70Articles
8Categories
2023-07-24Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
24 JulNew OpenSSH Vulnerability Exposes Linux Systems to Remote Command InjectionDetails have emerged about a now-patched flaw in OpenSSH that could be exploited to run arbitrary commands remotely. The vulnerability is being tracked under the CVE identifier CVE-2023-38408. It impacts all versions of OpenSSH before 9.3p2.THEHACKERNEWS.COM
24 JulCritical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation AttacksZero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and …THEHACKERNEWS.COM
24 JulOver 20,000 Citrix Appliances Vulnerable to New ExploitOver 20,000 appliances are vulnerable to a new exploit technique targeting a recent Citrix ADC zero-day vulnerability CVE-2023-3519. The post Over 20,000 Citrix Appliances Vulnerable to New Exploit appeared first on SecurityWeek .SECURITYWEEK.COM
24 JulCritical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation AttacksThe flaws, discovered by Mandiant on February 28, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, and June 26, respectively.THEHACKERNEWS.COM
24 JulAtlassian Patches Remote Code Execution Vulnerabilities in Confluence, BambooThe most severe of these issues, tracked as CVE-2023-22508 (CVSS score of 8.5), was introduced in Confluence version 7.4.0. The second bug, tracked as CVE-2023-22505 (CVSS score of 8.0), was introduced in Confluence version 8.0.0.SECURITYWEEK.COM
24 JulIvanti Releases Security Updates for Endpoint Manager Mobile (EPMM) CVE-2023-35078A vulnerability discovered in Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone number…CISA.GOV
⚠️ VULNERABILITY DISCLOSURE 21[−]
24 JulBanking Sector Targeted in Open-Source Software Supply Chain AttacksCybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. "These attacks showcased advanced techniques, including targeting specific components in web assets of the victim ba…THEHACKERNEWS.COM
24 JulPhishers Exploiting Google Docs to Harvest Crypto CredentialsResearchers at Check Point Software have discovered a new phishing scam campaign that exploits Google Docs to distribute illegitimate URLs and steal cryptocurrency credentials.HACKREAD.COM
24 JulRansom Monetization Rates Fall to Record Low Despite Jump In Average Ransom PaymentsAccording to a Coveware report, in the second quarter of 2023, the percentage of ransomware attacks resulting in payment decreased to a record low of 34%. This is attributed to companies investing in security measures and incident response training.SECURITYBOULEVARD.COM
24 JulNew OpenSSH Vulnerability Exposes Linux Systems to Remote Command InjectionDetails have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable Ope…THEHACKERNEWS.COM
24 JulAtlassian Patches Remote Code Execution Vulnerabilities in Confluence, BambooAtlassian patches high-severity remote code execution vulnerabilities in Confluence and Bamboo products. The post Atlassian Patches Remote Code Execution Vulnerabilities in Confluence, Bamboo appeared first on SecurityWeek .SECURITYWEEK.COM
24 JulPerimeter81 Vulnerability Disclosed After Botched Disclosure ProcessCybersecurity firm Perimeter81 appears to have botched the responsible disclosure process for a privilege escalation vulnerability found in its macOS application. The post Perimeter81 Vulnerability Disclosed After Botched Disclosure Process appeared first on SecurityWeek .SECURITYWEEK.COM
24 JulFirst Known Targeted OSS Supply Chain Attacks Against the Banking SectorThe attackers employed deceptive tactics such as creating fake LinkedIn profiles to appear credible and using customized command and control (C2) centers for each target, exploiting legitimate services for illicit activities.CHECKMARX.COM
24 JulPerimeter81 Vulnerability Disclosed After Botched Disclosure ProcessCybersecurity researcher Erhad Husovic published a blog post in late June to disclose the details of a local privilege escalation vulnerability discovered in Perimeter81’s macOS application.SECURITYWEEK.COM
24 JulGoogle Messages Getting Cross-Platform End-to-End Encryption with MLS ProtocolGoogle has announced that it intends to add support for Message Layer Security (MLS) to its Messages service for Android and open source implementation of the specification. "Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but u…THEHACKERNEWS.COM
24 JulBanking Sector Witnesses First-Ever OSS Supply Chain AttackFor the first time, the banking sector has been explicitly targeted by two distinct Open-Source Software (OSS) supply chain attacks that enabled attackers to stealthily overlay the banking sites. O rganizations must equip themselves with the best early threat alerting and sharing…CYWARE.COM
24 JulNorwegian government IT systems hacked using zero-day flawThe Norwegian government is warning that its ICT platform used by 12 ministries has suffered a cyberattack after hackers exploited a zero-day vulnerability in third-party software. [...]BLEEPINGCOMPUTER.COM
