Cyberpills.news
Implications and repercussions of the serious cyberattack on the Lazio NHSConsequences and punitive measures after the ransomware attack that brought the regional healthcare system to its kneesThe Privacy Authority has fined LAZIOcrea, the Lazio Region and the ASL Roma 3 a total of 401,000 euros following a ransomware cyberattack on the Lazio healthcare system in 2021, highlighting serious deficiencies in data security.
Preventing phishing attacks: crucial insight from the LastPass teamAn attentive employee averts an advanced phishing attempt through vigilance and alertnessLastPass employee foiled a phishing attack that used an audio deepfake of the CEO. Caution and critical thinking are essential against cyber fraud and the use of deepfakes.
Telecommunications security: flaw exposes conversations and 2FA to the risk of interceptionRisk of privacy violation through call diversion: measures and industry responsesA flaw in mobile security allows hackers to intercept calls and voice messages, exposing 2FA codes. Experts recommend greater precautions and Verizon promises corrective measures.
The new era of firewalls: between AI and cyber threats in 2024Strengthened security in the digital age: How AI and ML are redefining strategies against cyber threatsIntelligent firewalls, enriched by AI and ML, offer an advanced defense against cyber threats by analyzing network traffic. Increasing cloud adoption, rise in IoT devices, and stringent privacy regulations drive the growth of their market.
Appeal for maintaining sovereignty in the European cloudEuropean ICT industry fighting for cloud certification that guarantees autonomy and data protectionThe text concerns the concern of 18 companies, including Tim and Aruba, for the revision of the Eucs certification scheme in Brussels, fearing the omission of vital criteria for European digital sovereignty.
iPhone security alert: new spyware foundApple tightens security measures for iPhone usersApple has warned iPhone users in 92 countries about spyware attacks that try to compromise devices remotely. They recommend keeping iOS up to date, using Lockdown Mode, and offer support through Amnesty International.
Serious vulnerability discovered in D-Link NAS devicesHigh risk of cyber attacks for thousands of outdated NAS devicesA security flaw, identified as CVE-2024-3273, affects some no longer supported D-Link NAS models, exposing them to risks such as the execution of arbitrary commands. Over 92 thousand devices are at risk. D-Link recommends replacing obsolete equipment.
Risks in open source: the case of the vulnerability in XzThe malicious incursion demonstrates the challenges in security of open source projects, prompting improvements in vetting practicesThe data compression utility Xz has had a backdoor for three weeks, due to a security flaw involving a single person running it. This has raised questions about open source security and the importance of auditing and shared management.
Innovation and networking: G2E Asia and Asian IR Expo 2024Reference platform for gaming innovation and sustainable hospitality in AsiaG2E Asia and the Asian IR Expo 2024 in Macau will showcase innovations for casinos and resorts, covering technologies from hospitality to cybersecurity. Key event for exchanges and trends in the entertainment industry in Asia.
Cyber security revolution: India's 2024 summitA key gathering for IT experts and leaders to shape the future of digital security in AsiaThe India Cyber Revolution Summit for IT professionals will be held on April 25-26, 2024, in New Delhi to discuss data security and innovation in cybersecurity, responding to the growing cyber threats in India.
Security alert for gamers: cyberattacks on Activision platformsActivision players in the crosshairs: the alert is growing for infiltration and data theft through third-party softwareRecently, Activision gamers have been victims of hackers through malware spread via third-party software, such as game cheats. Breaches include credential theft and cryptocurrency. Activision supports the victims and says its servers are safe.
Security alert: sophisticated phishing campaign hits ItalyAn in-depth analysis reveals the advanced techniques of a cyber attack linked to Iranian entities, alarming Italian companiesIn Italy, a sophisticated phishing campaign, with possible Iranian origins, targets businesses via deceptive emails leading to a malicious link. Advanced techniques such as Persistent XSS are used to steal personal data, prompting caution and security updates.
The rise of zero-day exploits in 2023: An in-depth lookA worrying increase that calls for a decisive reaction from the cybersecurity sectorIn 2023, cyber attacks via zero-day exploits increased by 50% to 97 cases. These attacks, primarily targeting popular platforms and devices, are often linked to government espionage. Google and Mandiant highlight the need to strengthen security.
Piracy Shields code revealed: amidst criticism and vulnerabilityPiracy Shields cybersecurity under attack reveals critical issues and sparks debate about web censorshipPiracy Shields, Agcom's anti-piracy tool, has been hacked and its source code published on GitHub. This raises controversy about censorship and security. Radical measures required to protect users.
Significant transaction on Tornado Cash after cyber attackMarket dynamics and security: current evolution in cryptocurrencies and online gamblingThe article discusses a major Ethereum transfer to Tornado Cash after a hack, raising security questions. He also talks about the success of the innovative Scorpion Casino in the world of online gambling and calls for greater security and transparency in the cryptocurrency industry.
Security alert: hacker attack on Discord botsAn in-depth analysis of vulnerabilities and countermeasures in the context of cyber attackRecently, a popular Discord bot portal suffered a hacker attack that put users' security at risk by injecting malicious code into the bots. The platform reacted quickly to protect users and improve security.
