19Articles
7Categories
2023-07-14Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
14 JulCVE-2023-24932 Secure Boot Security Feature Bypass VulnerabilityCORRECTED REVISION: To comprehensively address CVE-2023-24932, Microsoft has released July 2023 security updates for all affected versions of Microsoft Windows. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Addition…MSRC.MICROSOFT.COM
14 JulCVE-2023-33127 .NET and Visual Studio Elevation of Privilege VulnerabilityRevised the Security Updates table to include PowerShell 7.2 and PowerShell 7.3 because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/48](https://github.com/PowerShell/Announcements/issues/48) for more i…MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 3[−]
14 JulCyber Security Today, July 14, 2023 - Ransomware payments are up, Google is squeezing bad Android developers, and moreThis episode reports on ransomware statistics, the release of the source code for the BlackLotus bootkit and the release of the implementation plan for the U.S. National Cybersecurity StrategyCYBERSECURITYTODAY.LIBSYN.COM
14 JulCritical Security Flaws Uncovered in Honeywell Experion DCS and QuickBlox ServicesMultiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system (DCS) and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems. Dubbed Crit.IX, the nine flaws in the H…THEHACKERNEWS.COM
14 JulZimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active ExploitationZimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. "A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data ha…THEHACKERNEWS.COM
📋 SECURITY BULLETINS 1[−]
14 JulAIOS WordPress Plugin Faces Backlash for Storing User Passwords in PlaintextAll-In-One Security (AIOS), a WordPress plugin installed on over one million sites, has issued a security update after a bug introduced in version 5.1.9 of the software caused users' passwords being added to the database in plaintext format. "A malicious site administrator (i.e. …THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 4[−]
14 JulCyber Security Today, Week in Review for Friday, July 14, 2023This episode features discussion on insider threats, the pace of cybersecurity spending by the private sector, how hackers are creating voice fakes and the responsibilities of CEOs during a cyber attackCYBERSECURITYTODAY.LIBSYN.COM
14 JulIOTW: Clop issues threat to victims of MOVEit attackThe ransomware gang insulted negotiations from companies involved in the attackCSHUB.COM
14 JulDefend Against Insider Threats: Join this Webinar on SaaS Security Posture ManagementAs security practices continue to evolve, one primary concern persists in the minds of security professionals—the risk of employees unintentionally or deliberately exposing vital information. Insider threats, whether originating from deliberate actions or accidental incidents, po…THEHACKERNEWS.COM
14 JulAnalysis of Storm-0558 techniques for unauthorized email accessAnalysis of the techniques used by the threat actor tracked as Storm-0558 for obtaining unauthorized access to email data, tools, and unique infrastructure characteristics. The post Analysis of Storm-0558 techniques for unauthorized email access appeared first on Microsoft Securi…MICROSOFT.COM
🕵️ THREAT INTELLIGENCE 3[−]
14 JulFriday Squid Blogging: Balloon SquidMasayoshi Matsumoto is a “master balloon artist,” and he made a squid (and other animals). As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here .SCHNEIER.COM
14 JulBuying Campaign Contributions as a HackThe first Republican primary debate has a popularity threshold to determine who gets to appear: 40,000 individual contributors. Now there are a lot of conventional ways a candidate can get that many contributors. Doug Burgum came up with a novel idea: buy them : A long-shot conte…SCHNEIER.COM
14 JulWeekly Update 356Presently sponsored by: Kolide ensures that if a device isn't secure, it can't access your apps. It's Device Trust for Okta. Watch the demo today! Today was a bit back-to-back having just wrapped up the British Airways Magecart attack webinar with Scott. That was actually a great…TROYHUNT.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
14 JulNew SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 CountriesA new malware strain has been found covertly targeting small office/home office (SOHO) routers for more than two years, infiltrating over 70,000 devices and creating a botnet with 40,000 nodes spanning 20 countries. Lumen Black Lotus Labs has dubbed the malware AVrecon, making it…THEHACKERNEWS.COM
14 JulKey findings from ESET Threat Report H1 2023 – Week in security with Tony AnscombeHere's how cybercriminals have adjusted their tactics in response to Microsoft's stricter security policies, plus other interesting findings from ESET's new Threat ReportWELIVESECURITY.COM
📡 INFOSEC NEWS 4[−]
14 JulTeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google CloudA malicious actor has been linked to a cloud credential stealing campaign in June 2023 that's focused on Azure and Google Cloud Platform (GCP) services, marking the adversary's expansion in targeting beyond Amazon Web Services (AWS). The findings come from SentinelOne and Permiso…THEHACKERNEWS.COM
14 JulPossible Supply-Chain Attack Targeting Pakistani Government Delivers ShadowpadWe recently found that a modified installer of the E-Office app used by the Pakistani government delivered a Shadowpad sample, suggesting a possible supply-chain attack.TRENDMICRO.COM
14 JulWhat to Expect When Reporting Vulnerabilities to MicrosoftAt the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One of the ways we do this is by working with security researchers to discover security vulnerabilities…MSRC.MICROSOFT.COM
14 JulCongratulations to the Top MSRC 2023 Q2 Security Researchers!Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q2 Security Researcher Leaderboa…MSRC.MICROSOFT.COM