Latest CyberSec News by @thecyberpicker

The digital forensics company known as Meiya Pico won a contract in mid-2023 to build two labs at the Tibet Police College: one on offensive and defensive cyber techniques and the other on electronic evidence collection and analysis.

The law is due to lapse in September, something cyber experts and industry officials say would be a huge loss.

Critics warn that drastic downsizing of  the DHS unit will threaten the nation’s ability to counter cyber adversaries.

A U.K. law firm specializing in crime, family fraud, sexual offenses and other sensitive matters has been fined after a hack that led to a data leak on the dark web — something the company only learned about after authorities contacted it.

Study reveals 92% of mobile apps use insecure cryptographic methods, exposing millions to data risks

The Cybersecurity Maturity Model Certification (CMMC) was developed by the DoD to ensure that defense contractors meet cybersecurity requirements.

CISA says the U.S. government has extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.

Google blocked 5.1B bad ads and suspended 39.2M advertiser accounts in 2024 using AI to fight scams.

Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024.

Ransomware remains the biggest threat, but old and misconfigured network devices are making it too easy

This week in cybersecurity from the editors at Cybercrime Magazine

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities found in Eclipse ThreadX and four vulnerabilities in STMicroelectronics.    The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.      For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Ad

Read the latest edition of Cyber Signals to learn how Microsoft is protecting its platforms and customers from AI-enhanced cyber scams.

Change Healthcare breach exposed 6TB of patient data via weak MFA, disrupting critical operations.

AI-based Gamma used in phishing to mimic Microsoft logins, bypass detection, and steal credentials.

Le financement du gouvernement américain au MITRE, qui gère la base de données CVE utilisée par de grandes entreprises du monde entier pour...-Cybersécurité

Business email compromise (BEC) has seen growth due to criminals adopting AI tools. Discover how to protect your business from cybercriminals.

Microsoft warned customers this week that their systems might crash with a blue screen error caused by a secure kernel fatal error after installing Windows updates released since March.

Microsoft is working to fix an ongoing issue causing some users' Windows devices to be offered Windows 11 upgrades despite Intune policies preventing them.

These are the tools of the trade Sophos detected in use by cybercriminals over 2024

80% of SaaS breaches stem from identity misconfigurations—Wing maps threats to stop attacks early.

BPFDoor malware’s new controller enables firewall-bypassing shell access + lateral movement in 2024 attacks.

Ransomware remains the biggest threat, but old and misconfigured network devices are making it too easy

These are the tools of the trade Sophos detected in use by cybercriminals over 2024

A proper detection engineering program can help improve SOC operations. In this article we'll discuss potential SOC issues, the necessary components of a detection engineering program and some useful metrics for evaluating its efficiency.

Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution (RCE). CVE-2018-1207 . remote exploit for Hardware platform

Resecurity warns about the increase in targeted cyberattacks against enterprises in the energy sector worldwide.

DataDome warns that DYI bots are snapping up driving test places en masse

Smart Manager 8.27.0 - Post-Authenticated SQL Injection. CVE-2024-0566 . webapps exploit for PHP platform

WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection. CVE-2024-0399 . webapps exploit for Multiple platform