AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Cyberpills.news

The 2009 Microsoft-EU agreement puts Windows security at risk: here's whyFind out how European regulations affect Windows cybersecurity and what the possible future scenarios are for Microsoft's operating systemIn 2009, Microsoft had to allow third-party security software the same access to the operating system as its own products, due to an agreement with the EU. This, according to Microsoft, has increased Windows security vulnerabilities compared to macOS and ChromeOS.

Cybersecurity for dummies: defend yourself from modern cyber threatsDiscover essential cybersecurity techniques to protect your business from today's most advanced digital threatsCybersecurity protects businesses from attacks such as malware and phishing. "Exploits" exploit technical vulnerabilities, while "cyber-exploitation" affects the private sphere. Cybersecurity protects data and applications, while network security protects networks. Challenges include access management,...

Critical breakthroughs in 2024: new threats to Adobe, SolarWinds, and VMwareCritical vulnerabilities discovered in 2024: urgency for security updates increases for Adobe, SolarWinds, and VMware. Find out how these threats can affect cyber infrastructuresCISA has added new critical vulnerabilities to its catalog, affecting Adobe Commerce, SolarWinds Serv-U, VMware vCenter Server, and OSGeo GeoServer GeoTools. It also issued an advisory for Rockwell Automation Pavilion 8 industrial control systems, highlighting the importance of proactive vulnerability...

Effective plans and strategies to face and defeat a ransomware attackStrategies and tips for companies facing cyber attacks: how to manage negotiations, prepare for incidents and prevent future ransomware threatsThe text discusses negotiations with criminals using ransomware, the importance of preparation and training to deal with such attacks, evaluating whether to pay the ransom, and implementing preventative and recovery measures to mitigate future risks.

Zero-day threat on Android devices: Samsung prepares a crucial updateFind out how Samsung is addressing critical Android vulnerabilities and protecting Galaxy devices from cyber threatsSamsung will release a security patch in August to address a serious zero-day vulnerability (CVE-2024-32896) on Galaxy devices. The vulnerability allows remote code execution. Another flaw (CVE-2024-2974) also needs fixing.

CrowdStrike: how a security update crippled the tech worldGlobal impact of a security update on banking, transportation and cloud services: what happened and how the crisis is being addressedAn update to CrowdStrike's cybersecurity software has caused global IT outages, affecting banks, media, transportation and Microsoft Azure services. This has led to blue screens on many Windows devices. CrowdStrike and Microsoft are working to resolve the issue.

Checkmate the criminal networks: the Interpol operation that reveals the invisibleFind out how Operation Interpol exposed digital fraudsters and traffickers through extraordinary global collaboration, seizing luxury goods and false documentsINTERPOL has arrested 300 members of globally active West African criminal groups involved in online scams, financial fraud and human trafficking. The operation shows the importance of international cooperation to counter global criminal networks.

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud reportGoogle Cloud's "Cybersecurity Forecast 2024" report predicts the use of AI to broaden phishing and disinformation, but also to improve defense. Highlights threats from the "Big Four" (China, Russia, North Korea, Iran) and attacks on elections and the Paris Olympics.

AT&T: data breach discovered that exposes communications of millions of usersDigital security compromised: learn how a recent AT&T data breach affected millions of usersAT&T suffered a data breach involving call and text logs of millions of users, both customers and non-customers. The incident is under investigation by the FCC in conjunction with law enforcement. The violation is serious due to the risks associated with locating people.

Critical vulnerability discovered in PHP CGI: how to protect your systems from CVE-2024-4577Find out how a security flaw in PHP CGI threatens your Windows servers and what immediate steps to take to protect yourselfAkamai has discovered a serious vulnerability in PHP (CVE-2024-4577) that allows remote code execution on Windows systems with CGI configurations. Bad actors can exploit it to spread malware and crypto mining attacks. Installing patches and using WAF is critical for protection.

Apple raises alarm about new cyber threats: the challenge of mercenary spywareHow Apple addresses new digital threats: tools, collaborations and measures to protect user privacy in an increasingly interconnected worldApple has warned about mercenary spyware, malicious software sold to governments to spy on. He stressed the importance of updating devices and collaborating at the technology and government levels to protect user privacy.

New critical vulnerability discovered in OpenSSH: remote code execution riskFind out how a race condition in recent versions of OpenSSH puts system security at risk: details, impacts and solutions to implement immediatelyA vulnerability in OpenSSH 8.7 and 8.8, identified as CVE-2024-6409, could allow remote code execution. Caused by a race condition in the signal handler, it is a serious risk. Discovered by Qualys, requires immediate patches to mitigate risks.

