Over Security

Over Security

33577 bookmarks
Custom sorting
FBI says Iranian hackers are using Telegram to steal data in malware attacks
FBI says Iranian hackers are using Telegram to steal data in malware attacks
Hackers working for Iran’s government are using Telegram in hacking operations that use malware to target dissidents, opposition groups, and journalists who oppose its regime, according to the FBI.
·techcrunch.com·
FBI says Iranian hackers are using Telegram to steal data in malware attacks
Obblighi di trasparenza e privacy: l’EDPB costruisce i pilastri per la conformità futura
Obblighi di trasparenza e privacy: l’EDPB costruisce i pilastri per la conformità futura
L'European Data Protection Board ha lanciato la sua azione sul quadro coordinato di applicazione (CEF) per il 2026. A differenza dell’anno scorso, che era incentrato sul diritto alla cancellazione, l’attenzione quest’anno si sposta sul rispetto degli obblighi di trasparenza e di informazione previsti dal GDPR. I punti salienti
·cybersecurity360.it·
Obblighi di trasparenza e privacy: l’EDPB costruisce i pilastri per la conformità futura
IoT insicuro by design: le botnet smantellate dagli USA sono un sintomo, non la malattia
IoT insicuro by design: le botnet smantellate dagli USA sono un sintomo, non la malattia
Lo smantellamento delle botnet Aisuru, KimWolf, JackSkid e Mossad, con i loro tre milioni di dispositivi infetti, è una vittoria delle forze dell’ordine internazionali. Ma la vera notizia è che queste reti criminali hanno potuto crescere indisturbate per anni sfruttando un ecosistema IoT strutturalmente insicuro. E finché non risolviamo questo problema, ne arriveranno altre
·cybersecurity360.it·
IoT insicuro by design: le botnet smantellate dagli USA sono un sintomo, non la malattia
Varonis Atlas: Securing AI and the Data That Powers It
Varonis Atlas: Securing AI and the Data That Powers It
AI agents can access data directly, making data security the foundation of AI security. Learn more about how Varonis Atlas helps orgs see, secure, and control AI systems and the data they can reach.
·bleepingcomputer.com·
Varonis Atlas: Securing AI and the Data That Powers It
Beers with Talos breaks down the 2025 Talos Year in Review
Beers with Talos breaks down the 2025 Talos Year in Review
The Beers with Talos team unpack the biggest cybersecurity threats of 2025, from React2Shell to ransomware and identity abuse, and what it all means for defenders going forward.
·blog.talosintelligence.com·
Beers with Talos breaks down the 2025 Talos Year in Review
Microsoft Exchange Online service change causes email access issues
Microsoft Exchange Online service change causes email access issues
Microsoft is working to address an ongoing service issue that has intermittently prevented some users from accessing their cloud-based Exchange Online mailboxes via Outlook mobile and Mac desktop clients since Thursday.
·bleepingcomputer.com·
Microsoft Exchange Online service change causes email access issues
2025 Talos Year in Review: Speed, scale, and staying power
2025 Talos Year in Review: Speed, scale, and staying power
The 2025 Talos Year in Review is available now. Understand evolving adversary playbooks and how to strengthen your organization’s defenses.
·blog.talosintelligence.com·
2025 Talos Year in Review: Speed, scale, and staying power
FBI warns of Handala hackers using Telegram in malware attacks
FBI warns of Handala hackers using Telegram in malware attacks
The U.S. Federal Bureau of Investigation (FBI) warned network defenders that Iranian hackers linked to the country's Ministry of Intelligence and Security (MOIS) are using Telegram in malware attacks.
·bleepingcomputer.com·
FBI warns of Handala hackers using Telegram in malware attacks
Spoofing e chiamate abusive: i primi provvedimenti AGCOM, decisivi per il futuro
Spoofing e chiamate abusive: i primi provvedimenti AGCOM, decisivi per il futuro
AGCOM ha emanato due provvedimenti decisivi contro il CLI spoofing: una sanzione ad Agile Telecom per veicolazione di SMS fraudolenti e un’archiviazione per Telecom Italia Sparkle dopo l’implementazione di filtri e risoluzione di contratti irregolari. Un sistema multilivello contro spoofing e chiamate abusive che inizia a funzionare
·cybersecurity360.it·
Spoofing e chiamate abusive: i primi provvedimenti AGCOM, decisivi per il futuro
Privacy sotto assedio: anche in guerra i dati dei civili non devono diventare armi
Privacy sotto assedio: anche in guerra i dati dei civili non devono diventare armi
Nel nuovo dominio della guerra ibrida, la protezione dei dati civili si colloca all’incrocio tra GDPR, Diritto Internazionale Umanitario e sicurezza nazionale. Serve una cornice tecnico-giuridica integrata per prevenire l’abuso dell’identità digitale in tempo di guerra
·cybersecurity360.it·
Privacy sotto assedio: anche in guerra i dati dei civili non devono diventare armi
CISA orders feds to patch DarkSword iOS flaws exploited attacks
CISA orders feds to patch DarkSword iOS flaws exploited attacks
CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit.
·bleepingcomputer.com·
CISA orders feds to patch DarkSword iOS flaws exploited attacks
New KB5085516 emergency update fixes Microsoft account sign-in
New KB5085516 emergency update fixes Microsoft account sign-in
Microsoft has released an emergency update to address a major issue that breaks sign-ins with Microsoft accounts across multiple Microsoft apps, including Teams and OneDrive.
·bleepingcomputer.com·
New KB5085516 emergency update fixes Microsoft account sign-in
VoidStealer malware steals Chrome master key via debugger trick
VoidStealer malware steals Chrome master key via debugger trick
An information stealer called VoidStealer uses a new approach to bypass Chrome's Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser.
·bleepingcomputer.com·
VoidStealer malware steals Chrome master key via debugger trick
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions.
·bleepingcomputer.com·
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
Google adds ‘Advanced Flow’ for safe APK sideloading on Android
Google adds ‘Advanced Flow’ for safe APK sideloading on Android
Google has announced a new mechanism in Android called Advanced Flow that will allow sideloading APKs from unverified developers for power users in a more secure way.
·bleepingcomputer.com·
Google adds ‘Advanced Flow’ for safe APK sideloading on Android
Microsoft Azure Monitor alerts abused in callback phishing campaigns
Microsoft Azure Monitor alerts abused in callback phishing campaigns
Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account.
·bleepingcomputer.com·
Microsoft Azure Monitor alerts abused in callback phishing campaigns
FBI links Signal phishing attacks to Russian intelligence services
FBI links Signal phishing attacks to Russian intelligence services
The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts.
·bleepingcomputer.com·
FBI links Signal phishing attacks to Russian intelligence services