AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Cyberpills.news

Serious Equifax security breach fined £11.1mA lesson on personal data management in the digital age: the Equifax caseThe Financial Conduct Authority (FCA) has fined Equifax £11,164,400 for a serious cybersecurity breach. Equifax failed to properly manage the security of UK consumer data, allowing hackers to access millions of personal details. The breach was made worse by Equifax's poor handling of the incident...

Hamas-Israel war: the escalation of virtual operationsThe digital arena: The new frontier in the Hamas-Israel warThe recent conflict between Hamas and Israel has demonstrated the use of digital warfare and disinformation operations to control the narrative and influence public opinion. Involving external actors, such as hackers and Russia, this hybrid warfare requires attention and a coordinated response from the...

Google: news for the security of Android and iOS usersAn important series of improvements for the security and privacy of both Android and iOS usersIn celebration of Cyber Security Month, Google announced three new improvements for users. On Android it will be possible to delete browsing data from the last 15 minutes, Google Password Manager will become the default provider for passwords on iOS and it will be easier to access the report on the dark...

Email delivery issues in Exchange Online: Microsoft investigatingLearn more about causes and impactsMicrosoft is investigating email delivery issues in Exchange Online, causing "Server Busy" errors and delays in receiving external emails. The problems could be related to the incorrect application of anti-spam rules. There have also been previous problems accessing email inboxes.

The end of VBScript: Microsoft is committed to ending the use of the outdated scripting languageA major change for cybersecurity: Microsoft abandons VBScript for greater protectionMicrosoft will phase out VBScript from future versions of Windows to combat the spread of malware. This decision is part of a broader strategy to increase the security of Windows systems and provide users with a more reliable computing experience.

Record DDoS attacks: fixes quickly releasedHTTP2 vulnerability exploited by large-scale DDoS attacks: here are the solutionsWeb server vendors address Rapid Reset vulnerability in HTTP2 protocol that caused DDoS attacks. Fixes have been released for many affected products. Large DDoS attacks have been mitigated thanks to a zero-day vulnerability in the HTTP/2 protocol called HTTP/2 Rapid Reset.

Cyber attack on the Province of Cosenza: the imperative of robust digital securityThe need for advanced cyber defense against ransomware: lessons from the attack on the Province of CosenzaThe provincial administration of Cosenza was hit by a ransomware cyber attack, making data inaccessible and demanding a ransom. Despite the attack, the administration refused to pay, showing determination to recover the encrypted data. We highlight the importance of adopting advanced digital security...

Cloudflare: the incident that caused DNS resolution issuesCloudflare's implications and solutions for the DNS resolution incidentDNS service provider Cloudflare experienced a DNS resolution error that caused internet access issues for many users. The error was caused by an internal software error at Cloudflare and not by an external attack. Cloudflare is working to prevent future errors and apologizes for the incident.

Cyberlum Academy: training to counter cyber attacksImproving the preparation of security experts in the IT sector: the mission of the Cybellum AcademyThe Cybellum Academy is an institution dedicated to training and offering content on cybersecurity. Offers courses on product security and vulnerability management to thwart cyber attacks on critical devices.

Office employees' risky cyber security habitsThe challenges of cybersecurity awareness in work contextsAccording to a study by Ivanti, many employees do not consider their actions relevant to corporate security. Younger workers have less secure habits, while regional differences point to gaps in cybersecurity training. It is essential to create a collaborative culture, avoiding problems for end us...

Hacking black market: traffic of bugs and exploits on the riseBlack market explosion: searching for vulnerabilities in the digital ageHacking mobile phones, particularly via apps like WhatsApp, is becoming increasingly expensive. Zero-day vulnerabilities have reached very high prices, demonstrating the importance of investing in security. Illegal trafficking in malware and spyware is growing, putting users' online privacy at risk....

Japan and eight ASEAN nations strengthen cybersecurity collaborationThe creation of a joint defense network between Japan and ASEAN to address cyber threatsJapan and eight ASEAN countries have agreed to collaborate in the area of cybersecurity to counter alleged cyberattacks and strengthen national cyber defense. The commitment was made during the conference in Tokyo.

APIs and their fragility in the digital contextThe need for API-centric cybersecurity to protect digital applicationsAPIs are essential but vulnerable. Their widespread use and lack of adequate oversight facilitate cyberattacks. Enterprises must adopt protection strategies, detect anomalous behavior and involve developers and company departments in security.