Discovery of an AiTM attack campaign on Microsoft 365A detailed exploration of AiTM attack techniques and mitigation strategies to protect Microsoft 365 from advanced compromisesIn July 2024, the Field Effect security team discovered “Adversary-in-the-Middle” (AiTM) attacks against Microsoft 365, using Axios to steal user credentials, including MFA codes, via phishing. Monitoring, credential rotation and anti-phishing training are recommended.

Apple ID security: prevent phishing attacks with two-factor authenticationLearn how cybercriminals exploit phishing and learn how to defend your Apple ID with simple but effective security measuresApple ID users are being hacked via phishing emails and SMS that appear legitimate. Hackers steal credentials to lock out accounts and access funds. Enabling two-factor authentication (2FA) is vital to protecting yourself by avoiding clicking on suspicious links.

GDPR scandal: Vinted under investigation for serious user data breachesTransparency issues and misuse of data: Vinted in the crosshairs of European data protection authoritiesVinted was fined by the Lithuanian regulator for GDPR violations, including obstacles to data deletion, use of non-transparent "shadow bans", and poor data protection measures. The fine is 2.3 million euros. The company intends to appeal the sanction.

Cybersecurity in crisis: consequences of the mega data theft in a Chinese travel agencyMassive travel data theft uncovered: How hackers breached the defenses of a popular Chinese travel agency, possible legal repercussions, and future defense strategiesA cyber attack hit a Chinese travel agency, exposing the data of 7.5 million tourists. The attackers used advanced techniques such as phishing and malware. The event highlights the urgency of improving safety measures and staff training.

The hidden truth: the cyber attack on OpenAI and its consequencesThe cyberattack that OpenAI kept hidden discovered: implications, criticisms and the future of AI securityOpenAI suffered a cyber attack in 2023 without informing the public. Although sensitive data was compromised, critical systems remained intact. The company has since improved security, but criticism of the incident and the spread of modified versions of ChatGPT raise concerns.

Ethereum mail list breach: large-scale phishingLearn how cybercriminals targeted Ethereum users with a sophisticated phishing campaign, and what security measures have been implemented to prevent future threatsOn June 23, the Ethereum mailing list provider was hacked, exposing 35,794 emails to a phishing attack. Hackers sent fake investment offers to steal cryptocurrencies. Ethereum responded by tightening security and notifying users.

Hacker attack compromises Ticketmaster: the value of the theft exceeds 22 billion dollarsSensitive data and millionaire tickets in the hands of the ShinyHunters groupA devastating hacker attack by the ShinyHunters group hit Live Nation and Ticketmaster, stealing data on 193 million tickets, including 440,000 for Taylor Swift, with a total estimated value of $22.7 billion.

Security alert for MSI Center: critical vulnerability discovered in Windows systemsA critical flaw in Windows systems allows limited users to obtain administrator privileges: find out how to protect yourself and what solutions to implement to avoid cyber attacksA vulnerability (CVE-2024-37726) was discovered in MSI Center on Windows, allowing elevation of privilege. Users should update to version 2.0.38.0 to mitigate risks. This flaw can allow total control of the system by attackers.

Operation Morpheus: Europol hits cybercrime hardA vast network of illegal servers discovered and neutralized: the global fight against cyber threats enters a new phaseOperation Morpheus, coordinated by Europol, disabled nearly 600 Cobalt Strike servers used by cybercriminals. Pirated versions of this pentesting tool have been exploited for cyber attacks. Public-private collaboration has been crucial to this success.

regreSSHion vulnerability discovered in OpenSSHLearn how an old vulnerability returns in a new, threatening form and what steps to take to secure your OpenSSH systemsA flaw in OpenSSH, called regreSSHion and identified as CVE-2024-6387, allows remote attacks. This bug is a regression of an old CVE from 2006. Major Linux distributions have released updates to address the issue.

Indirector vulnerability discovered in modern Intel CPUsNew Intel CPU security threat: learn how the Indirector attack can compromise your data and key techniques to protect yourselfA new vulnerability called Indirector affects recent Intel processors, exploiting flaws in the IBP and BTB components to access sensitive data. Intel has recommended mitigation measures but they may affect performance. The discovery will be presented at the USENIX Security Symposium.

Serious vulnerability discovered in Rabbit R1: all user data at riskVulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?The Rabbitude Group has discovered a vulnerability in the Rabbit R1 AI device that exposes crucial API keys. These keys allow unauthorized access to users' personal data. Rabbit has revoked an API key and is investigating, but has found no evidence of violations so far.