International sanctions for digital espionage linked to ChinaPunitive measures against cyber-espionage: Chinese entities and individuals targeted by the US and UKThe US and UK have sanctioned a Chinese entity and 2 citizens for cyber espionage against critics and infrastructure. Accused of links to the Chinese government, they targeted politicians and electoral processes. China denies it and demands concrete evidence.
National Cybersecurity Strategies: a boost to Cloud modernizationToward a resilient digital future: cloud modernization and security for federal agenciesThe Biden administration's National Cybersecurity Strategy requires federal agencies to modernize their IT infrastructures, moving to cloud solutions to improve security and efficiency.
CISA and FBI warn about sql injection vulnerabilitiesPreventive measures and mitigation strategies against one of the most serious cybersecurity risksCISA and FBI warn tech companies about the risks of SQL injection, suggesting the use of parameterized queries for security. Despite known countermeasures, attacks persist, highlighting the need for improved security strategies in software.
DoS loop: new threat on UDP protocol puts digital security at risk300,000 systems exposed: how to deal with the innovative attack that exploits UDP vulnerabilitiesCISPA has discovered a cyber attack, called Loop DoS, that targets systems using UDP, causing endless traffic between servers with fake IP addresses. Around 300,000 devices are at risk. Security patches and preventative methodologies are recommended to avoid this.
Cloud security alert: AWS fixes serious flaw in Apache AirflowAmazon Web Services intervenes promptly to neutralize security flaws in the well-known serviceAWS has addressed a critical vulnerability in Apache Airflow that would allow session hijacking and remote code execution, highlighting the importance of security in the cloud.
ArtPrompt: the new frontier of hacking with ASCII artHow the ancient art form transforms into a tool to bypass AI security filtersHacking uses ASCII art to fool AIs like GPT-4, passing ethical filters. The ArtPrompt experiment revealed that AIs can provide malicious responses when tricked with ASCII. This highlights the need to improve the security of LLMs.
Firebase: 19 million credentials exposed due to a simple errorA large-scale misconfiguration puts the personal information of millions of users at riskA breach in Firebase exposed 19 million passwords and 125 million sensitive data. Analyzing over 5 million domains, 916 vulnerable platforms were found with 223 million records at risk. Only 1% of the companies contacted responded. The urgency of improving security measures is highlighted.
eSIM under attack: security risks in the mobile sector are growingThe challenge against identity theft in mobile networks: strategies and solutions to safeguard yourselfIn Russia there is an increase in mobile identity theft via eSIMs, used to illegally access banking services. Precaution and security measures such as strong passwords and two-factor authentication are recommended.
Cybersecurity challenges: the impact of GPT-4 on cyber-attacksThe age of advanced AI: how GPT-4 transforms web security paradigms and challenges industry professionalsGPT-4, an advanced artificial intelligence, has demonstrated the ability to hack websites without outside help, surpassing other AI models. This raises concerns about cybersecurity and drives the search for new protection strategies.
Microsoft cybersecurity initiativeTowards a more secure digital future: Microsoft leads the transition to longer RSA keysMicrosoft will increase security in Windows by no longer supporting 1024-bit RSA keys in favor of 2048-bit or higher ones, to improve the authenticity of TLS servers. This change will affect some existing infrastructure.
The challenges of cybersecurity in the era of artificial intelligenceInnovative tactics: cyberattacks evolve with AIThe article examines how artificial intelligence (AI) is used in advanced cyberattacks, to create personalized phishing emails, fool facial recognition systems, automate brute force attacks and develop self-adaptive malware.
New phishing strategies: malware evolves with Google SitesSophisticated cyber attack tactics: the use of Google Sites and advanced techniques in latest phishing schemeResearchers have discovered a malware campaign that uses fake Google Sites pages to spread AZORult, an information-stealing malware. It uses advanced techniques to avoid detection, aiming to steal sensitive data.
Angola Cyber Security Summit 2024Cybersecurity experts gather to define the future of digital protection in AngolaThe Cyber Revolution Summit, a 2-day event in Luanda, aims to strengthen cybersecurity in Angola through discussions and collaborations between experts, addressing the growing threat of cyber attacks.
New phishing campaign exploits AWS and GitHub to spread trojansSophisticated techniques and cloud services as vehicles for emerging threatsResearchers have discovered a phishing campaign that leverages AWS and GitHub to spread malware, such as the VCURMS and STRRAT RATs, via deceptive emails. These malware can steal sensitive data and receive commands from cybercriminals.
Cybersecurity challenges and strategies: the CISA case and vulnerability managementVulnerabilities, updates and training: key components in the fight against cyber attacksThe article discusses the importance of proactive cybersecurity management, highlighted by an attack on CISA due to outdated Ivanti systems. It highlights the need for timely updates, staff training and constant monitoring.
The zero-day underground market: Microsoft Office security challengesExploring the implications of undisclosed exploits in the Microsoft Office ecosystemA security forum has discovered the sale of a zero-day attack that attacks Microsoft Office. This bug, not known to the creators, allows hackers to execute malicious code. The seller is asking for $200,000 in bitcoin. Zero-days are a serious security threat.