Soft skills: an ongoing challenge for the cybersecurity sectorChallenges and opportunities for cybersecurity professionals in the digitally advanced job marketA new report from ISACA highlights gaps in cybersecurity professionals, such as interpersonal skills, cloud computing and security measures. There are shortages of specialized personnel and difficulties in retaining talent. The most sought after skills are identity and access management, cloud computing,...

LLMs reduce the barrier to entry into cybercrimeThe growing threat of chatbots in the field of cybercrime: a new ally for cybercriminalsCybercriminals' use of chatbots and advanced language models makes phishing campaigns increasingly effective, with threats constantly evolving. Traditional security tools often fail to detect these attacks, causing growing concern in the cybersecurity industry.

Lyca Mobile services disrupted by cyber attackThe consequences of the attack and the ongoing investigationsA cyber attack has disrupted the services of mobile provider Lyca Mobile, preventing users from accessing services and causing operational problems. The company is investigating possible personal data breaches.

A multifaceted scourge that knows no rest: the persistent rule of NecursDefeating the dark lord of cyberspace: the never-ending fight against NecursNecurs is a botnet that distributes malware for data theft and financial damage, demonstrating great adaptability and difficulty in countering it. Recent speculation about his possible disappearance still remains uncertain.

Google and Yahoo strengthen email anti-spam protectionsThe future of email: raising your guard against phishing attacks and spamGoogle and Yahoo have announced new requirements to combat email spam and phishing. Starting next year, senders of bulk messages will be required to authenticate their messages and offer users the ability to easily unsubscribe from commercial emails. Clear criteria will be introduced to avoid sending...

Mozilla warns of fake Thunderbird downloads distributing ransomwareRansomware threats via fake Thunderbird downloads are on the riseMozilla has warned of scams offering Thunderbird downloads, used by ransomware group Snatch to spread malware. Users are advised to download Thunderbird only from trusted websites to protect themselves from ransomware attacks.

Cyber attacks: a magnifying glass on securityRevealing hidden vulnerabilities: an in-depth analysis of cyber attacksCyberattacks highlight gaps in corporate security, but it's important to combat hackers who abuse user data to commit fraud. The article highlights that companies need to invest in advanced technologies, train staff and take appropriate security measures to protect users.

Kaspersky unveils new malware targeting the financial and cryptocurrency sectorsThe new malware that puts the financial and cryptocurrency system at risk: Kaspersky's warningThe cryptocurrency and financial sector is threatened by three new malware: Zanubis, AsymCrypt and Lumma. Zanubis is a banking Trojan that hides in legitimate applications on Android devices. AsymCrypt hits crypto wallets and is sold on underground forums. Lumma is an ever-evolving file stealer. It is...

BunnyLoader: the ever-evolving malware-as-a-serviceThe unstoppable threat making its way into the world of hackingBunnyLoader is a dangerous malware-as-a-service that is gaining popularity on the dark web. With advanced features such as clipboard stealing and remote command execution, it poses a significant threat to cybersecurity.

October 2023 security updates for Android: fixed two exploited vulnerability issuesSecurity risks for Android users: exploited vulnerabilities and spread of spyware on iPhoneGoogle has released the October 2023 security updates for Android, fixing 51 vulnerabilities, including 2 zero-days exploited in malicious attacks. These issues were reported by Apple and Citizen Lab and were used to spread spyware on iPhones. Additionally, a bug in the Arm Mali GPU driver that allowed...

Temu: Spyware or just an e-commerce app?An analysis of the allegations made by Grizzly Research against Temu, the e-commerce app, and considerations on the implications for data securityE-commerce app Temu has come under accusations of being spyware aimed at collecting user data. A study highlighted cybersecurity and financial security issues with the app, but it cannot be established with certainty whether the allegations are true. One must be cautious when considering the reliability...

UK businesses: growth in cyber incidents and security budget challengesA worrying picture: UK businesses face a growing challenge in cyber protectionUK businesses face a growing challenge in cyber protection, with a 25% increase in cyber incidents. However, limited budget and other factors remain weaknesses. New technologies such as artificial intelligence could help improve cybersecurity.