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackersBrain Cipher is a new ransomware group that hit a data center in Indonesia, encrypting government servers and disrupting vital services. They demanded a ransom of $8 million in Monero. Ransomware encrypts both data and file names, making recovery difficult.

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incidentOver the weekend, a security incident hit Patelco Credit Union in California, blocking access to funds for nearly half a million customers. The company has had to shut down several banking systems and is working with experts to resolve the issue.

Severe vulnerabilities in Juniper Networks devices: urgent security updatesThe critical issue that exposes corporate networks to serious risks and the immediate measures to be takenJuniper Networks has released security patches to fix a serious vulnerability in Junos OS. This flaw, rated 10.0, allows arbitrary code execution and denial of service. Immediate update is recommended to protect company IT infrastructures.

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threatTeamViewer suffered a cyber attack but reassured that customer data is safe. The company works with security experts to investigate and strengthen system protection. The incident highlights the importance of cybersecurity for all businesses.

Polyfill JS supply chain attack: what happenedA detailed analysis of the cyber attack that compromised a library essential for JavaScript compatibility in browsersSupply chain attacks on open source projects have increased in recent times. Polyfill JS, used to improve browser compatibility, was compromised by a malicious domain. Developers should remove references to this domain to protect themselves.

Security alert: supposed LockBit intrusion into the Federal Reserve systemPossible consequences and responses of the authorities to the alleged cyber breach of the Federal ReserveLockBit claims to have hacked the US Federal Reserve, stealing 33 TB of sensitive data. However, concrete evidence is lacking. The FBI recovered decryption keys to help victims. Experts remain skeptical, considering this claim a possible visibility maneuver.

China's strategy in cyber space: civilian hackers and state supportCivilian hackers and digital sovereignty: China's cyber espionage modelChina's offensive cyber ecosystem relies on state-backed civilian hackers using zero-day vulnerabilities. Hacking competitions and bug bounty programs are used to identify these flaws. Other countries must balance these practices with their own ethical values.

Cyber attack interrupts Euro 2024 live broadcastInterruption of the live streaming of a Euro 2024 match: TVP under DDoS attackA DDoS attack hit broadcaster TVP during a 2024 European Football Championship match between Poland and Austria, interrupting the broadcast. TVP acted quickly to restore service. The attack is suspected to have come from Russia. Preventive measures are in place for future events.

Serious digital security incident in Indonesia puts sensitive national data at riskRecent vulnerabilities and the national response to cyberattacksA data center in Indonesia has been hacked, with cybercriminals stealing sensitive data and demanding a ransom. The attack highlights gaps in national cybersecurity and the need to improve protections and collaborations to prevent future threats.

Alexa is renewed: Amazon focuses on generative artificial intelligence and monthly subscriptionsNew features and economic opportunities to improve the Alexa user experienceAmazon is revamping Alexa with paid versions equipped with generative artificial intelligence. The goal is to make it smarter and more profitable, using it to facilitate purchases on Amazon and introducing monthly subscriptions.

Growing activity of chinese hacker groupsIdentifying and mitigating new threats: the growth of hostile cyber operations led by chinese hacker groupsIn June 2024, Chinese hacker groups intensified attacks using tools such as SpiceRAT and advanced phishing and zero-day techniques. They have affected global organizations, causing serious damage. Companies must implement enhanced security measures and train employees.

Hacker attack on ASST Rhodense: sensitive data compromisedSerious consequences for the IT security of Lombardy healthcare facilitiesASST Rhodense has suffered a major cyber attack from ransomware group Cicada3301, which stole 1TB of sensitive data. Authorities are working to contain the damage and prevent future attacks. The Lombardy Region provides support and security experts are at work.

Microsoft fix for critical Wi-Fi vulnerability: urgent updateMicrosoft releases critical security updates to protect Windows devicesMicrosoft has released security updates to address a serious vulnerability (CVE-2024-30078) in Windows Wi-Fi drivers, which allowed remote attacks via public Wi-Fi networks. It is critical to update systems immediately to prevent security risks.

Serious vulnerability in Microsoft Outlook: risk of spoofing in company emailsThe importance of a timely response to mitigate risks associated with security vulnerabilitiesA critical bug in Microsoft Outlook may allow corporate emails to be impersonated, increasing phishing risks. Microsoft initially ignored the report, but is now reviewing the issue. Users are advised to strengthen their cybersecurity.

