AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Cyberpills.news

Trivy by Aqua Security: Kubernetes vulnerability scanAn innovative solution to ensure the security of Kubernetes clustersAqua Security announced that their Trivy solution now supports vulnerability scanning for Kubernetes components, improving security and reducing risk for businesses. The scan uses the KBOM to identify any security issues and ensure visibility and security of the Kubernetes cluster. Aqua Security is committed...

The challenge of preventive cybersecurityAddressing digital security challenges in the context of evolving cyber risksThe article highlights the challenges of preventative cybersecurity, highlighting how most organizations are unable to prevent 100% of cyber attacks. The need for a specialized workforce to manage cybersecurity tools is also highlighted, as well as the frequency of meetings on critical business systems....

Exponential increase in cyber attacks in IndiaDramatic increase in cyber threats in the Indian nation: a worrying overviewA report by Indusface reveals that India suffered over 1.6 billion cyber attacks in the second quarter of 2023, registering a 70% increase. DDoS attacks have increased with the main victims being India, the United States, Germany and the United Kingdom. The report also highlights over two billion blocked...

Discord will adopt temporary links to block malware attacksA strategic move to protect the platform and users from malware threats on DiscordDiscord will implement temporary links later this year to block the use of its CDN to spread malware. This will help limit access to suspicious content and reduce malware distribution via the application. Users who share content will not have major changes, but the links will expire for 24 hours. Discord...

Citrix Bleed: vulnerability in the two-factor authentication systemAn alert for the security of devices in the cloud and data centersThe article concerns the Citrix Bleed vulnerability, which compromises two-factor authentication systems. This vulnerability puts sensitive information at risk and can be exploited by ransomware attacks. It is important to immediately install the security patch released by Citrix to protect your...

Cybersecurity, a huge challenge for Israeli startupsThe resilience of Israeli cybersecurity startups during times of warThe war between Israel and Hamas has hit Israeli cybersecurity startups, increasing cyber attacks and causing the temporary loss of personnel recalled to the army. Despite the challenges, these companies remain confident of overcoming the situation and contributing to the cybersecurity industry.

A critical Atlassian bug has been discovered that requires an immediate updateAtlassian issues an urgent warning to Confluence usersConfluence attack in progress: Exploit code released publicly. All versions of Atlassian Data Center and Server are affected. Over 24,000 systems exhibited, mostly in the United States, China, Germany and Japan. Urgent fix recommended.

Generative AI tools to win in cybersecurityA new approach to defend against cyber threatsGenerative Artificial Intelligence (AI) represents a revolutionary opportunity for cybersecurity. SentinelOne presented Purple AI, a system that improves the ability to detect threats. Adopting AI brings challenges but also opportunities for cybersecurity. Using data from security tools can transform...

The rise of WormGPT: the danger of new cyber attacksGenerative artificial intelligence at the service of cybercrime: the new dangers of WormGPTWormGPT, a new generative AI, is worrying cybersecurity experts. This tool, without ethical limits, allows you to create sophisticated attacks on Australian businesses. Attackers use it to send convincing phishing emails and steal identities. It is an emerging threat in the field of cybersecurity.

Thousands of Apache ActiveMQ servers at risk of compromiseA dangerous vulnerability jeopardizes the security of Apache ActiveMQ serversMore than 3,000 Apache ActiveMQ servers are at risk due to remote code vulnerability. Attackers can execute shell commands and steal data. Apache has released fixes, but many vulnerable servers are still in China, the United States, Germany, India, the Netherlands, Russia, France and South Korea.

Audio steganography: hiding and revealing informationHarnessing the art of indistinguishability: the new face of audio steganographyThe article talks about the practice of steganography in hiding information in audio files and the different techniques used. Countermeasures and tools available to detect the presence of hidden information are also mentioned.

New vulnerabilities in the NGINX Ingress Controller for KubernetesThreats to the integrity and security of Kubernetes clustersThree new high-severity vulnerabilities have been discovered in the NGINX Ingress Controller for Kubernetes, which could allow an attacker to steal credentials from the cluster. The vulnerabilities involve path sanitization, annotation injection, and code injection. The suggested solution is to update...