Critical vulnerabilities addressed in WS_FTP Server by Progress SoftwareThe implications of remediating vulnerabilities and recommended mitigation measuresProgress Software has resolved two critical vulnerabilities in WS_FTP Server, which allowed remote command execution by unauthenticated attackers. Users are recommended to update to the correct version or disable the ad hoc transfer feature.

Hacker attack on Sony: threat of data disclosureA new threat to Sony's data security: the tension increasesA Russian hacker group, known as Ransomed.vc, claims to have breached Sony's security systems and is holding sensitive customer data. They threaten to sell the data if a ransom is not paid. Sony is investigating the situation.

Effective cyber attack via images in the corporate environmentAn ingenious cyber attack that uses images to infiltrate companiesSpear-phishing emails with apparent images about the Armenia-Azerbaijan conflict hide malware that steals sensitive data. Management teams associated with Azerbaijani company targeted. The malware, written in Rust, creates temporary files to steal information during non-business hours.

Secure Code Warrior presents Devlympics 2023: the competition for the best IT professionalsDevlympics: programming challenges for the best IT developersSecure Code Warrior is organizing the third edition of the Devlympics competition, an event for developers of high-quality, secure code. Participants can measure their skills, climb the global leaderboard, and connect with industry experts to learn and improve.

Cyber attack paralyzes the Bermuda islands: government working to restore operationsExtensive checks are underway to determine the origin of the sophisticated cyber attack in the governmentBermuda suffered a major cyber attack last week, but there is no evidence of data theft. The government is restoring operations and building a more secure network. Difficulties have been encountered, but everything is expected to return to normal soon.

Cisco acquires Splunk for $28 billionCisco and Splunk join forces to create cutting-edge security solutionsCisco will acquire Splunk for $28 billion, with the goal of improving digital security and connecting everything securely. The union will make it possible to predict and prevent threats thanks to artificial intelligence, offering innovative solutions in the security and observability sector.

Air Canada: employees' personal data breachedFight against breaches of sensitive employee data and strengthen cybersecurity practicesAir Canada has revealed a breach of their internal systems, compromising employees' personal information. The company took immediate action, ensuring that no customer information was accessed. Air Canada is enhancing its security measures to protect employee data and remain operational.

Google fixes a new zero-day vulnerability exploited by a spyware vendorAn urgent patch has been released to protect users from espionage activity via a zero-day vulnerability in ChromeGoogle has released a Chrome update to address a zero-day vulnerability exploited by a spyware vendor. The stable version 117.0.5938.132 resolves the critical vulnerability identified as CVE-2023-5217. It is the sixth zero-day solved by Google in 2023.

The revolution of the Zero-Touch model for corporate IT securityA new approach to enhance the protection of corporate IT systemsThe article explains the concept of "Zero-Trust" in cybersecurity and how it is evolving with the introduction of the "Zero-Touch" model. This new approach aims to reduce human intervention and adopt Artificial Intelligence to optimize the management of protective devices.

Working group on the Intersection of AI and cybersecurityArtificial intelligence, an opportunity to strengthen cyber protectionThe R Street Institute has created a working group to examine the use of cybersecurity in Artificial Intelligence (AI). The group will discuss use cases, regulations and business practices. Members include representatives from the government, Google and academic institutions. AI has been used in cybersecurity...

Fake version of Bitwarden spreads ZenRAT malwareThe new ZenRAT malware uses the Bitwarden name to infect users: here's how it worksA new type of malware called ZenRAT is distributed through spoofed installation packages of the Bitwarden password manager. This malware steals sensitive information of Windows users, but redirects users of other operating systems to harmless pages.

Hackers trick Outlook by showing fake AV scansA sophisticated obfuscation technique tricks Outlook users with virus scanning scamsIn a new phishing trick called ZeroFont, cybercriminals obfuscate Outlook emails to appear to have been successfully scanned, tricking recipients. Organizations and employees must remain informed and alert to this technique to thwart phishing attacks.

New GPU.side-channel attack discovered: modern graphics cards vulnerableA serious security risk for graphics cards: the GPU.side-channel vulnerabilityA group of researchers has discovered a new cyber attack, called "GPU.zip", that exploits the data compression of modern graphics cards to reveal sensitive information during web browsing. Despite the report, no manufacturer has yet released a patch to fix the problem. The attack involves several GPU...

