Cyberpills.news

Joint operation dismantles Ragnar Locker ransomware groupThe dangerous ransomware group has fallen: news of an unprecedented international operationAn international operation has led to the arrest of the criminal group responsible for the Ragnar Locker ransomware, known for attacks on critical infrastructure. The action was coordinated by Europol and Eurojust, involving 11 countries including Italy, and sends a clear message to hackers who act with...

Canadian hospitals under cyber attack: suspected ransomwareAn attack that puts the security of sensitive data and the functioning of crucial healthcare facilities at riskIn a cyberattack, Transform, an IT services provider for hospitals in Ontario, was possibly the victim of a ransomware attack. 5 hospitals, including Windsor Regional Hospital, were severely affected. Cyberattacks in the healthcare sector are increasingly common and companies must protect themselves...

Flipper Zero: new risks for Android and Windows devicesAn in-depth analysis of the implications and countermeasures against the bluetooth spam attack brought by Flipper ZeroThe recent Flipper Zero firmware update introduces a new feature, "bluetooth spam", which can cause annoyance by sending unwanted notifications to nearby Android and Windows devices. You can protect your devices and turn off notifications to prevent inconvenience.

Dark Patterns Buster Hackathon 2023: fighting consumer manipulationDark Pattern Fighting Hackathon: innovative solutions against deception in e-commerce sitesDark Patterns Buster Hackathon 2023: Opportunity to Counter Dark Patterns on E-Commerce Platforms. The event promotes innovative apps and software to detect and regulate dark patterns. The best proposals will be rewarded and the final objective is to guarantee safe and transparent navigation for...

Raven: Open-source CI/CD pipeline securityFind out how Raven can improve the security of your CI/CD pipelinesRaven is an open-source security scanner for CI/CD pipelines. Identify risks and vulnerabilities, analyzing workflows on GitHub and reporting any issues. It is available for free on GitHub.

Growing concerns about generative AI threatsThe growing need for protection against evolving generative AI threatsRecent GEMSERV research has shown grave concerns about new threats from generative AI to global organizations. 83% of participants believe that generative AI will drive future cyberattacks, but only 16% think their organizations truly understand advanced AI tools. These threats require adequate preparation,...

The security framework for satellite systemsThe protection of space systems from the growing threat of cyber attacksThis article analyzes the need to implement a cybersecurity framework to protect satellite systems from cyber threats, proposing the use of the NIST Cybersecurity Framework as an effective solution.

The cybersecurity challenge for Italian SMEsAnalysis of the Cyber Index PMI 2023 ReportThe Cyber Index PMI 2023 Report reveals that Italian SMEs are poorly prepared against cyber threats. There is an urgent need to promote a culture of cybersecurity and invest in training and advanced solutions. Only in this way will SMEs be able to successfully face the challenges of cybersecurity and...

Quishing: the new cyber scam that threatens online securityWhat you need to know to protect yourself from this ever-evolving cyber scamQuishing is a new cyber threat that uses SMS to trick victims and steal personal information. You should avoid clicking on suspicious links and keep your devices secure to protect yourself from this scam. #safety #quishing

Worrying increase in ransomware attacks in 2023The sectors most affected and the implications for cybersecurityCorvus Insurance report shows that ransomware attacks increased by 95% in 2023 compared to the previous year. CL0P Group was responsible for much of the activity, but other industries such as law firms, government agencies and the oil sector saw significant increases. It is essential to implement adequate...

Decrease in cyber attacks in KenyaImprovements in the technical skills of cybersecurity personnel have contributed to the reduction in incidentsIn the third quarter, there was an 11% decrease in cyber attacks in Kenya, thanks to improved training of cybersecurity staff and increased cybersecurity awareness. However, Kenya remains the third most affected country in the region, with frequent system attacks, including a DDoS attack on the e-citizen...

Google Chrome's new protection will hide users' IP addressesA step forward for privacy: Google Chrome aims to protect users by hiding IP addressesGoogle is working on a new feature called "IP Protection" to hide the IP addresses of Chrome users, thus improving privacy. IP protection will use proxy servers to make IP addresses invisible to websites. This may raise security concerns, but Google is considering solutions such as authenticating users...