24 JulHow is the Dark Web Reacting to the AI Revolution?Cybercriminals are already utilizing and creating malicious tools based on open source AI language models for phishing and malware development. Learn more from Flare about how threat actors are beginning to use AI. [...]BLEEPINGCOMPUTER.COM
24 JulOver 20,000 Citrix Appliances Vulnerable to New ExploitA new exploit technique targeting a recent Citrix Application Delivery Controller (ADC) and Gateway vulnerability can be used against thousands of unpatched devices, cybersecurity firm Bishop Fox claims.SECURITYWEEK.COM
24 Jul12 Norwegian Ministries Impacted in ICT Platform HackZero-Day In Third-Party Software Reason for the Hack, Says Security Agency Head Unknown hackers attacked a dozen Norwegian government ministries through a zero day vulnerability present in a shared digital platform, the Oslo government disclosed Monday. The prime minister's offic…DATABREACHTODAY.CO.UK
24 JulAs Ransomware Monetization Hits Record Low, Groups InnovateClop's Zero-Day Mass Exploitation and Extortion is Apogee of High Impact Innovation The Russian-language Clop crime group's mass exploitation of MOVEit file-transfer software demonstrates how criminals continue to seek fresh ways to maximize their illicit profits with minimal eff…DATABREACHTODAY.CO.UK
24 JulApple fixes new zero-day used in attacks against iPhones, MacsApple has released security updates to address zero-day vulnerabilities exploited in attacks targeting iPhones, Macs, and iPads. [...]BLEEPINGCOMPUTER.COM
24 JulApple Updates Everything (again), (Mon, Jul 24th)Apple released one of its usual "step" upgrades for its operating systems. This covers iOS, iPadOS, macOS, tvOS and watchOS. The update also includes the vulnerability patched in the last rapid security response update. ISC.SANS.EDU
24 JulNubeva’s Ransomware Key Interception and Decryption Technology Validated in Third-Party Lab100% key capture rate and successful ransomware decryption shows progress in ransomware defense capabilities. The post Nubeva’s Ransomware Key Interception and Decryption Technology Validated in Third-Party Lab appeared first on SecurityWeek .SECURITYWEEK.COM
24 Jul KEVIvanti patches MobileIron zero-day bug exploited in attacksUS-based IT software company Ivanti has patched an actively exploited zero-day vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core). [...]BLEEPINGCOMPUTER.COM
24 JulZenbleed attack leaks sensitive data from AMD Zen2 processorsGoogle's security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core. [...]BLEEPINGCOMPUTER.COM
24 JulApple Patches Another Kernel Flaw Exploited in ‘Operation Triangulation’ AttacksApple patches another zero-day flaw used in the 'Operation Triangulation' exploit chain. iOS and macOS-powered devices are affected. The post Apple Patches Another Kernel Flaw Exploited in ‘Operation Triangulation’ Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
📋 SECURITY BULLETINS 1[−]
24 JulMicrosoft shares fix for some Outlook hyperlinks not openingMicrosoft shared a workaround for Outlook Desktop blocking attempts to open IP address or fully qualified domain name (FQDN) hyperlinks after installing this month's security updates. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 6[−]
24 JulCERT-In Cautions Internet Users Against Akira Ransomware AttackIn its latest advisory, India's federal cybersecurity agency warned of a ransomware called 'Akira' that steals vital personal information and encrypts data leading to extortion of money from people.ECONOMICTIMES.INDIATIMES.COM
24 JulNorwegian Government Security and Service Organisation Hit by CyberattackTwelve Norwegian government ministries have been hit by a cyberattack, the Norwegian government said on Monday, the latest attack to hit the public sector of Europe's largest gas supplier and NATO's northernmost member.REUTERS.COM
24 JulNew Microsoft identity and data security capabilities to accelerate CMMC compliance for the Defense Industrial BaseMicrosoft introduces new capabilities in Microsoft Entra ID and Microsoft Purview that support CMMC compliance while also helping Defense Industrial Base organizations accelerate their Zero Trust journeys. The post New Microsoft identity and data security capabilities to accelera…MICROSOFT.COM
🔥 INCIDENT REPORTING 9[−]
24 JulClop Now Leaks Data Stolen in Moveit Attacks on Clearweb SitesThe Clop ransomware gang is copying an ALPHV ransomware gang extortion tactic by creating Internet-accessible websites dedicated to specific victims, making it easier to leak stolen data and further pressuring victims into paying a ransom.BLEEPINGCOMPUTER.COM
24 JulCyber Security Today, July 24, 2023 - MOVEit hacker tries to squeeze victims, an apology for a data leak from VirusTotal, and moreThis episode reports on a patch for Adobe OpenMeetings, a lack of patching of Zyxel devices, allegations that Microsoft's security breach may be worse than thought, and moreCYBERSECURITYTODAY.LIBSYN.COM
