AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Cyberpills.news

Kaspersky unveils new malware targeting the financial and cryptocurrency sectorsThe new malware that puts the financial and cryptocurrency system at risk: Kaspersky's warningThe cryptocurrency and financial sector is threatened by three new malware: Zanubis, AsymCrypt and Lumma. Zanubis is a banking Trojan that hides in legitimate applications on Android devices. AsymCrypt hits crypto wallets and is sold on underground forums. Lumma is an ever-evolving file stealer. It is...

BunnyLoader: the ever-evolving malware-as-a-serviceThe unstoppable threat making its way into the world of hackingBunnyLoader is a dangerous malware-as-a-service that is gaining popularity on the dark web. With advanced features such as clipboard stealing and remote command execution, it poses a significant threat to cybersecurity.

October 2023 security updates for Android: fixed two exploited vulnerability issuesSecurity risks for Android users: exploited vulnerabilities and spread of spyware on iPhoneGoogle has released the October 2023 security updates for Android, fixing 51 vulnerabilities, including 2 zero-days exploited in malicious attacks. These issues were reported by Apple and Citizen Lab and were used to spread spyware on iPhones. Additionally, a bug in the Arm Mali GPU driver that allowed...

Temu: Spyware or just an e-commerce app?An analysis of the allegations made by Grizzly Research against Temu, the e-commerce app, and considerations on the implications for data securityE-commerce app Temu has come under accusations of being spyware aimed at collecting user data. A study highlighted cybersecurity and financial security issues with the app, but it cannot be established with certainty whether the allegations are true. One must be cautious when considering the reliability...

UK businesses: growth in cyber incidents and security budget challengesA worrying picture: UK businesses face a growing challenge in cyber protectionUK businesses face a growing challenge in cyber protection, with a 25% increase in cyber incidents. However, limited budget and other factors remain weaknesses. New technologies such as artificial intelligence could help improve cybersecurity.

Critical vulnerabilities addressed in WS_FTP Server by Progress SoftwareThe implications of remediating vulnerabilities and recommended mitigation measuresProgress Software has resolved two critical vulnerabilities in WS_FTP Server, which allowed remote command execution by unauthenticated attackers. Users are recommended to update to the correct version or disable the ad hoc transfer feature.

Hacker attack on Sony: threat of data disclosureA new threat to Sony's data security: the tension increasesA Russian hacker group, known as Ransomed.vc, claims to have breached Sony's security systems and is holding sensitive customer data. They threaten to sell the data if a ransom is not paid. Sony is investigating the situation.

Effective cyber attack via images in the corporate environmentAn ingenious cyber attack that uses images to infiltrate companiesSpear-phishing emails with apparent images about the Armenia-Azerbaijan conflict hide malware that steals sensitive data. Management teams associated with Azerbaijani company targeted. The malware, written in Rust, creates temporary files to steal information during non-business hours.

Secure Code Warrior presents Devlympics 2023: the competition for the best IT professionalsDevlympics: programming challenges for the best IT developersSecure Code Warrior is organizing the third edition of the Devlympics competition, an event for developers of high-quality, secure code. Participants can measure their skills, climb the global leaderboard, and connect with industry experts to learn and improve.

Cyber attack paralyzes the Bermuda islands: government working to restore operationsExtensive checks are underway to determine the origin of the sophisticated cyber attack in the governmentBermuda suffered a major cyber attack last week, but there is no evidence of data theft. The government is restoring operations and building a more secure network. Difficulties have been encountered, but everything is expected to return to normal soon.

Cisco acquires Splunk for $28 billionCisco and Splunk join forces to create cutting-edge security solutionsCisco will acquire Splunk for $28 billion, with the goal of improving digital security and connecting everything securely. The union will make it possible to predict and prevent threats thanks to artificial intelligence, offering innovative solutions in the security and observability sector.

Air Canada: employees' personal data breachedFight against breaches of sensitive employee data and strengthen cybersecurity practicesAir Canada has revealed a breach of their internal systems, compromising employees' personal information. The company took immediate action, ensuring that no customer information was accessed. Air Canada is enhancing its security measures to protect employee data and remain operational.

Google fixes a new zero-day vulnerability exploited by a spyware vendorAn urgent patch has been released to protect users from espionage activity via a zero-day vulnerability in ChromeGoogle has released a Chrome update to address a zero-day vulnerability exploited by a spyware vendor. The stable version 117.0.5938.132 resolves the critical vulnerability identified as CVE-2023-5217. It is the sixth zero-day solved by Google in 2023.