Phishing attacks in the hospitality industry: new research from AkamaiIncreased levels of complexity in hospitality phishing campaignsAkamai research has detected sophisticated phishing attacks in the hospitality industry. Hackers are using DNS exploits to target both staff and customers, stealing data and damaging reservations. Akamai analyzes domains used by attackers to identify patterns and protect users.

Economy criminal hackersDetailed analysis of cybercriminal tactics in the digital economy landscapeThe article describes the strategies used by cybercriminals to commit computer fraud and extortion, exploiting cryptocurrencies such as Bitcoin. We are talking about ransomware, double extortion, DDoS attacks and scams based on the psychological deception of victims. Extortion strategies, which take...

Spanish operation against cybercriminals: 34 members arrestedTwist in the investigation: 34 arrests in an operation against cybercrime in SpainSpanish Police have arrested 34 members of a criminal organization specializing in cyber scams, which stole the data of 4 million people and monetized the data. The scammers posed as delivery companies and energy suppliers, and used insiders to divert goods.

A higher education cybersecurity center in LouisianaProtection and education: new LSU center defends educational institutions from cyber attacks and prepares students for the futureLSU has opened a new cybersecurity center to defend educational institutions from hackers and train students. In collaboration with TekStream and Splunk, the university aims to become a national cybersecurity benchmark. The center will also use the state's research and development network to expand the...

Philippine army: creation of cyber commando against hackersIncrease in cyber threats pushes Philippine military to boost cyber defenseThe Philippine Army is establishing a cyber commando to counter cyberattacks and will recruit information technology experts. Improvements in equipment and international cooperation are planned to strengthen the country's cyber defense. National security requires an integrated cybersecurity strategy...

Digital cities: security, regulations and rightsDiscussion between experts for a digital city that is safe and respectful of citizens' rightsThe conference in Rome brought together physical and cyber security experts to discuss new digital and secure cities. The main objective of the event was to analyze the impact of technologies on the social life and data protection of citizens. The institutional representatives underlined the importance...

North Korean attacks exploit flaw in JetBrains TeamCityDetails of Lazarus Group attacks on JetBrains TeamCity vulnerabilitiesMicrosoft reported North Korean attacks on JetBrains TeamCity, exploiting a serious security flaw. The attacks aim to compromise servers and use various techniques, including Trojans and custom proxies. Microsoft attributed the attacks to known groups linked to the North Korean government.

Study opportunities for cybersecurity experts: Cisco offers 1000 scholarshipsCisco invests in training to counter cyber threatsCisco has launched the Cybersecurity Scholarship program to train 1000 cybersecurity experts in Italy for free. The program includes online lessons, webinars and final workshops, with the possibility of obtaining a Cisco Certified Support Technician - Cybersecurity certification. Applications are open...

The worrying password vulnerability in IT administratorsSignificant cyber security risks: the immense danger of weak passwords in the IT industryThe article reveals that many IT administrators use weak passwords, such as "admin", across more than 40,000 administrative portals. The increase in the use of default and easy-to-guess passwords is highlighted. Researchers highlight the need to protect passwords and prevent malware infection to ensure...

Cybersecurity crisis in the Middle EastThe challenge of Israeli companies in combating cybercrime in the Middle EastThe crisis in the Middle East threatens Israeli start-ups, but they demonstrate resilience, defending themselves from cyber attacks and contributing to innovation in the cybersecurity sector.

Risks of AI in technological warfare: the chinese threatThe risks of chinese technological supremacy and the impact on AI in technological warfareThe FBI and the White House warn of the danger of artificial technologies and artificial intelligence, which can be used against them and harm local businesses. China is identified as the main security threat.

Corporate data breach: D-Link responds promptlyD-Link's immediate reaction to corporate data breach reveals details of attack and reassures customersD-Link, Taiwanese company, confirms data breach. The breach was due to a phishing attack on an old, outdated system. Stolen data is few and not sensitive. Company took immediate action.

Google Dark Web: the new service for the security of your accountsProtect your sensitive data: Learn how Google's Dark Web Report can help you maintain the security of your accountGoogle has made its Dark Web service available to everyone, to protect users' accounts and personal information. The Google Dark Web Report monitors the dark web for possible data breaches and provides additional paid features. Users can use the Google app and Password Manager to protect their cr...