24 JulRoblox data breach exposes employee dataThe personally identifying information of attendees of the Roblox Developer Conference between 2017-2020 may have been stolenCSHUB.COM
24 JulHow to Protect Patients and Their Privacy in Your SaaS AppsThe healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven’t changed in 2023. The U.S. Government’s Office for Civil Rights reported 145 data breaches in the United States during …THEHACKERNEWS.COM
24 JulMOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims GrowsExperts believe the Cl0p ransomware gang could earn as much as $100 million from the MOVEit hack, with the number of confirmed victims approaching 400. The post MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows appeared first on SecurityWeek .SECURITYWEEK.COM
24 JulJumpCloud hack linked to North Korea after OPSEC mistakeA hacking unit of North Korea's Reconnaissance General Bureau (RGB) was linked to the JumpCloud breach after the attackers made an operational security (OPSEC) mistake, inadvertently exposing their real-world IP addresses. [...]BLEEPINGCOMPUTER.COM
24 JulLazarus hackers hijack Microsoft IIS servers to spread malwareThe North Korean state-sponsored Lazarus hacking group is breaching Windows Internet Information Service (IIS) web servers to hijack them for malware distribution. [...]BLEEPINGCOMPUTER.COM
24 JulLaw Firm Hack Affects Victims of an Earlier Breach AgainClient Files Breached Included Data of Vision Benefits Plan Members A global law firm is notifying nearly 153,000 individuals of a hacking incident that compromised several client files. The files contained sensitive personal information and affects vision care patients who had b…DATABREACHTODAY.CO.UK
24 JulTigo - 700,394 breached accountsIn Mid-2023, 300GB of data containing over 100M records from the Chinese video chat platform "Tigo" dating back to March that year was discovered. The data contained over 700k unique names, usernames, email and IP addresses, genders, profile photos and private messages.…HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 15[−]
24 JulISC Stormcast For Monday, July 24th, 2023 https://isc.sans.edu/podcastdetail/8584, (Mon, Jul 24th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
24 JulUpdate: Microsoft Attackers May Have Data Access Beyond Outlook, Researchers WarnThe China-linked threat actors behind the theft of U.S. State Department and other Microsoft customer emails may have gained access to applications beyond Exchange Online and Outlook.com, according to a report released Friday by Wiz.CYBERSECURITYDIVE.COM
24 JulGoogle Reportedly Disconnecting Employees from the InternetSupposedly Google is starting a pilot program of disabling Internet connectivity from employee computers: The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some wo…SCHNEIER.COM
24 JulIndustrial Organizations in Eastern Europe Targeted by Chinese CyberspiesThe China-linked cyberspy group APT31 is believed to be behind a data-theft campaign targeting industrial organizations in Eastern Europe. The post Industrial Organizations in Eastern Europe Targeted by Chinese Cyberspies appeared first on SecurityWeek .SECURITYWEEK.COM
24 JulCybersecurity Public-Private Partnership: Where Do We Go Next?Sharing threat information and cooperating with other threat intelligence groups helps to strengthen customer safeguards and boosts the effectiveness of the cybersecurity sector overall. The post Cybersecurity Public-Private Partnership: Where Do We Go Next? appeared first on Sec…SECURITYWEEK.COM
24 JulLos Angeles SIM Swapper Pleads Guilty to Cybercrime ChargesAmir Golshan, of Los Angeles, pleaded guilty to perpetrating multiple cybercrime schemes using SIM swapping. The post Los Angeles SIM Swapper Pleads Guilty to Cybercrime Charges appeared first on SecurityWeek .SECURITYWEEK.COM
24 JulOneTrust Raises $150 Million at $4.5 Billion ValuationPrivacy management solutions provider OneTrust raises $150 million at a $4.5 billion valuation. The post OneTrust Raises $150 Million at $4.5 Billion Valuation appeared first on SecurityWeek .SECURITYWEEK.COM
24 JulService Provider's Probe Counts More Victims of MOVEit Hacks2.6 Million Individuals Notified by TIAA Due to Clop Group's Hack of PBI Research The count of organizations and individuals affected by Clop's attack on MOVEit file-transfer users has increased, with the Teachers Insurance and Annuity Association of America reporting that 2.6 mi…DATABREACHTODAY.CO.UK
24 JulJQ: Another Tool We Thought We Knew, (Mon, Jul 24th)So often you&#;x26;#;39;ll see folks (me included) use "jq" to take an unformatted JSON mess and turn it into a readable output. For instance, last thursday we used the Shodan API to dump about 650k of host info like this: curl -s -k "https://api…ISC.SANS.EDU
24 JulLazarus Targets Windows IIS Web Servers for Malware DistributionASEC discovered that the North Korean state-sponsored Lazarus APT group is attacking Windows Internet Information Service (IIS) web servers and using them to distribute malware. It is imperative for organizations to adopt stringent measures, including attack surface management, t…CYWARE.COM
