The all in one place for non-profit security aid.
The EU takes on the challenge of regulating AI. The benefits of the SEC’s proposed incident disclosure rules. Senior EU official urges member states to ban Huawei and ZTE. Read More
The CyberWire
MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries
Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate.
"Access to projects can be hijacked through domain name purchases and since most default build configurations are vulnerable, it would be difficult or even impossible to know whether an attack was being performed Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Watermarking images. Dissent and consensus, military and academic. Pay-to-play bloggers. Big Tech and disinfo.
Google announces watermarking technology for synthetic images. China using AI to generate content for influence campaigns. Internal Russian disagreements: military and academic. Pay-to-play in the Russian milblogger space. Ukraine’s and Russia’s presidents have a sharply different view of the state of the war. The EU finds Big Tech soft on Russian disinformation. Russian television service introduced into the occupied Donetsk. Read More
The CyberWire
U.S. Government Releases Popular Phishing Technique Used by Hackers
Phishing is a cyberattack that uses deception to trick people into giving away sensitive information or taking actions that compromise security.
Phishing is often the first stage of a larger attack that can lead to data breaches, ransomware infections, identity theft, and other serious consequences.
This guide is a joint effort by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) to enhance defense against such threats.
Document
FREE Demo
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
This is a phishing attack where hackers pretend to be someone you trust and ask you to provide your login credentials, which they can then use to access your systems or resources.
Sending emails that look like they come from your boss, co-worker, or IT staff.
Using text messages or chat platforms to trick you into giving your login credentials.
Using internet phone services to fake caller IDs makes you think they are calling from a legitimate number.
Train yourself and others on how to spot and report suspicious emails.
Use Domain-based Message Authentication, Reporting, and Conformance (DMARC) for emails.
Set DMARC to “reject” for outgoing emails.
Monitor internal email and messaging traffic.
Use strong Multi-factor Authentication (MFA) for your credentials.
Check MFA lockout and alert settings.
Use Single Sign On (SSO) for centralized logins.
This is a phishing attack where hackers pose as a reliable source and make you interact with malicious links or email attachments, which can run malware on your devices.
Sending links or attachments that make you download malware.
Using smartphone apps and text messages to deliver malicious content.
Use denylists at the email gateway and firewall rules to block malware delivery.
Do not give users administrative rights.
Apply the principle of least privilege (PoLP).
Use application allowlists.
Disable macros by default.
Use remote browser isolation solutions.
Use protective DNS resolvers.
If you experience a phishing incident, you should take steps to reset compromised accounts, isolate affected devices, analyze and remove malware, and restore normal operations.
Reporting any phishing activity to relevant authorities is important in identifying and mitigating new threats.
Phishing attacks are a major threat, but with effective training, security measures, and incident response procedures in place, you can significantly reduce your risk of falling victim to these attacks.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.
The post U.S. Government Releases Popular Phishing Technique Used by Hackers appeared first on Cyber Security News.
Cyber Security News