Aggregator

Key Takeaways  Cyble Research and Intelligence Lab (CRIL) has identified a sophisticated p

5G standalone (SA) deployments are on the rise. According to a recent report by Market.us Media, growth in the global 5G SA network market is estimated to reach a compound annual growth rate (CAGR) of 51.6 percent by 2033. With the massive increase in 5G SA investments, communications service providers (CSPs) will face...

导语一年一度的“大考”持续火热进行中，攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！【免责声明】本文档提供的信息旨在帮助网络安全专业人员更好地理解和维护业务系统的

每日更新当天鲜活情报和热点漏洞

In 3 maanden tijd heeft Zr.Ms. Karel Doorman ruim 20 marineschepen in de Rode Zee en de Golf van Aden voorzien van 5.000 m3 brandstof. Het vlaggenschip van EU-operatie Aspides zorgde zo dat de betrokken eenheden onafgebroken door konden gaan met het beschermen van koopvaardijschepen. Het logistiek transportschip voerde deze taak sinds 11 mei uit. Ook leverde het schip medische capaciteit. De klus van de Koninklijke Marine in het door Houthi’s geterroriseerde gebied zit er nu op. Zr.Ms. Karel Doorman zet vanaf morgen koers naar Nederland waar het later deze maand wordt verwacht.

CISA released one Industrial Control Systems (ICS) advisory on August 8, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-221-01 Dorsett Controls InfoScan

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

In recent incidents, CISA has seen malicious cyber actors acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install and review NSA’s Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration guidance. 

CISA also continues to see weak password types used on Cisco network devices. A Cisco password type is the type of algorithm used to secure a Cisco device’s password within a system configuration file. The use of weak password types enables password cracking attacks. Once access is gained a threat actor would be able to access system configuration files easily. Access to these configuration files and system passwords can enable malicious cyber actors to compromise victim networks. Organizations must ensure all passwords on network devices are stored using a sufficient level of protection. 

CISA recommends type 8 password protection for all Cisco devices to protect passwords within configuration files. Type 8 password protection is more secure than other password types and approved by NIST. CISA urges organizations to review NSA’s Cisco Password Types: Best Practices guide for more information and follow the best practices for securing administrator accounts and passwords:  

• Properly store passwords with a strong hashing algorithm.  

• Do not reuse passwords across systems.  

• Assign passwords that are strong and complex.  

• Do not use group accounts that do not provide accountability. 

Kimsuky was observed phishing university staff to steal valuable research for North Korea

Researchers at Aqua Security discovered the "Shadow Resource" attack vector and the "Bucket Monopoly" problem, where threat actors can guess the name of S3 buckets based on their public account IDs.

Роботы будут готовы к конфликтам на всех фронтах.

Новая версия популярного языка ускоряет и совершенствует код.

Cybersecurity Researchers have unveiled the complicated evolution of the cybercriminal underworld. This transformation, spanning decades, has seen hackers evolve from isolated individuals seeking notoriety to organized syndicates driven by profit. The findings provide crucial insights into the operational dynamics of modern cybercriminal organizations, offering valuable knowledge for cybersecurity professionals striving to protect against these threats. […]

The post Researchers Detailed the Evolution of Cybercriminal Underworld appeared first on Cyber Security News.

Positive Technologies представила топ трендовых уязвимостей.

Мошенники готовы на всё ради трафика.

In a recent study, researchers from the Université de Montréal and Flare Systems have demonstrated that large language models (LLMs) can accurately extract critical cyber threat intelligence (CTI) from cybercrime forums with an impressive 98% accuracy. The findings, published in a white paper, highlight the immense potential of AI in bolstering cybersecurity efforts. The research […]

The post AI Model Achieve 98% Accuracy in Collecting Threat Intelligence From Dark Web Forums appeared first on Cyber Security News.