The revolution of the Zero-Touch model for corporate IT securityA new approach to enhance the protection of corporate IT systemsThe article explains the concept of "Zero-Trust" in cybersecurity and how it is evolving with the introduction of the "Zero-Touch" model. This new approach aims to reduce human intervention and adopt Artificial Intelligence to optimize the management of protective devices.

Working group on the Intersection of AI and cybersecurityArtificial intelligence, an opportunity to strengthen cyber protectionThe R Street Institute has created a working group to examine the use of cybersecurity in Artificial Intelligence (AI). The group will discuss use cases, regulations and business practices. Members include representatives from the government, Google and academic institutions. AI has been used in cybersecurity...

Fake version of Bitwarden spreads ZenRAT malwareThe new ZenRAT malware uses the Bitwarden name to infect users: here's how it worksA new type of malware called ZenRAT is distributed through spoofed installation packages of the Bitwarden password manager. This malware steals sensitive information of Windows users, but redirects users of other operating systems to harmless pages.

Hackers trick Outlook by showing fake AV scansA sophisticated obfuscation technique tricks Outlook users with virus scanning scamsIn a new phishing trick called ZeroFont, cybercriminals obfuscate Outlook emails to appear to have been successfully scanned, tricking recipients. Organizations and employees must remain informed and alert to this technique to thwart phishing attacks.

New GPU.side-channel attack discovered: modern graphics cards vulnerableA serious security risk for graphics cards: the GPU.side-channel vulnerabilityA group of researchers has discovered a new cyber attack, called "GPU.zip", that exploits the data compression of modern graphics cards to reveal sensitive information during web browsing. Despite the report, no manufacturer has yet released a patch to fix the problem. The attack involves several GPU...

$17 million contract for Xage cybersecurity for Space Force networksA new milestone for cybersecurity: Xage partner of the Space ForceCybersecurity firm Xage has won a $17 million contract to protect the networks of the Space Force's Space Systems Command. Using "zero trust" technology, Xage will ensure the security of information networks and satellites. This collaboration will strengthen the security of the military organization's...

Tourism Digital Hub: agreements to support 20,000 businesses in the tourism supply chainA strategic partnership for the innovation and growth of the Italian tourism sectorThe Ministry of Tourism and Unioncamere have signed an agreement to involve 20,000 tourism businesses in the Tourism Digital Hub platform. This platform aims to enhance the Italian tourist offer on international markets and encourage the digitalisation of the sector. The tourism strategic plan also includes...

Launch of cybersecurity and IT apprenticeship program at University of Maine at AugustaA new approach to apprenticeships: smart investments for growth in IT and cybersecurityOn September 28, from 1:00 pm to 3:00 pm eastern time, the Maine Department of Labor (MDOL) and its Commissioner, Laura Fortman, will announce the launch of the Registered Apprenticeship (RA) program in cybersecurity and IT at the University of Maine at Augusta (UMA). This new initiative will offer employers...

Growing threat: Russian cyber warfare operations in UkraineThe increase in Russian attacks highlighted in the report of the Ukrainian cyber defense organizationRussian hackers targeted Ukrainian law enforcement agencies to gather information on war crimes investigations. Cyberattacks in Ukraine have increased, but defenses are improving. Russia integrates cyber warfare operations into its military strategies.

CYSEC 2023: cyber security in an increasingly interconnected worldThe new challenges in data protection and the search for innovative solutionsCYSEC 2023, a major cybersecurity event, took place in Abu Dhabi. The conference highlighted the need for collaboration between organisations, governments and individuals to counter digital threats. The use of artificial intelligence and machine learning to improve security and the importance of strengthening...

Rohan Massey's role in the tech industryMassey's key role in cyber breach management and regulatory compliance in the technology sectorThe article describes the role of Rohan Massey, partner at Ropes & Gray, in the technology sector. He focuses on regulatory compliance, data management, privacy and cybersecurity. Resolves data protection issues and manages cybersecurity breaches. It also addresses future challenges related to the convergence...

Ransomware Knight: the digital threat affecting ItalyThe serious threat that puts the security of Italian companies at risk: Ransomware KnightRansomware Knight attacks Italy: the dangerous malware targets companies and demands a ransom in Bitcoin. Protecting yourself from this ransomware is crucial by paying attention to suspicious emails and using telemetry and threat intelligence systems.