Fight against cybercrime and fake news, Google finances two Italian projectsA new era for cybersecurity: Google invests in innovation made in ItalyGoogle has selected two Italian projects to receive funding as part of the Impact Challenge: Tech for Social Good. One involves identifying cyber vulnerabilities of SMEs, the other helps older people detect and counter cyber attacks. Google will invest 4 million euros in these initiatives, which will...

Exploiting Discord in critical infrastructure threatsAn insidious trend: the growing use of Discord as a tool to attack critical infrastructureNew findings show that state-run hacker groups are using Discord to attack critical infrastructure, exploiting its content delivery network and stealing sensitive data via webhooks. Loaders such as SmokeLoader and PrivateLoader download malicious payloads from Discord's CDN.

Signal's alleged zero-day flaw affecting link previewsSigns of uncertainty: how to protect yourself from possible threatsSignal has rejected accusations of an alleged zero-day flaw, but there may be a risk linked to link previews. We recommend disabling previews, keeping the app updated, and taking precautions such as two-factor authentication and avoiding suspicious links.

Siemens launches SINEC Security Inspector, a new test suite for industrial network securityA new tool to ensure the protection and integrity of industrial networks, improving cybersecurity in the manufacturing sectorSiemens has expanded its portfolio of cybersecurity solutions, launching SINEC Security Inspector, a security test suite that helps identify and mitigate cyber vulnerabilities in the manufacturing industry. The open framework integrates third-party security tools and offers an efficient way to control...

Serious zero-day vulnerability in Cisco's IOS XE software: attackers can take control of routers and...Serious security risk for Cisco devices: a zero-day vulnerability puts routers and switches at riskCisco has found a serious vulnerability in its IOS XE software that allows unauthenticated hackers to gain full administrator privileges and remote control of routers and switches. To mitigate risk, Cisco recommends disabling the HTTP server feature on devices exposed to the Internet.

Serious Equifax security breach fined £11.1mA lesson on personal data management in the digital age: the Equifax caseThe Financial Conduct Authority (FCA) has fined Equifax £11,164,400 for a serious cybersecurity breach. Equifax failed to properly manage the security of UK consumer data, allowing hackers to access millions of personal details. The breach was made worse by Equifax's poor handling of the incident...

Hamas-Israel war: the escalation of virtual operationsThe digital arena: The new frontier in the Hamas-Israel warThe recent conflict between Hamas and Israel has demonstrated the use of digital warfare and disinformation operations to control the narrative and influence public opinion. Involving external actors, such as hackers and Russia, this hybrid warfare requires attention and a coordinated response from the...

Google: news for the security of Android and iOS usersAn important series of improvements for the security and privacy of both Android and iOS usersIn celebration of Cyber Security Month, Google announced three new improvements for users. On Android it will be possible to delete browsing data from the last 15 minutes, Google Password Manager will become the default provider for passwords on iOS and it will be easier to access the report on the dark...

Email delivery issues in Exchange Online: Microsoft investigatingLearn more about causes and impactsMicrosoft is investigating email delivery issues in Exchange Online, causing "Server Busy" errors and delays in receiving external emails. The problems could be related to the incorrect application of anti-spam rules. There have also been previous problems accessing email inboxes.

The end of VBScript: Microsoft is committed to ending the use of the outdated scripting languageA major change for cybersecurity: Microsoft abandons VBScript for greater protectionMicrosoft will phase out VBScript from future versions of Windows to combat the spread of malware. This decision is part of a broader strategy to increase the security of Windows systems and provide users with a more reliable computing experience.

Record DDoS attacks: fixes quickly releasedHTTP2 vulnerability exploited by large-scale DDoS attacks: here are the solutionsWeb server vendors address Rapid Reset vulnerability in HTTP2 protocol that caused DDoS attacks. Fixes have been released for many affected products. Large DDoS attacks have been mitigated thanks to a zero-day vulnerability in the HTTP/2 protocol called HTTP/2 Rapid Reset.

Cyber attack on the Province of Cosenza: the imperative of robust digital securityThe need for advanced cyber defense against ransomware: lessons from the attack on the Province of CosenzaThe provincial administration of Cosenza was hit by a ransomware cyber attack, making data inaccessible and demanding a ransom. Despite the attack, the administration refused to pay, showing determination to recover the encrypted data. We highlight the importance of adopting advanced digital security...

