🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
27 JulAlmost 40% of Ubuntu Users Vulnerable to New Privilege Elevation FlawsTwo recent flaws tracked as CVE-2023-32629 and CVE-2023-2640 discovered by Wiz's researchers S. Tzadik and S. Tamari were recently introduced into the operating system, impacting roughly 40% of Ubuntu's userbase.BLEEPINGCOMPUTER.COM
27 JulTwo New Vulnerabilities Could affect 40% of Ubuntu Cloud WorkloadsResearchers discovered two vulnerabilities in the Ubuntu OverlayFS module: CVE-2023-2640 and CVE-2023-32629 (together dubbed ‘GameOver(lay)’). The post Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads appeared first on SecurityWeek .SECURITYWEEK.COM
27 JulSolarWinds Platform 2023.3 Released – What’s New!SolarWinds announces the release of SolarWinds Platform 2023.3, which includes new features and platform upgrades. Further, the release notes detail the issues that were resolved in the version. The company announced end-of-life plans for modules based on Orion Platform 2020.2.6 …GBHACKERS.COM
27 Jul KEVThe Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022Maddie Stone, Security Researcher, Threat Analysis Group (TAG) This is Google’s fourth annual year-in-review of 0-days exploited in-the-wild [ 2021 , 2020 , 2019 ] and builds off of the mid-year 2022 review. The goal of this report is not to detail each individual exploit , but i…SECURITY.GOOGLEBLOG.COM
⚠️ VULNERABILITY DISCLOSURE 18[−]
27 JulNew SEC Rules Require U.S. Companies to Reveal Cyber Attacks Within 4 DaysThe U.S. Securities and Exchange Commission (SEC) on Wednesday approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a "material" impact on their finances, marking a major shift in how computer…THEHACKERNEWS.COM
27 JulWiz Says 62% of AWS Environments Exposed to Zenbleed ExploitationIn a research note posted Wednesday, Wiz calculated that more than 60 percent of AWS environments are running EC2 instances with Zen 2 CPUs and may therefore be affected by the use-after-free memory corruption bug.SECURITYWEEK.COM
27 JulWho and What is Behind the Malware Proxy Service SocksEscort? – Krebs on SecurityProxy services like SocksEscort are exploited by cybercriminals to hide their true location online and engage in malicious activities, making it difficult to trace their actions back to the original source.KREBSONSECURITY.COM
27 JulGroup-IB Co-Founder Sentenced to 14 Years in Russian Prison for Alleged High TreasonA city court in Moscow on Wednesday convicted Group-IB co-founder and CEO Ilya Sachkov of "high treason" and jailed him for 14 years in a "strict regime colony" over accusations of passing information to foreign spies. "The court found Sachkov guilty under Article 275 of the Russ…THEHACKERNEWS.COM
27 JulAxis Door Controller Vulnerability Exposes Facilities to Physical, Cyber ThreatsAn Axis network door controller vulnerability can be exploited to target facilities, exposing them to both physical and cyber threats. The post Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats appeared first on SecurityWeek .SECURITYWEEK.COM
27 JulDOJ Reorganizes Units to Better Fight RansomwareThe U.S. Justice Department is merging its National Cryptocurrency Enforcement Team with its Crime and Intellectual Property Section to strengthen its capabilities in investigating cryptocurrency-related criminal cases and cybercrime.SECURITYBOULEVARD.COM
27 JulIndustry Coalition Calls For Enhanced Network ResilienceThe alliance argued that, while these vendors and their peers work hard to make their products as secure as possible, end-customer patching and vulnerability management is often sub-par.INFOSECURITY-MAGAZINE.COM
27 JulDecoy Dog Malware Evolves to Expand its ReachAn unidentified nation-state appears to be preparing for a new hacking campaign, according to researchers at Infoblox. The campaign uses the relatively new Decoy Dog malware toolkit. Decoy Dog has undergone a major upgrade from Pupy , an open-source remote access tool, to disguis…CYWARE.COM
27 JulGameOver(lay): Two Severe Linux Vulnerabilities Impact 40% of Ubuntu UsersCybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potentia…THEHACKERNEWS.COM
27 Jul8 million people hit by data breach at US govt contractor MaximusU.S. government services contractor Maximus has disclosed a data breach warning that hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks. [...]BLEEPINGCOMPUTER.COM
27 JulCISA Releases Five Industrial Control Systems AdvisoriesCISA released five Industrial Control Systems (ICS) advisories on July 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-208-01 ETIC Telecom RAS Authentication ICSA-23-208-02 PTC KEPServerEX…CISA.GOV
