Cyber Security News

Phishing Risks Rise as Zendesk Subdomains Facilitate Attacks The report highlights that while many instances serve legitimate purposes, some are being registered for malicious activities, including impersonation and scams. Common tactics include using keywords tied to the target brand along with numeric strings to appear authentic. Cyber_Security_Channel

15K Fortinet Device Configs Leaked to the Dark Web On the same day CVE[2024.55591] was disclosed this week, a threat actor with the nom de guerre "Belsen Group" released data belonging to more than 15,000 Fortinet devices. In a blog post, the CloudSEK researchers who spotted it assessed that the data had been stolen thanks to CVE-2022-40684, likely when that bug was still a zero-day. Cyber_Security_Channel

EU To Launch New Support Centre by 2026 to Boost Healthcare Cybersecurity Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy at the EU Commission, commented: “Modern healthcare has made incredible advances through digital transformation, which has meant citizens have benefited from better healthcare. Unfortunately, health systems are also subject to cybersecurity incidents and threats.” Cyber_Security_Channel

Telefonica Breach Hits 20,000 Employees and Exposes Jira Details Cybersecurity vendor, Hudson Rock, claimed to have spoken to the perpetrators and found that they used infostealer malware to compromise over 15 Telefonica employees, gaining credentials from them for initial access. Cyber_Security_Channel

New PhishWP Plugin Enables Sophisticated Payment Page Scams Cybercriminals deploy PhishWP either by compromising existing WordPress sites or creating fraudulent ones. The plugin’s design closely replicates trusted payment gateways, making it difficult for users to detect the deception. Cyber_Security_Channel

ℹ️ The Worst Hacks of 2024 1. China's Salt Typhoon Telecom Breaches 2. Snowflake Customer Breaches 3. Change Healthcare Ransomware Attack. Did we miss anything in the list? Cyber_Security_Channel

33 Open-Source Cybersecurity Solutions You Didn’t Know You Needed • Authentik: Open-source identity provider • Cryptomator: Open-source cloud storage encryption • Cirrus: Open-source Google Cloud forensic collection • IntelOwl: Open-source threat intelligence management • BunkerWeb: Open-source Web Application Firewall (WAF) • Ghidra: Open-source software reverse engineering framework • Cilium: Open-source eBPF-based networking, security, observability Read more here — find out the remainder. ----- 🚀 Want to see your company featured in our content? → Ping us a message at @cybersecadmin Free promos available — let's chat! Cyber_Security_Channel

The Biggest Cybersecurity and Cyberattack Stories of 2024 Including, but not limited to: • Internet Archive hacked; • Bad CrowdStrike updates crashed 8.5 million Windows devices; • Russian state-sponsored hackers breached Microsoft's corporate email; • National Public data breach exposed your Social Security Number; • Attacks on edge networking devices run rampant. Cyber_Security_Channel

Top 12 Ways Hackers Broke Into Your Systems in 2024 — Check Point bug enabled Iranian hacks — Ivanti Connect flaws found Chinese abuse — Fortinet flaw Zero-day’ed by nation state actors — Alibaba and Adobe users tricked into giving up credentials Cyber_Security_Channel

Slovakia Hit by Historic Cyber-Attack on Land Registry Speaking to Infosecurity, cyber policy expert from Slovakia and New America Fellow, Pavlina Pavlova, said that while the Slovakian government is politicizing the attack, swift system recovery is the key concern for citizens right now. Cyber_Security_Channel

What Security Lessons Did We Learn in 2024? — Telecom Can't Be Trusted — Surging Zero-Day Exploits — Nation-State Collaboration — Resiliency Planning Needs More Focus — Critical Infrastructure Is a Growing Target Read more about this topic via the previous link. Cyber_Security_Channel

⚡️Unconventional Cyberattacks Aim to Take Over PayPal Accounts The campaign works because the scammer appears to have registered a Microsoft 365 test domain — which is free for three months — and then created a distribution list containing target emails. This allows any messages sent from the domain to bypass standard email security checks, Windsor explained in the post. Cyber_Security_Channel

AI Fuels Reported Rise in ‘Polished’ Phishing Scams AI helped add to a larger cyberattack landscape in 2024, PYMNTS wrote recently, part of a catalogue of threats that include ransomware, zero-day exploits and supply chain attacks. According to the report, cyber security experts say these attacks are increasing as AI grows in sophistication. AI bots can quickly consume mass quantities of information about a company’s or person’s style and tone and recreate them to plot an effective scam. Cyber_Security_Channel

Apple's AI Photo Analyzer Faces Privacy Backlash Apple said in November that the privacy-preserving techniques it uses, including differential privacy and the use of OHTTP relays, mean that user data is anonymous. So neither Apple nor its cloud partner Cloudflare can see the actual image data or any associated metadata when processing. Cyber_Security_Channel

HIPAA Rules Update Proposed to Combat Healthcare Data Breaches The Department of Health and Human Services (HHS) said the new obligations reflect advances in technology and changes in breach trends and cyber-attacks, helping healthcare providers ensure compliance with their data protection duties. Cyber_Security_Channel

2️⃣0️⃣2️⃣5️⃣ Happy New Year from the Cyber Security News Team! We would like to say thank you for continously supporting our community throughout the year of 2024. Together we have managed to reach important milestones and expand our sphere of influence even further. ♥️ We are grateful for all the members, partners and supporters that engaged with our content, purchased digital products, and showed appreciation to our channels =) Our team hopes that all the content on this channel was useful and enjoyable for you. We are planning to show dedication by continuing our mission next year, and are always open to your feedback! Thank you once again, and all the best in the New Year of 2025! Warm regards to all of you, The Cyber Security News Team @Cyber_Security_Channel 🎅🏻

China Accuses the U.S. of Hacking Back as Cyber Conflict Grows China’s counter charges to U.S. cyber espionage claims have largely been based on decade-old NSA leaks, so the PRC’s latest claims are notable for their focus on two recent specific incidents while avoiding those larger claims. Cyber_Security_Channel

Fraud or Fallacy? Is Meezan Bank Covering Up a Data Breach? In a customer advisory, Meezan Bank labeled the rumors of a data breach as “entirely false.” The bank guaranteed customers that all disputed transactions were unsecured e-commerce transactions. They were fully covered under international chargeback mechanisms. Furthermore, the bank also promised quick compensation for affected users. However, the bank’s reassurances have done little to repress customer anxieties. The question arises of how cards never used for Internet banking—or even ATMs—could be exploited for unauthorized transactions. Cyber_Security_Channel

What Skills Will the Tech Workforce Need in 2025? The conversation explored many tech trends expected to change the future of work as we look at the year ahead, from ongoing challenges around managing a hybrid and remote workforce to the increasing need to attract talent with the right skills. Cyber_Security_Channel

New APIs Discovered by Attackers in Just 29 Seconds The most common attack types were CVE exploitation (40%), discovery (34%) and authentication checks (26%). The most frequently probed API endpoint was named “/status,” according to the report. Cyber_Security_Channel