereignty: China's cyber espionage modelChina's offensive cyber ecosystem relies on state-backed civilian hackers using zero-day vulnerabilities. Hacking competitions and bug bounty programs are used to identify these flaws. Other countries must balance these practices with their own ethical values.

Cyber attack interrupts Euro 2024 live broadcastInterruption of the live streaming of a Euro 2024 match: TVP under DDoS attackA DDoS attack hit broadcaster TVP during a 2024 European Football Championship match between Poland and Austria, interrupting the broadcast. TVP acted quickly to restore service. The attack is suspected to have come from Russia. Preventive measures are in place for future events.

Serious digital security incident in Indonesia puts sensitive national data at riskRecent vulnerabilities and the national response to cyberattacksA data center in Indonesia has been hacked, with cybercriminals stealing sensitive data and demanding a ransom. The attack highlights gaps in national cybersecurity and the need to improve protections and collaborations to prevent future threats.

Alexa is renewed: Amazon focuses on generative artificial intelligence and monthly subscriptionsNew features and economic opportunities to improve the Alexa user experienceAmazon is revamping Alexa with paid versions equipped with generative artificial intelligence. The goal is to make it smarter and more profitable, using it to facilitate purchases on Amazon and introducing monthly subscriptions.

Growing activity of chinese hacker groupsIdentifying and mitigating new threats: the growth of hostile cyber operations led by chinese hacker groupsIn June 2024, Chinese hacker groups intensified attacks using tools such as SpiceRAT and advanced phishing and zero-day techniques. They have affected global organizations, causing serious damage. Companies must implement enhanced security measures and train employees.

Hacker attack on ASST Rhodense: sensitive data compromisedSerious consequences for the IT security of Lombardy healthcare facilitiesASST Rhodense has suffered a major cyber attack from ransomware group Cicada3301, which stole 1TB of sensitive data. Authorities are working to contain the damage and prevent future attacks. The Lombardy Region provides support and security experts are at work.

Microsoft fix for critical Wi-Fi vulnerability: urgent updateMicrosoft releases critical security updates to protect Windows devicesMicrosoft has released security updates to address a serious vulnerability (CVE-2024-30078) in Windows Wi-Fi drivers, which allowed remote attacks via public Wi-Fi networks. It is critical to update systems immediately to prevent security risks.

Serious vulnerability in Microsoft Outlook: risk of spoofing in company emailsThe importance of a timely response to mitigate risks associated with security vulnerabilitiesA critical bug in Microsoft Outlook may allow corporate emails to be impersonated, increasing phishing risks. Microsoft initially ignored the report, but is now reviewing the issue. Users are advised to strengthen their cybersecurity.

Italy: the new DDL Cyber lawNew rules for cybersecurity: strengthening defense and awareness in the digital sectorThe Cyber DDL, approved in Italy, strengthens IT security with operational measures, continuous training and awareness. It promotes collaboration between entities and allocates funds to improve IT infrastructures, supporting research, development and innovation in the field of cybersecurity.

Meet experts and innovations at the Cyber Security & Cloud Expo Europa 2024 in AmsterdamInnovative concepts and unique opportunities: discover the best of cybersecurity and cloud computingThe Cyber Security & Cloud Expo Europa 2024 will be held in Amsterdam on 1-2 October. The event will offer both free and paid passes, with benefits such as access to all tracks, networking events and the dedicated app. Agenda and prominent speakers promise high-level content and networking.

Burnout among cybersecurity specialists: a growing problemBitdefender study: impact of burnout on staff and emerging challenges in cybersecurityA Bitdefender survey reveals that over 70% of cybersecurity professionals work on weekends, leading to burnout and dissatisfaction. The main threats are phishing, software vulnerabilities and ransomware. Organizations invest in security but current solutions are not adequate.

The impact of CVSS 4.0 in Software Security Vulnerability AssessmentThe evolution of the Common Vulnerability Scoring System and its importance for corporate information securityCVSS 4.0, released on October 21, 2023, is a tool for assessing the severity of software vulnerabilities. It uses 30 variables in four categories: Basic, Threat, Environmental and Supplemental. Helps organizations manage and prioritize vulnerabilities to reduce risk.

The importance of the CyberDSA event for digital security in Southeast AsiaSoutheast Asia's leading cybersecurity event between international cooperation and technological innovationCYBERDSA is a major cybersecurity event in Southeast Asia, with goals of connecting government and private leaders to address cyber challenges. The 2024 edition will be held in Kuala Lumpur from 6 to 8 August, with expectations of high participation and innovation.

Serious vulnerability found in Mali GPU drivers: updates requiredExposure to cyber attacks for Mali GPU devices: immediate corrective actions requiredARM has reported a "use-after-free" vulnerability in Mali Bifrost and Valhall GPUs, which has already been exploited by malicious actors. They recommend quick driver updates to protect devices, especially for those using versions r34p0 to r40p0, patched from r41p0 onwards.

Cyber threat to the Italian Ministry of Defense: critical access for sale on underground forumsRisks and implications of selling compromised access in cybercrimeAn Initial Access Broker has offered RCE access for sale to the Italian Ministry of Defense's "Difesa IT" website. IABs sell access to cybercriminals, who use them for attacks such as ransomware. Cyber threat intelligence is essential to prevent these threats.

Breach of cloud services: large-scale attack against Snowflake customersInvestigations detect large-scale cyber attacks leveraging compromised credentials and advanced intrusion toolsA security breach on Snowflake affected over 165 companies, including Ticketmaster and Santander, with sensitive data stolen. Hackers exploited stolen credentials via malware. The lack of multi-factor authentication contributed to the compromise.

