Cybersecurity

The IETF recommended a security.txt file for vulnerability disclosures over two years ago, but only 4% of Fortune 500 companies have adopted it.

#company #security #Internet #cybersecurity #infosec

https://cnews.link/most-fortune-500-companies-lack-security-txt-files-1/

In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) utilized Electronic Codebook (ECB) mode of operation. I reported this, got paid a $5000 bounty and then things fell dead silent. By autumn I tried to follow up on this, and after numerous attempts to inquire about the schedule for a fix I was told that no fix was planned.

Luckily, Microsoft seems to have changed their mind about this, and the fix was applied in late 2023, after all:

https://learn.microsoft.com/en-us/purview/technical-reference-details-about-encryption#aes256-cbc-support-for-microsoft-365

#vulnerability #infosec #cybersecurity

📢 D-60! Mark your calendars for the Software Heritage Symposium & Summit 2025 on Jan 29 at @UNESCO HQ in Paris. 🌍 Dive into key topics: #cybersecurity, #AItransparency, #OpenScience, & #culturalpreservation.

👉 Learn more: https://www.softwareheritage.org/2024/11/19/software-heritage-2025-symposium-summit/

#SWH2025

Data broker left 713GB of sensitive data accessible without a password and unencrypted.

#DataSecurity #cybersecurity #password #files

https://cnews.link/data-broker-exposes-600k-background-checks-3/

Great read and a potentially good use case for LLMs - web fuzzing: https://www.invicti.com/blog/security-labs/brainstorm-tool-release-optimizing-web-fuzzing-with-local-llms/

#appsec #CyberSecurity

Security researchers at last week’s Cyberwarcon conference offered their most up-to-date assessment of the threat from North Korea: Hackers have stolen billions in crypto by posing as venture capitalists, recruiters and IT workers. @Techcrunch has more: https://flip.it/SREtC3
#Tech #CyberSecurity #Hacking #NorthKorea #Crypto

Mimic ransomware - what you need to know.

Check out my article on the Tripwire State of Security blog:
https://www.tripwire.com/state-of-security/mimic-ransomware-what-you-need-know

#cybersecurity #ransomware

▪ @cybernews@infosec.exchange research ▪ Sensitive records, such as passports and medical histories of WotNot users, were exposed.

#DataSecurity #CyberSecurity #AI #database #dataleak

https://cnews.link/wotnot-exposes-346k-sensitive-customer-files-3/

When it comes to improving #cybersecurity, #freesoftware is the right choice! Read more: https://u.fsf.org/44o

Several hospitals in northern England and Wales were hit by a cyberattack.

#uk #cyberattack #CyberSecurity #hospitals

https://cnews.link/wirral-nhs-trust-hospitals-cyberattack-3/

▪️ @cybernews@infosec.exchange research ▪️ CafeCanli, a Turkish live video chat provider, has leaked sensitive details on hundreds of thousands of its users.

#dataleak #DataPrivacy #CyberSecurity #Turkey #database

https://cnews.link/cafecanli-video-chat-data-leak-3/

Blue Yonder, the world’s leading supply chain technology provider, was hit by ransomware last Thursday.

#Ransomware #US #UK #cyberattack #CyberSecurity #Thanksgiving

https://cnews.link/blue-yonder-starbucks-ransomware-attack-grocery-thanksgiving-3/

Wir waren Teil der 5G.NRW-Jahreskonferenz. 🙌 Hier kamen Expertinnen und Experten aus Forschung, Wirtschaft und Politik zusammen, um über Chancen und Herausforderungen von #5G und #6G zu diskutieren.

Unsere Präsidentin Claudia Plattner legte in ihrer Keynote einen klaren Fokus auf #Cybersecurity, Resilienz und Souveränität: Wir brauchen dringend #SecuritybyDesign – nur so können wir eine zukunftsfähige und vertrauenswürdige digitale Infrastruktur schaffen, die uns allen nachhaltig dient.

Russian state hackers have devised a novel attack method to infiltrate organizations by exploiting nearby WiFi networks.

#Russia #CyberSecurity #Hacking #cyberattack #Wifi

https://cnews.link/russian-hackers-using-neighbors-wifi-to-launch-attacks-1/

North Korean IT worker scams are still proliferating across the private sector causing millions in losses.