$17 million contract for Xage cybersecurity for Space Force networksA new milestone for cybersecurity: Xage partner of the Space ForceCybersecurity firm Xage has won a $17 million contract to protect the networks of the Space Force's Space Systems Command. Using "zero trust" technology, Xage will ensure the security of information networks and satellites. This collaboration will strengthen the security of the military organization's...

Tourism Digital Hub: agreements to support 20,000 businesses in the tourism supply chainA strategic partnership for the innovation and growth of the Italian tourism sectorThe Ministry of Tourism and Unioncamere have signed an agreement to involve 20,000 tourism businesses in the Tourism Digital Hub platform. This platform aims to enhance the Italian tourist offer on international markets and encourage the digitalisation of the sector. The tourism strategic plan also includes...

Launch of cybersecurity and IT apprenticeship program at University of Maine at AugustaA new approach to apprenticeships: smart investments for growth in IT and cybersecurityOn September 28, from 1:00 pm to 3:00 pm eastern time, the Maine Department of Labor (MDOL) and its Commissioner, Laura Fortman, will announce the launch of the Registered Apprenticeship (RA) program in cybersecurity and IT at the University of Maine at Augusta (UMA). This new initiative will offer employers...

Growing threat: Russian cyber warfare operations in UkraineThe increase in Russian attacks highlighted in the report of the Ukrainian cyber defense organizationRussian hackers targeted Ukrainian law enforcement agencies to gather information on war crimes investigations. Cyberattacks in Ukraine have increased, but defenses are improving. Russia integrates cyber warfare operations into its military strategies.

CYSEC 2023: cyber security in an increasingly interconnected worldThe new challenges in data protection and the search for innovative solutionsCYSEC 2023, a major cybersecurity event, took place in Abu Dhabi. The conference highlighted the need for collaboration between organisations, governments and individuals to counter digital threats. The use of artificial intelligence and machine learning to improve security and the importance of strengthening...

Rohan Massey's role in the tech industryMassey's key role in cyber breach management and regulatory compliance in the technology sectorThe article describes the role of Rohan Massey, partner at Ropes & Gray, in the technology sector. He focuses on regulatory compliance, data management, privacy and cybersecurity. Resolves data protection issues and manages cybersecurity breaches. It also addresses future challenges related to the convergence...

Ransomware Knight: the digital threat affecting ItalyThe serious threat that puts the security of Italian companies at risk: Ransomware KnightRansomware Knight attacks Italy: the dangerous malware targets companies and demands a ransom in Bitcoin. Protecting yourself from this ransomware is crucial by paying attention to suspicious emails and using telemetry and threat intelligence systems.

Password security: why standard policies are not enoughThe need to adopt advanced strategies to protect sensitive passwordsThe article warns about weaknesses in password policies and emphasizes that password complexity requirements are not enough. Stolen passwords are sold on the dark web and used in "credential stuffing" attacks. Organizations must defend themselves by promptly identifying and reporting compromised...

Deadglyph malware: government espionage in the Middle EastHigh modular flexibility and powerful data collection capabilities: the in-depth analysis of the Deadglyph malwareA sophisticated new malware, called Deadglyph, has been discovered in a cyber espionage attack against a government agency. It was attributed to the Stealth Falcon hacker group, serving the government of the United Arab Emirates. The malware is modular and can download new components from the control...

Digital Identity & Authentication: a new approach to cybersecurityNew perspectives for data protection in the digital identity eraThe Digital Identity & Authentication Summit provided an overview of the growing market and addressed challenges and opportunities in the Middle East. Experts have highlighted the importance of balancing convenience and security in the field of digital identity.

Apple fixes 3 more zero-day security issuesCritical updates to protect Apple users from zero-day attacksApple has identified three zero-day vulnerabilities affecting iPhone and Mac that have been exploited by cybercriminals. Affected devices include iPhone 8 and later, iPad mini 5th generation and later, Macs running macOS Monterey or later, and Apple Watch Series 4 and later. The vulnerabilities have...

China's offensive cyber operations in Africa to support soft power effortsChina's growing threat: cyber infiltration into Africa to consolidate its digital dominanceA Chinese-sponsored cyber group has attacked African telecommunications, financial and government organizations in a bid to gain information and competitive advantages. China has invested heavily in African telecommunications and uses these attacks to shape its influence in the region. Other threatening...