Get Cyber-Smart in Just 5 Minutes a Week
Weekly insights on cybersecurity and privacy. No spam—just essential info to keep you secure, straight to your inbox.
Latest
ALL STORIES >Brief for
- Cyber Attacks Expose Vulnerabilities in Digital Security - Recent cyber incidents, including significant hacks and data breaches, have underscored vulnerabilities in digital security and the need for improved cybersecurity measures.
- Bybit Hack Results in $1.5 Billion Theft - A recent hack of Bybit's cold wallet resulted in the theft of approximately $1.5 billion in digital assets, primarily Ethereum tokens, revealing vulnerabilities in cryptocurrency security.
- AsyncRAT Malware Uses Null-AMSI to Evade Detection - A recent malware campaign has been identified that uses Null-AMSI to evade Windows security and deploy AsyncRAT, a remote access trojan, through maliciously disguised files.
- GitVenom Campaign Targets Developers with Malicious GitHub Repositories - The GitVenom campaign has been identified as a method used by cybercriminals to distribute malware through fake GitHub repositories that appear legitimate.
- PlushDaemon APT Targets IPanyVPN in Supply Chain Attack - ESET researchers have reported a cyberespionage campaign by the newly identified APT group PlushDaemon, which executed a supply chain attack on the IPany VPN provider, deploying sophisticated malware designed for long-term espionage.
- Large-Scale Exploitation of Legacy Driver Detected - A recent investigation uncovered a large-scale cyber campaign that exploited a vulnerability in the legacy Truesight driver to evade detection and deploy malicious software, primarily targeting victims in China.
- Critical Vulnerability CVE-2024-21545 Identified in Proxmox VE - A critical vulnerability, CVE-2024-21545, was identified in Proxmox VE 8.2.2, allowing authenticated attackers to potentially gain full control over the system, which was addressed in a security update on September 23, 2024.
- Manual Exploitation of AD CS ESC15 Vulnerability Discussed - The article examines the manual exploitation of an Active Directory Certificate Services vulnerability, detailing the challenges faced and the collaborative efforts involved in addressing the issue.
- Microsoft Patch for CVE-2024-38213 Found Ineffective - Security researchers have found that Microsoft's patch for CVE-2024-38213, intended to fix a critical vulnerability affecting WebDAV file transfers, failed to address the issue, prompting further updates and alternative solutions.
- Microsoft Introduces eBPF Technology for Windows Kernel - Microsoft has introduced eBPF technology for Windows, allowing developers to enhance kernel security by writing programs that operate in a constrained environment within the Windows kernel.
- DiStefano Protocol Enhances Privacy in TLS 1.3 Data Sharing - Researchers have developed DiStefano, a new protocol that enhances privacy and security for data sharing over TLS 1.3 by enabling zero-knowledge proofs while addressing existing limitations in designated-commitment protocols.
- Google Cloud Launches Quantum-Safe Digital Signatures in KMS - Google Cloud has launched quantum-safe digital signatures in its Key Management Service to enhance cryptographic security against potential threats from quantum computing.
- Self-Supervised Learning Improves Malware Detection Techniques - A new self-supervised learning approach has been developed to enhance malware detection capabilities, achieving high classification accuracies on various datasets.
- CyberSentinel: New System for AI Security Threat Detection - CyberSentinel is a comprehensive system developed for real-time detection and mitigation of cybersecurity threats using advanced techniques such as SSH log analysis and machine learning-based anomaly detection.
- PortSwigger Introduces AI Features in Burp Suite Professional - PortSwigger has introduced AI capabilities in Burp Suite Professional to enhance task automation and security testing, offering users 10,000 free AI credits for experimentation.
- Dragos Recognized as Leader in Cyber-Physical Systems Protection - Dragos has been recognized as a leader in Gartner's inaugural Magic Quadrant for Cyber-Physical Systems Protection Platforms, highlighting its expertise in operational technology cybersecurity and commitment to enhancing asset inventory capabilities.
- Apple Disables Encrypted iCloud Backup for U.K. Users - Apple has disabled end-to-end encrypted iCloud Backup for U.K. users following a government order requiring access to encrypted data.
- Thailand Launches Crackdown on Cyber Sweatshops and Trafficking - Thai police have initiated a crackdown on human trafficking in cyber sweatshops, targeting operations in Myanmar that reportedly hold up to 100,000 victims forced into cybercrime activities.