#NorthKorea #IT #scams #FBI #crime #cybersecurity

https://cnews.link/north-korea-it-worker-scam-fbi-seizes-domains-microsoft-1/

"For determined hackers, sitting in a car outside a target's building and using radio equipment to breach its Wi-Fi network has long been an effective but risky technique. These risks became all too clear when spies working for Russia's GRU military intelligence agency were caught red-handed on a city street in the Netherlands in 2018 using an antenna hidden in their car's trunk to try to hack into the Wi-Fi of the Organization for the Prohibition of Chemical Weapons.

Since that incident, however, that same unit of Russian military hackers appears to have developed a new and far safer Wi-Fi hacking technique: Instead of venturing into radio range of their target, they found another vulnerable network in a building across the street, remotely hacked into a laptop in that neighboring building, and used that computer's antenna to break into the Wi-Fi network of their intended victim—a radio-hacking trick that never even required leaving Russian soil.

At the Cyberwarcon security conference in Arlington, Virginia, today, cybersecurity researcher Steven Adair will reveal how his firm, Volexity, discovered that unprecedented Wi-Fi hacking technique—what the firm is calling a “nearest neighbor attack"—while investigating a network breach targeting a customer in Washington, DC, in 2022. Volexity, which declined to name its DC customer, has since tied the breach to the Russian hacker group known as Fancy Bear, APT28, or Unit 26165."

https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/

#CyberSecurity #Russia #StateHacking #FancyBear #APT28 #Wifi

I’ll be hosting the "Qualys Cyber Risk Series: AI & LLM Edition" virtual event on Wed, 4 December.

Join me and a whole host of industry experts as we tackle the most pressing AI security challenges, explore the hidden risks in your AI and LLM workloads, and forecast the 2025 AI security landscape... and asking how secure are your generative sheep! 🐑

Register today for free at https://tinyurl.com/qualysai

#CyberRiskSeries #AI #LLM #Security #Cybersecurity

The popular file compression program 7-Zip is currently affected by a high-severity vulnerability.

#vulnerability #cyberattack #CyberSecurity #app

https://cnews.link/7-zip-affected-by-dangerous-vulnerability-1/

The American fast food chain Bojangles suffered a data breach.

#cybersecurity #databreach #DataSecurity #Food #US

https://cnews.link/bojangles-data-breach-3/

The carrier says it can protect against SS7, Sim Swap, and other threats.

#cybersecurity #cyberthreat #service #device #government

https://cnews.link/cape-launches-secure-phone-network-3/

Andrew Tate’s online “university” has suffered its second data security incident in less than a year.

#AndrewTate #databreach #DataSecurity #cybersecurity #socialmedia

https://cnews.link/andrew-tates-controversial-online-university-breached-3/

Business Insider: Microsoft's Copilot has an oversharing problem. The company is trying to help customers fix it. (non-paywalled link)
"On Tuesday, Microsoft released new tools and a guide to help customers mitigate a Copilot security issue that inadvertently let employees access sensitive information, such as CEO emails and HR documents."

WHAT DID I FUCKING SAY ABOUT PUTTING AI INTO EVERYTHING? h/t: @Viss@mastodon.social

#microsoft #copilot #vulnerability #ai #infosec #cybersecurity

Malicious hackers have compromised potentially thousands of organizations by exploiting two new zero-day vulnerabilities found in widely used software made by cybersecurity giant Palo Alto Networks. Read more at @Techcrunch. #Cybersecurity #ZeroDay #Hack #Tech #Technology https://flip.it/sF9vJ0

▪️ @cybernews@infosec.exchange research ▪️ A popular promotional gift platform left 300,000 emails from customers exposed for months.

#cybersecurity #china #US #DataSecurity #dataprivacy #infosec

https://cnews.link/military-officials-exposed-using-china-linked-promotional-shop-3/

BianLian, a notorious Russian ransomware ring, has seemingly abandoned the classic ransomware playbook.

#Russia #ransomware #cybercrime #cybersecurity #FBI

https://cnews.link/ransomware-gang-bianlian-ditches-encryption-1/