Italy: the new DDL Cyber lawNew rules for cybersecurity: strengthening defense and awareness in the digital sectorThe Cyber DDL, approved in Italy, strengthens IT security with operational measures, continuous training and awareness. It promotes collaboration between entities and allocates funds to improve IT infrastructures, supporting research, development and innovation in the field of cybersecurity.

Meet experts and innovations at the Cyber Security & Cloud Expo Europa 2024 in AmsterdamInnovative concepts and unique opportunities: discover the best of cybersecurity and cloud computingThe Cyber Security & Cloud Expo Europa 2024 will be held in Amsterdam on 1-2 October. The event will offer both free and paid passes, with benefits such as access to all tracks, networking events and the dedicated app. Agenda and prominent speakers promise high-level content and networking.

Burnout among cybersecurity specialists: a growing problemBitdefender study: impact of burnout on staff and emerging challenges in cybersecurityA Bitdefender survey reveals that over 70% of cybersecurity professionals work on weekends, leading to burnout and dissatisfaction. The main threats are phishing, software vulnerabilities and ransomware. Organizations invest in security but current solutions are not adequate.

The impact of CVSS 4.0 in Software Security Vulnerability AssessmentThe evolution of the Common Vulnerability Scoring System and its importance for corporate information securityCVSS 4.0, released on October 21, 2023, is a tool for assessing the severity of software vulnerabilities. It uses 30 variables in four categories: Basic, Threat, Environmental and Supplemental. Helps organizations manage and prioritize vulnerabilities to reduce risk.

The importance of the CyberDSA event for digital security in Southeast AsiaSoutheast Asia's leading cybersecurity event between international cooperation and technological innovationCYBERDSA is a major cybersecurity event in Southeast Asia, with goals of connecting government and private leaders to address cyber challenges. The 2024 edition will be held in Kuala Lumpur from 6 to 8 August, with expectations of high participation and innovation.

Serious vulnerability found in Mali GPU drivers: updates requiredExposure to cyber attacks for Mali GPU devices: immediate corrective actions requiredARM has reported a "use-after-free" vulnerability in Mali Bifrost and Valhall GPUs, which has already been exploited by malicious actors. They recommend quick driver updates to protect devices, especially for those using versions r34p0 to r40p0, patched from r41p0 onwards.

Cyber threat to the Italian Ministry of Defense: critical access for sale on underground forumsRisks and implications of selling compromised access in cybercrimeAn Initial Access Broker has offered RCE access for sale to the Italian Ministry of Defense's "Difesa IT" website. IABs sell access to cybercriminals, who use them for attacks such as ransomware. Cyber threat intelligence is essential to prevent these threats.

Breach of cloud services: large-scale attack against Snowflake customersInvestigations detect large-scale cyber attacks leveraging compromised credentials and advanced intrusion toolsA security breach on Snowflake affected over 165 companies, including Ticketmaster and Santander, with sensitive data stolen. Hackers exploited stolen credentials via malware. The lack of multi-factor authentication contributed to the compromise.

Investigation into Facebook data breach and Akira ransomwareCybersecurity challenges: from the latest Facebook breach to the Akira ransomware threatThe article discusses a recent data breach at Facebook that compromised millions of profiles, the FBI's warning of an increase in Akira ransomware cases, and the importance of multi-layered strategies for companies and international collaboration to counter cyber threats .

NotPetya: the cyber attack that changed the face of cyber securityThe global devastation of the NotPetya cyberattack: Analysis of a borderless cyber conflictIn 2017, the NotPetya cyber attack, originating from Russia and targeting Ukraine, infected MeDoc software, affecting vital sectors and causing global damage. It turned out to be destructive and not for the purpose of redemption. Russian GRU unit 74455 was held responsible.

Malware emergency on macOS: Atomic Stealer's threat to sensitive data and cryptocurrenciesNew infection and mitigation techniques to protect Mac devicesAtomic Stealer is a new malware that affects macOS, stealing sensitive data and cryptocurrencies. It spreads as cracked software. It uses AppleScript to obtain passwords and steals data from browsers and cryptocurrency wallets. It is recommended to download from official sources only.

TPM chip vulnerabilities and risks without physical accessTPM chip security under scrutiny: new vulnerabilities and mitigation strategiesA researcher has revealed a vulnerability in TPM chips that allows hackers to access data without physical contact. This flaw affects Intel systems and requires firmware updates that not all manufacturers have implemented. A tool to detect the vulnerability will be available soon.