Password security: why standard policies are not enoughThe need to adopt advanced strategies to protect sensitive passwordsThe article warns about weaknesses in password policies and emphasizes that password complexity requirements are not enough. Stolen passwords are sold on the dark web and used in "credential stuffing" attacks. Organizations must defend themselves by promptly identifying and reporting compromised...

Deadglyph malware: government espionage in the Middle EastHigh modular flexibility and powerful data collection capabilities: the in-depth analysis of the Deadglyph malwareA sophisticated new malware, called Deadglyph, has been discovered in a cyber espionage attack against a government agency. It was attributed to the Stealth Falcon hacker group, serving the government of the United Arab Emirates. The malware is modular and can download new components from the control...

Digital Identity & Authentication: a new approach to cybersecurityNew perspectives for data protection in the digital identity eraThe Digital Identity & Authentication Summit provided an overview of the growing market and addressed challenges and opportunities in the Middle East. Experts have highlighted the importance of balancing convenience and security in the field of digital identity.

Apple fixes 3 more zero-day security issuesCritical updates to protect Apple users from zero-day attacksApple has identified three zero-day vulnerabilities affecting iPhone and Mac that have been exploited by cybercriminals. Affected devices include iPhone 8 and later, iPad mini 5th generation and later, Macs running macOS Monterey or later, and Apple Watch Series 4 and later. The vulnerabilities have...

China's offensive cyber operations in Africa to support soft power effortsChina's growing threat: cyber infiltration into Africa to consolidate its digital dominanceA Chinese-sponsored cyber group has attacked African telecommunications, financial and government organizations in a bid to gain information and competitive advantages. China has invested heavily in African telecommunications and uses these attacks to shape its influence in the region. Other threatening...

The need to acquire new skills to deal with artificial intelligenceLabor market transformation in the context of generative AI: challenges and opportunitiesWithin three years, 40% of workers will need to learn new skills to avoid obsolescence due to AI. The changes will be more visible to rank-and-file employees, and reskilling will be key to preserving their jobs. However, such changes will also provide growth opportunities and business benefits.

Signal prepares for the era of quantum attacksThe race for secure encryption: Signal prepares for the challenges of the digital futureThe article is about the Signal chat app which is gearing up to protect future communications from potential quantum computer attacks. Signal will implement new security measures to combat the risk of data decryption and ensure the privacy of conversations.

Data security: traditional data centers vs cloud environmentsData security: a comparative evaluation of traditional data centers and cloud environmentsThe article explains the differences in data security between traditional data centers and cloud environments. Data centers offer direct control and physical security, while cloud environments offer flexibility and advanced security features. The choice depends on the needs and resources of the o...

Zero Trust security: the importance of assigning the level of trust to corporate usersThe challenge of cybersecurity in the era of mobility and multi-device accessThe article discusses the importance of correctly assigning trust levels in corporate devices to ensure greater cybersecurity. We also talk about the challenges in identifying the user and the device used, and recommend reliable authentication methods, such as the use of digital certificates and hardware...

VenomRAT malware spread via fake WinRAR PoCA dangerous exploit exploiting WinRAR RCE vulnerability spreads VenomRAT malwareThreat actor releases fake PoC to exploit vulnerabilities in WinRAR, spreading VenomRAT malware via GitHub. Attacks of this type are common and target researchers analyzing vulnerabilities.

China accuses the United States of a long campaign of cyber espionage against Huawei's serversRevealing investigation: details of cyber attacks against Huawei revealed by China's Ministry of State SecurityChina's Ministry of State Security accuses the United States of hacking into Huawei's servers, stealing sensitive data and installing spying backdoors. The US NSA is accused of conducting systematic cyber attacks against China.

Microsoft AI inadvertently exposed 38TB of sensitive data: lessons to be learnedThe consequences of data breaches and implications for corporate cybersecurityMicrosoft AI accidentally exposed 38TB of sensitive data due to misconfiguration of SAS tokens. It is critical to implement adequate security controls and carefully monitor access to sensitive data to avoid incidents like this.

New HTTPSnoop malware attacks telecom providersA new cyber attack threatens the security of telecom companies with the HTTPSnoop malwareNew malware called HTTPSnoop and PipeSnoop are attacking telecommunications providers in the Middle East, allowing cybercriminals to execute remote commands and compromise system security. Strengthening security measures is necessary to protect these critical infrastructures.

