Cyber Security News

Hacker Claims to Steal Source Code Owned by Nokia The company’s investigation has not identified evidence that an attack has impacted any of its systems or data. However, they assured everyone that they would continue to watch the situation actively despite not spotting a potential compromise. Cyber_Security_Channel

Global Operation Takes Down 22,000 Malicious IPs The first iteration of Operation Synergia was announced in February 2024 when law enforcement agencies from over 50 Interpol member countries joined forces between September and November the previous year. Cyber_Security_Channel

Microsoft SharePoint RCE Bug Exploited to Breach Corporate Network The attacker remained undetected for two weeks. Rapid7 determined the initial access vector to be the exploitation of a vulnerability, CVE 2024|38094, within the on-premise SharePoint server. Cyber_Security_Channel

Most Companies Are Bracing for a Cyberattack Within a Year Among the various types of attacks, credential theft remained a significant threat, wherein attackers steal login information to gain unauthorised access to systems. This often occurs through AI generated phishing or social engineering. Cyber_Security_Channel

Fog Ransomware Targets SonicWall VPNs to Breach Corporate Networks While the researchers aren't 100% positive the flaw was used in all cases, all of the breached endpoints were vulnerable to it, running an older, unpatched version. Cyber_Security_Channel

Exploitation of Docker remote API servers has reached a “critical level” Hackers are exploiting unprotected Docker remote API servers to deploy malware, with researchers stating the threat has reached a “critical level” and warning organizations to act now. Cyber_Security_Channel

Exploitation of Docker remote API servers has reached a “critical level” Hackers are exploiting unprotected Docker remote API servers to deploy malware, with researchers stating the threat has reached a “critical level” and warning organizations to act now. Cyber_Security_Channel

Samsung Zero-Day Vuln Under Active Exploit, Google Warns "This zero-day exploit is part of an EoP chain," Jin and Lecigne noted. "The actor is able to execute arbitrary code in a privileged camera server process. The exploit also renamed the process name itself to 'vendor.samsung.hardware.camera.provider@3.0-service', probably for anti-forensic purposes." Cyber_Security_Channel

DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks "Many Toast ad programs use a feature called WebView to render Web content for displaying ads," according to AhnLab researchers. "However, WebView operates based on a browser. Therefore, if the program creator used IE-based WebView to write the code, IE vulnerabilities could also be exploited in the program." Cyber_Security_Channel

📩 CyberWeekly by Hacklido — Issue №10; 19th of October, 2024 Please welcome the new issue of Hacklido's CyberWeekly Newsletter. Here is what you can find inside: • Apple & Google propose shorter SSL/TLS certificate lifecycles • Iranian cyber threats targeting critical infrastructure • CISA warns of SolarWinds vulnerabilities • Post-quantum cryptography Click here to begin reading the full version. ----- → If your Company / Project / Community wants to become a partner of Cyber Security News... Please, do not hesitate to contact us by sending a direct message to @cybersecadmin ----- @Cyber_Security_Channel

Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach CrowdStrike did not respond to a request for comment. But a week after Techmundo’s piece, the tech news publication hackread.com published a story in which USDoD reportedly admitted that CrowdStrike was accurate in identifying him. Hackread said USDoD shared a statement, which was partially addressed to CrowdStrike: Cyber_Security_Channel

Pokemon Developer Discloses Breach, Extent of Leak Remains a Mystery As of March 2024, the game developer has 207 full-time and contracted employees. News outlets like Nintendo Life, IGN, and Nintendo Everything previously reported that massive amounts of data were leaked, ranging from source code to behind-the-scenes information. Cyber_Security_Channel

Why Your Identity Is the Key to Modernizing Cybersecurity Today, those technologies are coalescing around a modern vision for what is, at its heart, one of our most ancient security solutions: our own unique identity. Let's take a look at how a modern version of this ancient solution can help protect our digital lives. Cyber_Security_Channel