Cloudflare: the incident that caused DNS resolution issuesCloudflare's implications and solutions for the DNS resolution incidentDNS service provider Cloudflare experienced a DNS resolution error that caused internet access issues for many users. The error was caused by an internal software error at Cloudflare and not by an external attack. Cloudflare is working to prevent future errors and apologizes for the incident.

Cyberlum Academy: training to counter cyber attacksImproving the preparation of security experts in the IT sector: the mission of the Cybellum AcademyThe Cybellum Academy is an institution dedicated to training and offering content on cybersecurity. Offers courses on product security and vulnerability management to thwart cyber attacks on critical devices.

Office employees' risky cyber security habitsThe challenges of cybersecurity awareness in work contextsAccording to a study by Ivanti, many employees do not consider their actions relevant to corporate security. Younger workers have less secure habits, while regional differences point to gaps in cybersecurity training. It is essential to create a collaborative culture, avoiding problems for end us...

Hacking black market: traffic of bugs and exploits on the riseBlack market explosion: searching for vulnerabilities in the digital ageHacking mobile phones, particularly via apps like WhatsApp, is becoming increasingly expensive. Zero-day vulnerabilities have reached very high prices, demonstrating the importance of investing in security. Illegal trafficking in malware and spyware is growing, putting users' online privacy at risk....

Japan and eight ASEAN nations strengthen cybersecurity collaborationThe creation of a joint defense network between Japan and ASEAN to address cyber threatsJapan and eight ASEAN countries have agreed to collaborate in the area of cybersecurity to counter alleged cyberattacks and strengthen national cyber defense. The commitment was made during the conference in Tokyo.

APIs and their fragility in the digital contextThe need for API-centric cybersecurity to protect digital applicationsAPIs are essential but vulnerable. Their widespread use and lack of adequate oversight facilitate cyberattacks. Enterprises must adopt protection strategies, detect anomalous behavior and involve developers and company departments in security.

Soft skills: an ongoing challenge for the cybersecurity sectorChallenges and opportunities for cybersecurity professionals in the digitally advanced job marketA new report from ISACA highlights gaps in cybersecurity professionals, such as interpersonal skills, cloud computing and security measures. There are shortages of specialized personnel and difficulties in retaining talent. The most sought after skills are identity and access management, cloud computing,...

LLMs reduce the barrier to entry into cybercrimeThe growing threat of chatbots in the field of cybercrime: a new ally for cybercriminalsCybercriminals' use of chatbots and advanced language models makes phishing campaigns increasingly effective, with threats constantly evolving. Traditional security tools often fail to detect these attacks, causing growing concern in the cybersecurity industry.

Lyca Mobile services disrupted by cyber attackThe consequences of the attack and the ongoing investigationsA cyber attack has disrupted the services of mobile provider Lyca Mobile, preventing users from accessing services and causing operational problems. The company is investigating possible personal data breaches.

A multifaceted scourge that knows no rest: the persistent rule of NecursDefeating the dark lord of cyberspace: the never-ending fight against NecursNecurs is a botnet that distributes malware for data theft and financial damage, demonstrating great adaptability and difficulty in countering it. Recent speculation about his possible disappearance still remains uncertain.

Google and Yahoo strengthen email anti-spam protectionsThe future of email: raising your guard against phishing attacks and spamGoogle and Yahoo have announced new requirements to combat email spam and phishing. Starting next year, senders of bulk messages will be required to authenticate their messages and offer users the ability to easily unsubscribe from commercial emails. Clear criteria will be introduced to avoid sending...

Mozilla warns of fake Thunderbird downloads distributing ransomwareRansomware threats via fake Thunderbird downloads are on the riseMozilla has warned of scams offering Thunderbird downloads, used by ransomware group Snatch to spread malware. Users are advised to download Thunderbird only from trusted websites to protect themselves from ransomware attacks.

Cyber attacks: a magnifying glass on securityRevealing hidden vulnerabilities: an in-depth analysis of cyber attacksCyberattacks highlight gaps in corporate security, but it's important to combat hackers who abuse user data to commit fraud. The article highlights that companies need to invest in advanced technologies, train staff and take appropriate security measures to protect users.