27 JulWordPress Ninja Forms plugin flaw lets hackers steal submitted dataPopular WordPress form-building plugin Ninja Forms contains three vulnerabilities that could allow attackers to achieve privilege escalation and steal user data. [...]BLEEPINGCOMPUTER.COM
27 JulZimbra patches zero-day vulnerability exploited in XSS attacksTwo weeks after the initial disclosure, Zimbra has released security updates that patch a zero-day vulnerability exploited in attacks targeting Zimbra Collaboration Suite (ZCS) email servers. [...]BLEEPINGCOMPUTER.COM
27 JulCISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control AbuseThe Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) are releasing a joint Cybersecurity Advisory (CSA), Preventing Web Application Access Control Abuse , …CISA.GOV
27 JulHow KnowBe4 Can Help You Fight Spear PhishingThis blog was co-written by KnowBe4's Data-Driven Defense Evangelist Roger A. Grimes and Chief Learning Officer John Just. Social engineering is involved in 70% to 90% of successful compromises. It is the number one way that hackers and malware successfully attack devices and net…KNOWBE4.COM
27 JulMicrosoft Message Queuing Service Flaw Allows DoS and RCE AttacksReports indicate that there have been three critical flaws including DDoS and Remote code execution discovered in the Microsoft Message Queuing Service (MMQS). These vulnerabilities existed in the message parser header that allowed unsanitized crafted message-headed inputs in one…GBHACKERS.COM
27 JulOver 40% of Ubuntu Users Vulnerable to Privilege Escalation FlawAccording to reports, a privilege escalation vulnerability has been found in Ubuntu systems within the OverlayFS module. OverlayFS is a Linux filesystem that has been widely used in containers. OverlayFS allows the deployment of dynamic filesystems with respect to the pre-built i…GBHACKERS.COM
27 JulHeart monitor manufacturer hit by cyberattack, takes systems offlineCardioComm, a Canadian company which provides heart-monitoring technology to hospitals and consumers, has revealed that it has been forced to take its systems offline following a cyberattack. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
📢 SECURITY ADVISORIES 11[−]
27 JulNew Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search AdsA new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry…THEHACKERNEWS.COM
27 JulCount of Organizations Affected by MOVEit Attacks Passes 51535 Million Individuals Affected; Maximus Previews Notifying 8 Million to 11 Million The fallout from Clop group's data-grabbing attacks against MOVEit managed file transfer software users keeps mounting. In recent days, the extortionists have added 70 more organizations to their …DATABREACHTODAY.CO.UK
27 JulHead of US Cybersecurity Agency Sees Progress on Election Security, With More Work Needed for 2024CISA Director Jen Easterly says more is needed to defend the integrity and resiliency of the election process ahead of the 2024 election. The post Head of US Cybersecurity Agency Sees Progress on Election Security, With More Work Needed for 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
27 JulCISA Analysis Shows Most Cyberattacks on Governments, Critical Infrastructure Involve Valid CredentialsMore than half of all cyberattacks on government agencies, critical infrastructure organizations, and state-level government bodies involved the use of valid accounts, according to a new report from the CISA.THERECORD.MEDIA
27 JulHackers Heart Dormant and Default Credentials for AccessUS CISA Finds Valid Credentials Used in Half of Analyzed Attacks The U.S. federal government says hacker abuse of valid credentials is the most successful method for gaining access to systems and the technique is responsible for slightly more than the half of critical infrastruct…DATABREACHTODAY.CO.UK
27 Jul[Live Demo] Customizing Your Compliance Training to Increase EffectivenessLinking compliance training to specific outcomes is hard. Compliance training has a reputation for being challenging for organizations to offer, difficult to do right and employees are not engaged.KNOWBE4.COM
🔥 INCIDENT REPORTING 20[−]
27 JulSEC Wants Cyber-Incident Disclosure Within Four DaysThe US Securities and Exchange Commission (SEC) has adopted new rules requiring publicly listed firms to disclose serious incidents within four days. The regulator voted 3-2 to adopt the rules.INFOSECURITY-MAGAZINE.COM
27 JulCompanies Required by SEC to Disclose Cybersecurity Incidents in 4 DaysThe SEC has adopted new rules requiring public companies to disclose cybersecurity breaches that have a material impact within four days. The post Companies Required by SEC to Disclose Cybersecurity Incidents in 4 Days appeared first on SecurityWeek .SECURITYWEEK.COM