Apple warns: enable Lockdown mode to protect your devicesMaximum protection: Apple's Lockdown mode, a weapon against sophisticated cyber attacksApple warns of cyber attacks and introduces Lockdown mode to protect iOS devices. The feature limits the device's capabilities to protect against attacks. Users can enable it in settings, but it can cause workflow disruptions.

Porsche expands its cybersecurity activitiesAutomotive giant Porsche invests in cybersecurity to protect its digital productsPorsche will launch a bug bounty program in October to improve the security of its digital products. External researchers can report vulnerabilities and receive financial reward. Porsche employees are not eligible to participate. Defined response times.

WeChat and Kaspersky apps banned on government devices in CanadaA necessary action to ensure the integrity of sensitive Canadian government dataCanada announced a ban on Tencent and Kaspersky apps on government mobile devices, citing privacy and security risks. WeChat, a popular Chinese app, has been banned due to concerns over its origins. Kaspersky criticized the ban as political.

Nightshade: artists' secret weapon against the abuse of artificial intelligenceA new way to defend artistic creativity: Nightshade and its conspiracy against the abuse of generative AINightshade is a revolutionary tool that protects artistic works from abuse by generative artificial intelligences. It works by poisoning AI models, making results inaccurate and unusable for tech companies. Artists can take back control with this tool.

Wiki-slack attack: how business professionals are redirected to malicious websitesThe risks of link manipulation: the new method of hijacking corporate communicationsSecurity experts at eSentire have discovered a new attack called “Wiki-Slack,” which uses edits to Wikipedia pages to redirect Slack users to malicious websites containing malware. It is necessary to raise awareness among companies about this type of attack and integrate cyber resilience into business pro...

Gender equality in the tech sector: women's representation on the riseThe core competencies of the CISO in the technology sector: a gender-inclusive perspectiveThe article argues that while there has been progress in gender equality in the technology sector in Australia, female representation is still low in cybersecurity. To become a successful CISO, you need skills such as leadership, risk management and communication. Talent diversity and exploring non-traditional...

LockBit ransomware group targets BoeingAn anti-ransomware defense plan is essential for companies like BoeingHacking group LockBit has targeted Boeing, threatening to release stolen data if they don't pay a ransom. LockBit has hacked many multinationals and earned millions of dollars. Boeing is investigating the situation and promises an update. Previous LockBit attacks may also involve Boeing.

iOS threat discovered: Apple's waterproofness called into questionKaspersky discovery reveals new security threats to iOS devicesKaspersky has discovered a new threat to Apple devices called "Operation Triangulation". The attacks occur via iMessage and Safari. Apple responded with a software update to protect users.

Joint operation dismantles Ragnar Locker ransomware groupThe dangerous ransomware group has fallen: news of an unprecedented international operationAn international operation has led to the arrest of the criminal group responsible for the Ragnar Locker ransomware, known for attacks on critical infrastructure. The action was coordinated by Europol and Eurojust, involving 11 countries including Italy, and sends a clear message to hackers who act with...

Canadian hospitals under cyber attack: suspected ransomwareAn attack that puts the security of sensitive data and the functioning of crucial healthcare facilities at riskIn a cyberattack, Transform, an IT services provider for hospitals in Ontario, was possibly the victim of a ransomware attack. 5 hospitals, including Windsor Regional Hospital, were severely affected. Cyberattacks in the healthcare sector are increasingly common and companies must protect themselves...

Flipper Zero: new risks for Android and Windows devicesAn in-depth analysis of the implications and countermeasures against the bluetooth spam attack brought by Flipper ZeroThe recent Flipper Zero firmware update introduces a new feature, "bluetooth spam", which can cause annoyance by sending unwanted notifications to nearby Android and Windows devices. You can protect your devices and turn off notifications to prevent inconvenience.

Dark Patterns Buster Hackathon 2023: fighting consumer manipulationDark Pattern Fighting Hackathon: innovative solutions against deception in e-commerce sitesDark Patterns Buster Hackathon 2023: Opportunity to Counter Dark Patterns on E-Commerce Platforms. The event promotes innovative apps and software to detect and regulate dark patterns. The best proposals will be rewarded and the final objective is to guarantee safe and transparent navigation for...

Raven: Open-source CI/CD pipeline securityFind out how Raven can improve the security of your CI/CD pipelinesRaven is an open-source security scanner for CI/CD pipelines. Identify risks and vulnerabilities, analyzing workflows on GitHub and reporting any issues. It is available for free on GitHub.