Intel launches Project Amber to ensure the integrity of Trusted Execution EnvironmentsIntel's new integrity verification solution to ensure TEE securityIntel has launched a new attestation service called Project Amber, as part of the Trust Authority portfolio. This service ensures the authenticity and integrity of the environment by allowing organizations to verify that data has not been compromised. It also supports confidential AI and intelligent...

Cyber-mining danger: malicious package discovered on GitLabA seemingly innocuous Python library hides a persistent threat of unauthorized cryptocurrency miningA malicious package called "culturestreak" discovered on GitLab: it exploits system resources to mine the Dero cryptocurrency. Checkmarx launches API to detect compromised packages. Python developers at risk. "culturestreak" package downloads binary file for mining. Be careful when downloading packages...

Cyber attacks on the rise in Q2: the report from Swascan's SOC and Threat Intelligence TeamThe importance of an agile and aware defense against cyber threatsThe report from Swascan's SOC and Threat Intelligence Team reveals that there was a significant increase in cyber attacks in the second quarter, including ransomware, phishing and malware. It is essential to adopt advanced defense strategies and train personnel to limit cyber risk.

Trend Micro addresses a serious vulnerability that allows remote code executionTimely resolution of a serious vulnerability in Trend Micro's Apex One solutionTrend Micro has successfully patched a serious zero-day vulnerability in Apex One, its endpoint security solution. Attackers were exploiting this flaw, so it is important to update affected products to protect systems.

Cyber espionage: Earth Lusca uses new Linux malwareA sophisticated cyber espionage attack endangers the security of Linux networksA China-linked cyber espionage actor known as "Earth Lusca" has begun using a Linux backdoor with features that appear to be inspired by previously known malware tools. The malware, named “SprySOCKS” by Trend Micro researchers, is a Linux variant of “Trochilus,” a remote access Trojan for Windows whose c...

ICC victim of serious cyber attack, investigations underwayThe ICC takes action to protect its digital integrity and ensure the operation of investigationsThe International Criminal Court (ICC) is dealing with a major cybersecurity incident. The ICC investigates war crimes in Ukraine and has taken measures to manage the situation. This is not the first cyber attack on the ICC and raises concerns about the security of the investigation.

Nearly 12,000 Juniper firewalls vulnerable to a recent RCE flaw discoveredA detailed analysis of the recent RCE vulnerability in Juniper firewalls and how it was exploitedResearch has found that more than 12,000 Juniper firewalls across the Internet are vulnerable to a recent security flaw. Attackers can execute malicious code without authentication by exploiting a vulnerability in the J-Web component of Junos OS. Juniper Networks released a patch to fix the issue last...

The digital war: cyber attacks from Russia threaten ItalyThe need for a strategic response: Italy and the emerging cyber frontThe article discusses how the conflict in Ukraine has demonstrated the role of cyber warfare, with Russia launching cyber attacks on Italy. The importance of cybersecurity and regulatory changes are highlighted, along with the need for training and awareness. Liguria is commended for its efforts in protecting...

Cybersecurity excellence Awards 2024: applications openThe prestigious opportunity to be recognized for excellence in cybersecurityThe 2024 Cybersecurity Excellence Awards are open for nominations. These global awards recognize excellence in the cybersecurity industry and provide visibility and benefits to winning companies and professionals. Everyone can participate by sending applications by February 10, 2024.

Clorox fights the consequences of a cyber attackCybersecurity challenges in the industrial sector: the impact of a cyber attack on CloroxClorox is facing difficulties due to a cyber attack that affected the availability of its products. The company is working to repair the damage and restore production. The attack will have a financial impact in the first quarter and highlights the importance of cyber security measures. MGM Resorts also...

ISMG Cybersecurity Summit: an immersive experience in the Solution Room in LondonCyber security and leadership in the age of Artificial Intelligence: summit showcase in LondonThe ISMG Cybersecurity Summit comes to London with experts and industry leaders to delve into the latest cybersecurity trends and strategies. The summit features high-level sessions, such as the BBC's Helen Rabe keynote, and offers immersive experiences such as the Solution Room. The event emphasizes...

IT-Alert tests are arriving in Lombardy, Basilicata and Molise: possible risks of online scamsSecurity measures to adopt during IT-Alert tests: expert advice to protect your online privacyIT-Alert is an alarm system used by the Civil Protection to disseminate messages of public utility. However, cybersecurity experts raise concerns about phishing risks. Adrianus Warmenhoven, an online security expert, recommends being aware of the warnings, not clicking on suspicious links and installing...