Investigation into Facebook data breach and Akira ransomwareCybersecurity challenges: from the latest Facebook breach to the Akira ransomware threatThe article discusses a recent data breach at Facebook that compromised millions of profiles, the FBI's warning of an increase in Akira ransomware cases, and the importance of multi-layered strategies for companies and international collaboration to counter cyber threats .

NotPetya: the cyber attack that changed the face of cyber securityThe global devastation of the NotPetya cyberattack: Analysis of a borderless cyber conflictIn 2017, the NotPetya cyber attack, originating from Russia and targeting Ukraine, infected MeDoc software, affecting vital sectors and causing global damage. It turned out to be destructive and not for the purpose of redemption. Russian GRU unit 74455 was held responsible.

Malware emergency on macOS: Atomic Stealer's threat to sensitive data and cryptocurrenciesNew infection and mitigation techniques to protect Mac devicesAtomic Stealer is a new malware that affects macOS, stealing sensitive data and cryptocurrencies. It spreads as cracked software. It uses AppleScript to obtain passwords and steals data from browsers and cryptocurrency wallets. It is recommended to download from official sources only.

TPM chip vulnerabilities and risks without physical accessTPM chip security under scrutiny: new vulnerabilities and mitigation strategiesA researcher has revealed a vulnerability in TPM chips that allows hackers to access data without physical contact. This flaw affects Intel systems and requires firmware updates that not all manufacturers have implemented. A tool to detect the vulnerability will be available soon.

Serious security flaw in PHP on Windows server in CGI modeCVE-2024-4577 vulnerability details and essential mitigations for PHP servers on Windows in CGI modeDEVCORE has discovered a serious vulnerability (CVE-2024-4577) in PHP on Windows in CGI mode, which allows remote code execution. It affects several versions of PHP and poses a critical risk to servers. Immediate updating of PHP is recommended.

Kali Linux innovations and technical improvements in version 2024.2New tools, GNOME desktop improvements, and Kali NetHunter updatesThe Kali Linux 2024.2 release introduces significant updates, including GNOME 46 and improvements for Kali-Undercover and Xfce. Introduces new hacking and penetration testing tools, along with improvements to Kali NetHunter. Available for various systems and upgradeable with sudo apt update && sudo apt...

Secure Boot: Microsoft updates certificates to address vulnerabilitiesThe impact of Secure Boot certificate revocation and Microsoft's mitigation strategiesMicrosoft will update Secure Boot certificates to address vulnerabilities, potentially rendering older Windows bootloaders unusable. The updates will be distributed via Windows Update, but may cause problems, also requiring UEFI BIOS updates to recognize the new certificates.

Leveraging log data in cybersecurityHow hackers exploit logs to compromise the security of networks and applicationsLogs are files that record system data and network activity. Hackers scan them to discover vulnerabilities, gain administrative privileges, and evade security systems. Administrators must regularly monitor logs to prevent cyber attacks.

The evolution of privacy: the key role of the GDPR and the Data Protection OfficerAn in-depth analysis of the implications of the GDPR for the management of personal dataThe GDPR, which came into force on May 25, 2018, standardizes personal data protection in the EU. It introduces severe sanctions, strengthens user rights and requires security and compliance procedures, such as the Processing Register, clear information, and written designations for those managin...

Data breach: 560 million users involvedHow to protect yourself from the consequences of a major data breachShinyHunters hacked Ticketmaster-Live Nation, stealing 1.3 terabytes of data from 560 million users, now for sale on the Darkweb. The stolen data includes personal and payment information. Users risk spam and phishing attacks. We recommend using 2FA and monitoring your data.

Ransomware attack on Synnovis: London health services in crisisSevere disruption to pathology and diagnostic services in LondonA ransomware attack has hit Synnovis, a diagnostic services provider in London, disrupting clinical services at major NHS hospitals. The incident primarily impacted blood transfusions and caused postponements of scheduled appointments.

Defending credentials: techniques and tools for account security in the digital ageAdvanced strategies and tools necessary to ensure the security of account credentials in the current context of cyber attacksProtecting account credentials is crucial against cyber attacks. Using strong passwords, 2FA, and tools like “Have I Been Pwned” helps prevent breaches. Organizations must adopt security strategies and have a recovery plan ready in the event of a compromise.

A new LPE exploit for Windows for sale in the undergroundA new local privilege escalation threat for Windows in the underground forumsA privilege escalation exploit on Windows systems has been discovered in an underground forum. Sold for $120,000, it compromises various versions of Windows in seconds while remaining hidden. Emphasizes the importance of updating and protecting systems.

KeyPlug backdoor identified: alarm for Italian industriesTinexta Cyber reveals the technical details of the dangerous KeyPlug backdoor and its implications for the security of Italian businessesTinexta Cyber discovered the KeyPlug backdoor, attributed to China's APT41 group, which infected Italian companies. KeyPlug affects both Windows and Linux. A connection with the I-Soon data leak is suspected. It is crucial to strengthen industrial security against these threats.

Critical failure in Check Point VPN solutions: risks and security measuresExposure of enterprise systems: urgent updates and patches to protect networksA critical vulnerability in Check Point VPNs, disclosed via a PoC, allows an attacker to execute arbitrary code. Check Point has released a patch and recommends urgent updates to avoid security risks. The incident highlights the importance of updates and ongoing surveillance.

Massive cyberattack on Windstream home routersAn analysis of the devastating cyber attack on Windstream routers and the techniques used by the cybercriminalsA malware attack called “Pumpkin Eclipse” has rendered more than 600,000 Windstream routers inoperable in the US. Black Lotus Labs experts discovered that the Chalubo malware overwrote the devices' firmware. The origin of the attack is still uncertain.