Growing concerns about generative AI threatsThe growing need for protection against evolving generative AI threatsRecent GEMSERV research has shown grave concerns about new threats from generative AI to global organizations. 83% of participants believe that generative AI will drive future cyberattacks, but only 16% think their organizations truly understand advanced AI tools. These threats require adequate preparation,...

The security framework for satellite systemsThe protection of space systems from the growing threat of cyber attacksThis article analyzes the need to implement a cybersecurity framework to protect satellite systems from cyber threats, proposing the use of the NIST Cybersecurity Framework as an effective solution.

The cybersecurity challenge for Italian SMEsAnalysis of the Cyber Index PMI 2023 ReportThe Cyber Index PMI 2023 Report reveals that Italian SMEs are poorly prepared against cyber threats. There is an urgent need to promote a culture of cybersecurity and invest in training and advanced solutions. Only in this way will SMEs be able to successfully face the challenges of cybersecurity and...

Quishing: the new cyber scam that threatens online securityWhat you need to know to protect yourself from this ever-evolving cyber scamQuishing is a new cyber threat that uses SMS to trick victims and steal personal information. You should avoid clicking on suspicious links and keep your devices secure to protect yourself from this scam. #safety #quishing

Worrying increase in ransomware attacks in 2023The sectors most affected and the implications for cybersecurityCorvus Insurance report shows that ransomware attacks increased by 95% in 2023 compared to the previous year. CL0P Group was responsible for much of the activity, but other industries such as law firms, government agencies and the oil sector saw significant increases. It is essential to implement adequate...

Decrease in cyber attacks in KenyaImprovements in the technical skills of cybersecurity personnel have contributed to the reduction in incidentsIn the third quarter, there was an 11% decrease in cyber attacks in Kenya, thanks to improved training of cybersecurity staff and increased cybersecurity awareness. However, Kenya remains the third most affected country in the region, with frequent system attacks, including a DDoS attack on the e-citizen...

Google Chrome's new protection will hide users' IP addressesA step forward for privacy: Google Chrome aims to protect users by hiding IP addressesGoogle is working on a new feature called "IP Protection" to hide the IP addresses of Chrome users, thus improving privacy. IP protection will use proxy servers to make IP addresses invisible to websites. This may raise security concerns, but Google is considering solutions such as authenticating users...

Phishing attacks in the hospitality industry: new research from AkamaiIncreased levels of complexity in hospitality phishing campaignsAkamai research has detected sophisticated phishing attacks in the hospitality industry. Hackers are using DNS exploits to target both staff and customers, stealing data and damaging reservations. Akamai analyzes domains used by attackers to identify patterns and protect users.

Economy criminal hackersDetailed analysis of cybercriminal tactics in the digital economy landscapeThe article describes the strategies used by cybercriminals to commit computer fraud and extortion, exploiting cryptocurrencies such as Bitcoin. We are talking about ransomware, double extortion, DDoS attacks and scams based on the psychological deception of victims. Extortion strategies, which take...

Spanish operation against cybercriminals: 34 members arrestedTwist in the investigation: 34 arrests in an operation against cybercrime in SpainSpanish Police have arrested 34 members of a criminal organization specializing in cyber scams, which stole the data of 4 million people and monetized the data. The scammers posed as delivery companies and energy suppliers, and used insiders to divert goods.

A higher education cybersecurity center in LouisianaProtection and education: new LSU center defends educational institutions from cyber attacks and prepares students for the futureLSU has opened a new cybersecurity center to defend educational institutions from hackers and train students. In collaboration with TekStream and Splunk, the university aims to become a national cybersecurity benchmark. The center will also use the state's research and development network to expand the...

Philippine army: creation of cyber commando against hackersIncrease in cyber threats pushes Philippine military to boost cyber defenseThe Philippine Army is establishing a cyber commando to counter cyberattacks and will recruit information technology experts. Improvements in equipment and international cooperation are planned to strengthen the country's cyber defense. National security requires an integrated cybersecurity strategy...

Digital cities: security, regulations and rightsDiscussion between experts for a digital city that is safe and respectful of citizens' rightsThe conference in Rome brought together physical and cyber security experts to discuss new digital and secure cities. The main objective of the event was to analyze the impact of technologies on the social life and data protection of citizens. The institutional representatives underlined the importance...