27 JulCryptojacking soars as cyberattacks increase, diversifyDespite the decline in global ransomware attempts (-41%), a variety of other attacks have trended up globally, including cryptojacking (+399%), IoT malware (+37%), and encrypted threats (+22%), according to SonicWall.HELPNETSECURITY.COM
27 JulUp to 11 Million People Hit by MOVEit Hack at Government Services Firm MaximusMaximus Inc says that the personal information of 8 to 11 million individuals was stolen in the MOVEit cyberattack. The post Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus appeared first on SecurityWeek .SECURITYWEEK.COM
27 JulSwiss visa appointments cancelled in UK due to 'IT incident'All appointments for Swiss Schengen tourist and transit visa applicants have been cancelled across the UK. TLSContact, the Swiss government's chosen IT provider for facilitating visa applicants for citizens of third countries, has blamed an 'IT incident' at its London, Manchester…BLEEPINGCOMPUTER.COM
27 JulAkira Ransomware Compromised at Least 63 Victims Since MarchAkira commonly infiltrates targeted Windows and Linux systems through VPN services, especially where users haven't enabled multi-factor authentication. To gain access, attackers use compromised credentials, which are likely acquired on the dark web.THERECORD.MEDIA
27 JulCardioComm Takes Systems Offline Following CyberattackCanadian medical software provider CardioComm has taken systems offline to contain a cyberattack. The post CardioComm Takes Systems Offline Following Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
27 JulNew Nitrogen Malware Pushed via Google Ads for Ransomware AttacksSophos X-Ops researchers have discovered a new malware campaign called Nitrogen. The campaign uses malicious advertising and impersonates legitimate software to compromise business networks.BLEEPINGCOMPUTER.COM
27 JulNATO Investigates Alleged Data Theft by SiegedSec HackersCybersecurity company CloudSEK analyzed the leaked data and found that it comprises 845MB of files, 8,000 rows of user-related sensitive information, unclassified documents, and user account access details.BLEEPINGCOMPUTER.COM
27 JulCardioComm Takes Systems Offline Following CyberattackThe attack, the company says, impacted its production server environments and has an impact on its business operations. Visitors to the company’s website are informed that CardioComm services are currently offline.SECURITYWEEK.COM
27 JulTSA Updates Pipeline Cybersecurity RequirementsThe TSA has released updated cybersecurity requirements for pipeline owners and operators, instructing them to test assessment and incident response plans. The post TSA Updates Pipeline Cybersecurity Requirements appeared first on SecurityWeek .SECURITYWEEK.COM
27 JulSSNDOB cybercrime market admin faces 15 years after pleading guiltyA Ukrainian man, Vitalii Chychasov, has pleaded guilty in the United States to conspiracy to commit access device fraud and trafficking in unauthorized access devices through the now-shutdown SSNDOB Marketplace. [...]BLEEPINGCOMPUTER.COM
27 JulAre Akira Ransomware's Crypto-Locking Malware Days Numbered?Ransomware-Building Group Lost Royal-Organized Competition, Researchers Say Is the Akira ransomware story coming to an end? Security researchers say the group was competing in a competition designed by Royal to give it a new cryptolocker - but lost. Even with a free decryptor now…DATABREACHTODAY.CO.UK
27 JulBreach Roundup: Zenbleed Flaw Exposes AMD Ryzen CPUsWuhan Earthquake Monitoring Center Suffers Cyberattack; NATO's COI Portal Breached This week, a Zenbleed flaw exposed AMD Ryzen CPUs, Facebook was fined AU$20 million in Australia, NATO's COI Portal was breached, Quinn Emanuel reported a cyberattack, VirusTotal apologized for a d…DATABREACHTODAY.CO.UK
27 JulIncident Response Essentials: Collaboration and FlexibilityNorgine CISO Nick Prescot on Incident Response, Benefits of an 'Adaptive Factory' Practicing incident response procedures is as important as practicing fire drills, said CISO Nick Prescot of Norgine. But beyond regularly testing the plan, security leaders must foster a collaborat…DATABREACHTODAY.CO.UK
27 JulBreachForums database and private chats for sale in hacker data breachWhile consumers are usually the ones worried about their information being exposed in data breaches, it's now the hacker's turn, as the notorious Breached cybercrime forum's database is up for sale and member data shared with Have I Been Pwned. [...]BLEEPINGCOMPUTER.COM
27 JulPhishing Scam Affects Nearly 170K Henry Ford Health PatientsAcademic Medical Provider Says 3 Employee Email Accounts Were Compromised Michigan-based academic medical provider Henry Ford Health is notifying nearly 170,000 individuals that their protected health information was breached in a recent phishing scam that compromised three emplo…DATABREACHTODAY.CO.UK