24 JulOneTrust Raises $150M From Al Gore's Firm Following LayoffsVendor Cuts Valuation by $800M to Get Funding From Generation Investment Management OneTrust hauled in $150 million a year after laying off 950 employees but had to slash its valuation by $800 million to seal the deal. The Atlanta-based company intends to use the proceeds to acce…DATABREACHTODAY.CO.UK
24 JulSmishing Campaign Impersonates Japanese UtilitiesAttackers Targeted Electric and Water Public Utility Users Hackers are targeting Japanese Android users with a new smishing campaign to employ a new version of SpyNote malware. The attackers impersonate a Japanese public utilities company putatively concerned about payment proble…DATABREACHTODAY.CO.UK
24 JulWill FedNow Truly Rewire the US Payments Landscape?Experts Discuss Fraud, Security, Implementation Hurdles With Fast Payment Program Now that the long-awaited FedNow faster-payment program is operating, experts debate whether U.S. financial institutions will embrace the payment ecosystem and whether the Federal Reserve and the ba…DATABREACHTODAY.CO.UK
24 JulGamification Can Make Security Training FunWebhelp CISO on Interactive Tools for Cybersecurity Awareness Training In a bid to revolutionize information security training and make it more engaging and memorable for employees, Ivan Milenkovic, group CISO at WebHelp, advises firms to adopt gamification and interactive conten…DATABREACHTODAY.CO.UK
24 JulMicrosoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreatsTake a closer look at how Microsoft Defender Experts for XDR works, and how it complements the power of the Microsoft 365 Defender suite. The post Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats appeared first on Microsoft Security Blog .MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
24 JulUpdate: Virustotal Apologizes for Accidental Leak That Exposed Customer DataGoogle’s malware scanning platform VirusTotal published an apology on Friday after hundreds of individuals working for defense and intelligence agencies globally had their names and email addresses accidentally exposed by an employee.THERECORD.MEDIA
24 JulAttackers intensify DDoS attacks with new tacticsAs we entered 2023, the cybersecurity landscape witnessed an increase in sophisticated, high-volume attacks, according to Gcore. The maximum attack power rose from 600 to 800 Gbps.HELPNETSECURITY.COM
📡 INFOSEC NEWS 10[−]
24 JulWhite House Secures Safety Commitments From Seven AI CompaniesSeven leading AI companies, including Amazon, Anthropic, Google, Meta, Microsoft, OpenAI, and Inflection, have committed to building secure systems and increasing transparency regarding model behavior, The White House announced Friday.CYBERSECURITYDIVE.COM
24 JulCISOs are making cybersecurity a business problemU.S. enterprises are responding to growing cybersecurity threats by working to make the best use of tools and services to ensure business resilience, according to an ISG report.HELPNETSECURITY.COM
24 JulNew Sophos Email enhancements: On-demand clawback, Google directory sync, and moreWe've accelerated Sophos Email development to include a host of new features and technologies.SOPHOS.COM
24 JulWhat Generative AI Means for SecurityHacker One Co-Founder Michiel Prins on the Opportunities and Risks of GAI What does generative AI mean for security? In the short term, and possibly indefinitely, we will see offensive or malicious AI applications outpace defensive ones that use AI for security. We also will see …DATABREACHTODAY.CO.UK
24 JulFlipper Zero now has its own app store for iOS, Android usersThe Flipper Zero team has launched its very own 'Flipper Apps' mobile app store, allowing mobile users to install 3rd-party apps and extend the functionality of the popular wireless pen-testing tool. [...]BLEEPINGCOMPUTER.COM
24 JulMicrosoft Sharepoint outage caused by use of wrong TLS certificateMicrosoft Sharepoint and OneDrive for Business were briefly interrupted today after a German TLS certificate was mistakenly added to the main .com domains for the Microsoft 365 services. [...]BLEEPINGCOMPUTER.COM
24 JulFlipper Zero now has an app store to install third-party appsThe Flipper Zero team has launched its very own 'Flipper Apps' mobile app store, allowing mobile users to install 3rd-party apps and extend the functionality of the popular wireless pen-testing tool. [...]BLEEPINGCOMPUTER.COM
24 JulGoogle blocks staff’s internet access to reduce attacks – but will it work?Some employees at Google will have internet access from their desktop PCs significantly restricted, with only internal web-based tools and Google-owned sites such as Google Drive, Google Maps, and Gmail accessible. But will such an approach protect the tech giant from attacks? Re…BITDEFENDER.COM
24 JulTrend Vision One™ - A Cybersecurity Consolidation PathA single-platform approach delivers value greater than the sum of its partsTRENDMICRO.COM