North Korean attacks exploit flaw in JetBrains TeamCityDetails of Lazarus Group attacks on JetBrains TeamCity vulnerabilitiesMicrosoft reported North Korean attacks on JetBrains TeamCity, exploiting a serious security flaw. The attacks aim to compromise servers and use various techniques, including Trojans and custom proxies. Microsoft attributed the attacks to known groups linked to the North Korean government.

Study opportunities for cybersecurity experts: Cisco offers 1000 scholarshipsCisco invests in training to counter cyber threatsCisco has launched the Cybersecurity Scholarship program to train 1000 cybersecurity experts in Italy for free. The program includes online lessons, webinars and final workshops, with the possibility of obtaining a Cisco Certified Support Technician - Cybersecurity certification. Applications are open...

The worrying password vulnerability in IT administratorsSignificant cyber security risks: the immense danger of weak passwords in the IT industryThe article reveals that many IT administrators use weak passwords, such as "admin", across more than 40,000 administrative portals. The increase in the use of default and easy-to-guess passwords is highlighted. Researchers highlight the need to protect passwords and prevent malware infection to ensure...

Cybersecurity crisis in the Middle EastThe challenge of Israeli companies in combating cybercrime in the Middle EastThe crisis in the Middle East threatens Israeli start-ups, but they demonstrate resilience, defending themselves from cyber attacks and contributing to innovation in the cybersecurity sector.

Risks of AI in technological warfare: the chinese threatThe risks of chinese technological supremacy and the impact on AI in technological warfareThe FBI and the White House warn of the danger of artificial technologies and artificial intelligence, which can be used against them and harm local businesses. China is identified as the main security threat.

Corporate data breach: D-Link responds promptlyD-Link's immediate reaction to corporate data breach reveals details of attack and reassures customersD-Link, Taiwanese company, confirms data breach. The breach was due to a phishing attack on an old, outdated system. Stolen data is few and not sensitive. Company took immediate action.

Google Dark Web: the new service for the security of your accountsProtect your sensitive data: Learn how Google's Dark Web Report can help you maintain the security of your accountGoogle has made its Dark Web service available to everyone, to protect users' accounts and personal information. The Google Dark Web Report monitors the dark web for possible data breaches and provides additional paid features. Users can use the Google app and Password Manager to protect their cr...

Fight against cybercrime and fake news, Google finances two Italian projectsA new era for cybersecurity: Google invests in innovation made in ItalyGoogle has selected two Italian projects to receive funding as part of the Impact Challenge: Tech for Social Good. One involves identifying cyber vulnerabilities of SMEs, the other helps older people detect and counter cyber attacks. Google will invest 4 million euros in these initiatives, which will...

Exploiting Discord in critical infrastructure threatsAn insidious trend: the growing use of Discord as a tool to attack critical infrastructureNew findings show that state-run hacker groups are using Discord to attack critical infrastructure, exploiting its content delivery network and stealing sensitive data via webhooks. Loaders such as SmokeLoader and PrivateLoader download malicious payloads from Discord's CDN.

Signal's alleged zero-day flaw affecting link previewsSigns of uncertainty: how to protect yourself from possible threatsSignal has rejected accusations of an alleged zero-day flaw, but there may be a risk linked to link previews. We recommend disabling previews, keeping the app updated, and taking precautions such as two-factor authentication and avoiding suspicious links.

Siemens launches SINEC Security Inspector, a new test suite for industrial network securityA new tool to ensure the protection and integrity of industrial networks, improving cybersecurity in the manufacturing sectorSiemens has expanded its portfolio of cybersecurity solutions, launching SINEC Security Inspector, a security test suite that helps identify and mitigate cyber vulnerabilities in the manufacturing industry. The open framework integrates third-party security tools and offers an efficient way to control...

Serious zero-day vulnerability in Cisco's IOS XE software: attackers can take control of routers and...Serious security risk for Cisco devices: a zero-day vulnerability puts routers and switches at riskCisco has found a serious vulnerability in its IOS XE software that allows unauthenticated hackers to gain full administrator privileges and remote control of routers and switches. To mitigate risk, Cisco recommends disabling the HTTP server feature on devices exposed to the Internet.