27 JulCoinsPaid blames Lazarus hackers for theft of $37,300,000 in cryptoEstonian crypto-payments service provider CoinsPaid has announced that it experienced a cyber attack on July 22nd, 2023, that resulted in the theft of $37,200,000 worth of cryptocurrency. [...]BLEEPINGCOMPUTER.COM
27 JulPhishing Email Attack Numbers “Decline” While Malware Volumes Increase 15%New data focused on the first half of the year shows some anomalies. Phishing attacks are slowing down… that is, until you dive into the details.KNOWBE4.COM
27 JulSEC requires firms to report cyberattacks within 4 days, but not everyone may like itNew rules requiring publicly-listed firms to disclose serious cybersecurity incidents within four days have been adopted by the US Securities and Exchange Commission (SEC). The tough new rules, although undoubtedly well-intentioned, are likely to leave some firms angry that they …TRIPWIRE.COM
🕵️ THREAT INTELLIGENCE 17[−]
27 JulISC Stormcast For Thursday, July 27th, 2023 https://isc.sans.edu/podcastdetail/8590, (Thu, Jul 27th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
27 JulFooling an AI Article WriterWorld of Warcraft players wrote about a fictional game element, “Glorbo,” on a subreddit for the game, trying to entice an AI bot to write an article about it. It worked : And it…worked. Zleague auto-published a post titled “World of Warcraft Players Excit…SCHNEIER.COM
27 JulLazarus Hackers Linked to $60 Million Alphapo Cryptocurrency TheftBlockchain analysts blame the North Korean Lazarus hacking group for a recent attack on payment processing platform Alphapo where the attackers stole almost $60 million in crypto.BLEEPINGCOMPUTER.COM
27 JulThe Good, the Bad and the Ugly of Generative AIThinking through the good, the bad, and the ugly now is a process that affords us “the negative focus to survive, but a positive one to thrive." The post The Good, the Bad and the Ugly of Generative AI appeared first on SecurityWeek .SECURITYWEEK.COM
27 JulProtect AI Raises $35 Million to Protect Machine Learning and AI AssetsMachine Learning and Artificial Intelligence security firm Protect AI raised $35 million in Series A funding led by Evolution Equity Partners. The post Protect AI Raises $35 Million to Protect Machine Learning and AI Assets appeared first on SecurityWeek .SECURITYWEEK.COM
27 JulIntroducing FraudGPT: The Latest AI Cybercrime Tool in the Dark WebIn the wake of WormGPT's success, threat actors have now introduced another AI-powered cybercrime tool called FraudGPT . This AI bot is being promoted on numerous dark web marketplaces and Telegram channels, and is capable of designing spear-phishing emails, generating cracking t…CYWARE.COM
27 JulCryptohack Roundup: Worldcoin Worries and Lazarus HackingAlso: Cryptojacking Record, Apple Malware, and DOJ Crypto Crime Unit Is No More Between July 21 and 27, Worldcoin set off security and privacy alarms; threat actors stole from AlphaPo, CoinsPaid, Era Lend and Conic Finance; hackers set a cryptojacking record; Apple users became t…DATABREACHTODAY.CO.UK
27 JulEuropean Threat Intelligence Firm QuoIntelligence Raises $5.5 Million in Seed FundingThreat intelligence services provider QuoIntelligence has raised €5 million ($5.5 million) in seed funding. The post European Threat Intelligence Firm QuoIntelligence Raises $5.5 Million in Seed Funding appeared first on SecurityWeek .SECURITYWEEK.COM
27 JulMultiple Security Issues Identified in Peloton Fitness EquipmentInternet-connected Peloton workout equipment is impacted by multiple security risks, such as having USB debugging enabled. The post Multiple Security Issues Identified in Peloton Fitness Equipment appeared first on SecurityWeek .SECURITYWEEK.COM
27 JulUS Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’Redmond is accused of “negligent cybersecurity practices” that enabled a successful Chinese hack of the United States government. The post US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’ appeared first on SecurityWeek .SECURITYWEEK.COM
27 JulCoro Buys Privatise to Infuse SASE With Network ConnectivityPrivatise Will Add DNS Filtering, Content Filtering, ZTNA to Coro's SASE Platform SMB cybersecurity platform Coro purchased an early-stage Israeli startup to bring network connectivity to its SASE offering for midmarket organizations. Coro said its buy of Jerusalem-based Privatis…DATABREACHTODAY.CO.UK
27 JulHow to connect with Microsoft Security at Black Hat USA 2023Learn more about the sessions, product demos, and special events presented by Microsoft at Black Hat 2023. The post How to connect with Microsoft Security at Black Hat USA 2023 appeared first on Microsoft Security Blog .MICROSOFT.COM