The deep web black market and the new frontier of antivirus evasionThe challenge for IT specialists in countering sophisticated evasion strategies of the main antiviruses@HeartCrypt, on the deep web, offers advanced encryption to evade antivirus like Windows Defender, starting at $20. It promises undetectable .exe files and customizes the stub for each customer.
Cyber intrusion by a russian group: Microsoft in the crosshairsSecurity compromised: Microsoft faces attack from notorious russian cybercrime cellMicrosoft has been hit by a cyberattack from Midnight Blizzard, linked to Russia. Hackers have access to source code and company data, but without compromising customer services. Microsoft is notifying affected customers and taking security measures.
Cyber-attack hits the iconic Duvel MoortgatNightly barrage of cyberattacks brings the Belgian brewing giant to its knees, taking radical cybersecurity measuresDuvel Moortgat has been hit by a cyber attack, causing production to be suspended. The attack was claimed by Stormous. The company is working to resume operations and prevent future attacks, highlighting the importance of cybersecurity.
New attack strategies in Italy: the adaptability of phishingEvolution of cyber attacks: discovering personalized phishing tacticsCERT-AgID reported an evolution in phishing methods called "adaptive phishing", which customizes email attacks to increase their effectiveness, using authentic victim logos and websites.
Mogilevich's double game in the shadow of Epic GamesThe veil is lifted on Epic Games' data hoaxA group called Mogilevich simulated a ransomware attack against Epic Games, pretending to have stolen data. In reality, they wanted to scam other hackers, not Epic Games.
Silent infiltration: the malicious code epidemic on GitHubImpact of malicious code in repositories: security risks in software developmentCybercriminals have cloned over 100,000 GitHub repositories, inserting malware that steals sensitive data. They use deceptive forks and sophisticated techniques to hide malicious code.
Expert recommends: forget C and C++ for greater securityCyber security: the challenge of the modern era between obsolete languages and innovationUS experts warn of security risks in the C and C++ programming languages, which leave memory management to developers. More secure languages such as Rust or Go are recommended.
PayPal works on anti-fraud method for CookiesRevolutionary technology for recognizing and defending against fraudulent online intrusionsPayPal is developing new technology to defend super-cookies from hackers, using encryption to detect illicit access and increase online security.
Lazarus: sophisticated battle exploits zero-day security flaw in WindowsAnalysis and response to critical vulnerability revealed in WindowsThe Lazarus hacker group exploited a zero-day vulnerability in Windows to carry out attacks. Microsoft has released a patch to fix the problem. Experts recommend updates and vigilance for IT security.
Cyberespionage revealed: China's extended digital surveillanceMassive digital surveillance and influencing operation operated by Chinese entities discoveredA leak has revealed that China uses sophisticated surveillance and propaganda methods against dissidents, spending heavily to spread false information and spy via malware.
Eighth edition of CYSEC Qatar: a successful cybersecurity summitA crossroads of ideas and innovative solutions for cybersecurity in the heart of the Middle EastThe CYSEC Qatar 2024 cybersecurity conference has closed in Doha. Experts discussed digital security strategies and emerging technologies, with a particular focus on zero trust and cloud security.
Cyber Security & Cloud Congress: innovations in cyber security and cloudHigh-level meetings to define the future of digital protection and cloud infrastructuresThe Cyber Security & Cloud Congress will be held in June 2024 in California, with IT industry experts speaking about cybersecurity and cloud. It expects over 7,000 participants and information sessions.
LockBit's response to FBI actionsLockBit's technological revenge: post-attack updates and awarenessThe LockBit organization, after being attacked, reveals that it had a security flaw due to an outdated version of PHP and urges systems to be updated.
LockBit's tenacious activity despite global investigationsChallenges and countermeasures in the war against the LockBit cyber criminal groupLockBit, a cybercriminal group, continues to launch attacks despite international legal action. Security specialists have discovered new vulnerabilities exploited by the group and Trend Micro analyzes an advanced version of their malware.
Avast fined for illegitimate sale of web dataFines and restrictions imposed on cybersecurity company for misuse of personal dataThe FTC fined Avast $16.5 million for selling users' browsing data without consent. Avast will now have to obtain explicit permissions and delete collected data.
Record investments in cybersecurity in ItalySurge in IT security investments in response to advanced digital threatsIn Italy, spending on cybersecurity is growing, but we are still last in the G7. We need more training on AI and security. Criminals use AI for attacks, but companies are starting to adopt it to defend themselves.
KeyTrap: DNSSEC flaw discovered by researchersThe vulnerability puts the stability of DNSSEC at riskA vulnerability, called KeyTrap, has been discovered in the DNSSEC authentication system, potentially causing disruptions to DNS service. Safety solutions have been implemented to prevent damage.
Security Summit 2024: cybersecurity meets in MilanMilan becomes a stage for innovation in cybersecurityThe Security Summit 2024 will be held in Milan from 19 to 21 March, a key event for cybersecurity experts with workshops and discussion of new technologies.