Cyber Security News

📩 CyberWeekly by Hacklido — Issue №7; 28th of September, 2024 Long time no see, but here is the latest CyberWeekly Newsletter, from our partners at Hacklido. Dive in to explore the following industry topics: • EPA • NIST • CUPS • Patches • Malware • Logistics • ATG systems • Cyberattacks • Cybersecurity • Vulnerabilities • Transportation • Water treatment • Remote code execution • Authentication guidelines Along with a variety of other useful materials. Find the full article via this link. ----- → If your Company / Project / Community wants to become a partner of Cyber Security News... Please, do not hesitate to contact us by sending a direct message to @cybersecadmin ----- @Cyber_Security_Channel

📩 CyberWeekly by Hacklido — Issue №7; 28th of September, 2024 Long time no see, but here is the latest CyberWeekly Newsletter, from our partners at Hacklido. Dive in to explore the following industry topics: • EPA • NIST • CUPS • Patches • Malware • Logistics • ATG systems • Cyberattacks • Cybersecurity • Vulnerabilities • Transportation • Water treatment • Remote code execution • Authentication guidelines Along with a variety of other useful materials. Find the full article here. ----- → If your Company / Project / Community wants to become a partner of Cyber Security News... Please, do not hesitate to contact us by sending a direct message to @cybersecadmin ----- @Cyber_Security_Channel

Millions of Kia Cars Were Vulnerable to Remote Hacking: Researchers After registering on the Kia dealer website – a link to it is sent via email to new users for registration purposes – using the same request used when registering to the owners’ portal, the researchers could generate an access token that allowed them to call the backend dealer APIs. Cyber_Security_Channel

Thousands of US Congress Emails Exposed to Takeover However, the share of US political email addresses exposed on the dark web (20%) pales in comparison to that of British MPs (68%) and members of the European Parliament (44%), which the researchers discovered in an earlier iteration of the study. Cyber_Security_Channel

Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure Interestingly, there has been a delay in assigning Common Vulnerabilities and Exposures (CVE) identifiers to this issue. Margaritelli suggests that there should be at least three CVEs assigned, possibly up to six, due to the multifaceted nature of the vulnerabilities involved. Cyber_Security_Channel

Google Now Syncing Passkeys Across Desktop, Android Devices To ensure that passkeys are kept end-to-end encrypted and protected, the internet giant has introduced a new Google Password Manager PIN, that the user will be prompted to provide when attempting to access a passkey. Cyber_Security_Channel

How Hackers Are Using Legitimate Tools to Distribute Phishing Links These platforms are particularly popular in the education sector, a growing target for threat actors, as well as being commonly used by businesses and creative professionals. Cyber_Security_Channel

Where Are Governments in Their Zero-Trust Journey? The deadline is prompting action. With a goal in sight, federal agencies have a systematic and organized path toward stronger defenses. In an era where cyber threats advance in sophistication and intensity, this proactive stance is paramount for securing critical systems and data. This is something state and local governments must consider when fortifying for the future. Cyber_Security_Channel

Google AI Model Faces EU Data Privacy Investigation Ireland’s Data Protection Commission (DPC) is examining whether the tech giant performed a legally required data protection impact assessment. The organization is examining whether this action was done before processing European Union residents’ personal data. Such details were used in its Pathways Language Model 2, according to a press release which was published on Thursday 12th of September. A Google spokesman provided this statement: “We take seriously our obligations under the GDPR and will work constructively with the DPC to answer their questions.” @Cyber_Security_Channel

TfL Admits Some Services Are Down Following Cyber-Attack “Due to the ongoing TfL-wide cybersecurity incident, we are currently able to process only a limited number of booking requests,” the notice read. “In addition, many of our staff have limited access to systems and email and, as a result, we may be delayed or unable to respond to your query.” Cyber_Security_Channel

🤝 Opportunity to Support the Cyber Security News Community If you are looking to create a free Revolut account: 1. Do it via this link. 2. Follow the steps in the image. Once you complete all the requirements, message us on Telegram @cybersecadmin. To express our graditude, we will send you a unique cybersecurity-related gift. Enjoy your Revolut account, and thank you for the support! ----- @Cyber_Security_Channel

UK Staffing Agency Exposes Gig Workers: Passports, Visas, and More Made Public On August 5th, during a routine investigation, our research team discovered a misconfigured Amazon AWS S3 bucket, which they managed to attribute to GigtoGig. Unfortunately, the database, which contained 217,000 sensitive files, was exposed to the public, meaning that anyone could access it without having to enter a username and password. Cyber_Security_Channel

7 Password Rules to Live by in 2024, According to Security Experts For a simpler, more practical collection of guidelines, try the Secure Our World website, run by the Cybersecurity & Infrastructure Security Agency (CISA). It's targeted at an audience of consumers without a technical background, which makes it a solid source of information you can share with friends and family to help them deal with common threats. Cyber_Security_Channel

Africa Data Protection Association Launches E-Learning Platform on Data Protection Available in French and English, the platform is aimed at a wide audience, including corporate executives, civil servants, and students, as well as any other profile wishing to learn. It features interactive modules, case studies and online assessments, enabling learners to progress at their own pace. Cyber_Security_Channel

Apple, TikTok, Google, and Facebook Give Your Data to Law Enforcement Up to 80% of the Time Google also disclosed “some” information to law enforcement when asked. In May 2023, 81% of requests made by law enforcement resulted in the disclosure of “some information.” Big tech companies often don’t disclose what information was shared and tend to just say that “some” of the information was shared with law enforcement. Cyber_Security_Channel

A Third of Organizations Suffer SaaS Data Breaches Responding organizations said they worry most about lost IP (34%), reputational damage (30%) and breaches of customer data (27%). Just 32% are confident in the security of corporate or customer data stored in their SaaS apps, down from 42% last year. Cyber_Security_Channel

After Cybersecurity Lab Wouldn’t Use AV Software, US Accuses Georgia Tech of Fraud One of the rules says that machines storing or accessing such "controlled unclassified information" need to have endpoint antivirus software installed. But according to the US government, Antonakakis really, really doesn't like putting AV detection software on his lab's machines. Cyber_Security_Channel

NSA Issues Tips for Better Logging, Threat Detection in LotL Incidents The guidelines are directed toward senior IT "decision makers," operational technology operators, and network administrator and operators, and focus on: — Secure storage and log integrity — Enterprise-approved logging policy — Detection strategy for relevant threats — Centralized log access and correlation Cyber_Security_Channel