📩 CyberWeekly by Hacklido — Issue №9; 12th of October, 2024 Courtesy of our partners at Hacklido, we are happy to present you the new issue of the CyberWeekly Newsletter. Navigate to their article and learn more about: • Internet Archive breach exposed 31M users' data • Microsoft Patch Tuesday fixed critical flaws • Education on cyber threats rise • OpenAI blocked AI misuse • Firefox zero-day patched Among a wide array of other valuable materials. Access the full Newsletter via this link. ----- → If your Company / Project / Community wants to become a partner of Cyber Security News... Please, do not hesitate to contact us by sending a direct message to @cybersecadmin ----- @Cyber_Security_Channel

31 New Ransomware Groups Join the Ecosystem in 12 Months “Ransomware is a business that is nothing without its affiliate model. In the last year, law enforcement activity has shattered old allegiances, reshaping the business of cybercrime. Originally chaotic in their response, threat actors have refined their business operations and how they work. The result is a larger number of groups, underpinned by substantial affiliate migration,” said Don Smith, VP Threat Intelligence, Secureworks Counter Threat Unit. Cyber_Security_Channel

📩 CyberWeekly by Hacklido — Issue №8; 8th of October, 2024 New week = new issue of the CyberWeekly Newsletter, kindly crafted by our partners at Hacklido. Discover a wide variety of professional themes: • CISA • Zimbra flaw • CUPS DDoS • CVE—2024—45519 • CVE—2024—29824 • US Healthcare Cybersecurity Bill • Texas Hospital ransomware attack • Ivanti Endpoint Manager vulnerability In addition to other useful cybersecurity resources. Find the complete Newsletter here. ----- → If your Company / Project / Community wants to become a partner of Cyber Security News... Please, do not hesitate to contact us by sending a direct message to @cybersecadmin ----- @Cyber_Security_Channel

📩 CyberWeekly by Hacklido — Issue №8; 8th of October, 2024 New week = new issue of the CyberWeekly Newsletter, kindly crafted by our partners at Hacklido. Discover a wide variety of professional themes: • CISA • Zimbra flaw • CUPS DDoS • CVE—2024—45519 • CVE—2024—29824 • US Healthcare Cybersecurity Bill • Texas Hospital ransomware attack • Ivanti Endpoint Manager vulnerability In addition to other useful cybersecurity resources. Find the complete Newsletter here. ----- → If your Company / Project / Community wants to become a partner of Cyber Security News... Please, do not hesitate to contact us by sending a direct message to @cybersecadmin ----- @Cyber_Security_Channel

Are Ghost Calls a Problem? Yes, if They Don’t Stop When they happen repeatedly, it can be a sign that malicious intent is behind ghost calls — they may be a sign of fraudulent activity. Let’s discuss some common not-so-nice reasons for ghost calls so you can identify when you need to take action. Cyber_Security_Channel

Enhancing Cloud Data Security For Efficient And Private Queries With New Encrypt-Then-Index Strategy This research, published in Frontiers of Computer Science, is a collaborative effort between Nanjing University of Aeronautics and Astronautics, the University of Tokyo, Guilin University of Electronic Technology, and China University of Geosciences. Cyber_Security_Channel

📩 CyberWeekly by Hacklido — Issue №7; 28th of September, 2024 Long time no see, but here is the latest CyberWeekly Newsletter, from our partners at Hacklido. Dive in to explore the following industry topics: • EPA • NIST • CUPS • Patches • Malware • Logistics • ATG systems • Cyberattacks • Cybersecurity • Vulnerabilities • Transportation • Water treatment • Remote code execution • Authentication guidelines Along with a variety of other useful materials. Find the full article via this link. ----- → If your Company / Project / Community wants to become a partner of Cyber Security News... Please, do not hesitate to contact us by sending a direct message to @cybersecadmin ----- @Cyber_Security_Channel