27 JulMoscow Court Convicts Former Group-IB Chief for TreasonIlya Sachkov Sentenced to 14 Years in Prison A Russian court sentenced cybersecurity firm Group 1B co-founder Ilya Sachkov Wednesday to more than a dozen in prison in a case that state-run media says stems from delivering classified material to foreign intelligence. Group 1B defe…DATABREACHTODAY.CO.UK
27 JulFacebook Scams Impersonate AI ToolsFraudsters are spreading scams on Facebook that pose as ads for legitimate AI tools, according to researchers at Check Point. The Facebook pages impersonate ChatGPT, Google Bard, Midjourney, Jasper, and more.KNOWBE4.COM
27 JulRussia-Based Global Cybersecurity Vendor Group-IB Exits the Russian MarketAmid potential concerns by governments, customers, and prospects about ties with the Russian government, the cybersecurity vendor Group-IB continues in its promise to separate itself from Russia.KNOWBE4.COM
27 JulPDF Malware Distribution Has Increased by 500%, as Reported by VirusTotalA new edition of the “VirusTotal Malware Trends Report” series, which focuses mostly on “Emerging Formats and Delivery Techniques,” has been published by VirusTotal to understand the nature of malicious attacks better. A representative subset of user submi…GBHACKERS.COM
27 JulHow to verify if CrowdSec is properly configured?submitted by Aetherion to cloudsecurity 5 points | 0 comments Hello Community! I installed CrowdSec bare -metal and alongside three bouncers: /reverse-proxy /cs-firewall-bouncer-1690453608v0.0.27 /FirewallBouncer-QkP4AkuXfayzknrO4fTT8U2yjG3jHFfa So far, so good! But I’m running t…INFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 5[−]
27 JulUncovering an Iranian mobile malware campaignSophos X-Ops researchers discover a cluster of credential-harvesting apps targeting Iranian bank customersSOPHOS.COM
27 JulmacOS Under Attack: Examining the Growing Threat and User PerspectivesMac users are facing increasing threats to their security, with hackers specifically targeting Apple devices using malware such as Geacon, MacStealer, CloudMensis, and JockerSpy, compromising user data and privacy.THEHACKERNEWS.COM
27 JulHackers Target Apache Tomcat Servers for Mirai Botnet and Crypto MiningMisconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners. The findings come courtesy of Aqua, which detected more than 800 attacks against its Tomcat server honeypots…THEHACKERNEWS.COM
27 JulRepeatable VEC Attacks Target Critical InfrastructureAccording to a new report published by cybersecurity firm Abnormal Security earlier today, VEC attacks – a variant of business email compromise (BEC) – pose a significant risk to organizations worldwide.INFOSECURITY-MAGAZINE.COM
27 JulHackers Target Apache Tomcat Servers for Mirai Botnet and Crypto MiningMisconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners.THEHACKERNEWS.COM
📡 INFOSEC NEWS 7[−]
27 JulWhy are computer security guidelines so confusing?Computer security guidelines often become overwhelming and confusing due to the inclusion of excessive information, leading to the most important points being lost in the shuffle.HELPNETSECURITY.COM
27 JulZero Trust Rated as Highly Effective by Businesses WorldwideZero trust is here to stay, with 82% of experts currently working on implementing zero trust, and 16% planning to begin within 18 months, according to a study by Beyond Identity.HELPNETSECURITY.COM
27 JulThe 4 Keys to Building Cloud Security Programs That Can Actually Shift LeftAs cloud applications are built, tested and updated, they wind their way through an ever-complex series of different tools and teams. Across hundreds or even thousands of technologies that make up the patchwork quilt of development and cloud environments, security processes are a…THEHACKERNEWS.COM
27 JulChina Allegedly Turns to Transnational Criminals to Spread Disinformation in AustraliaAustralian researchers have found evidence that China is using fake social media accounts linked to transnational criminal groups to spread online propaganda and disinformation.THERECORD.MEDIA
27 JulUp to 11 Million People Hit by MOVEit Hack at Government Services Firm MaximusAccording to Maximus, the attackers stole files containing personal information and protected health information, including Social Security numbers, “of at least 8 to 11 million individuals”.SECURITYWEEK.COM
27 JulHow a Cyber Security Platform Addresses the 3 “S”Explore how a security platform can help organizations address the 3 "S" impacting cybersecurity: stealth, sustainability, and shortage.TRENDMICRO.COM
27 JulBlueHat October 2023 Call for Papers is Now Open!As you may have seen on social media, the next BlueHat conference will be October 11 – 12, 2023, on Microsoft’s Redmond campus in Washington state, USA. The Call for Papers (CFP) is now open through August 18, 2023. The BlueHat community is a unique blend of security researchers …MSRC.MICROSOFT.COM