20Articles
6Categories
2023-08-05Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
5 AugResearchers Uncover New High-Severity Vulnerability in PaperCut SoftwareCybersecurity researchers have discovered a new high-severity security flaw in PaperCut print management software for Windows that could result in remote code execution under specific circumstances. Tracked as CVE-2023-39143 (CVSS score: 8.4), the flaw impacts PaperCut NG/MF prio…THEHACKERNEWS.COM
5 AugCISA, Five Eyes cyber advisory lists common vulnerabilities among 2022’s top exploitsThis guidance is the latest released by the Five Eyes organization, which consists of government cybersecurity organizations from the U.S., New Zealand, the U.K., Australia and Canada.NEXTGOV.COM
⚠️ VULNERABILITY DISCLOSURE 4[−]
5 AugMDR: Empowering Organizations with Enhanced SecurityManaged Detection and Response (MDR) has emerged as a crucial solution for organizations looking to bolster their security measures. MDR allows businesses to outsource the management of Endpoint Detection and Response (EDR) products deployed across their network domain. With real…THEHACKERNEWS.COM
5 AugReptile Rootkit: Advanced Linux Malware Targeting South Korean SystemsThreat actors are using an open-source rootkit called Reptile to target Linux systems in South Korea. "Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse shell, allowing threat actors to easily take…THEHACKERNEWS.COM
5 AugMicrosoft Addresses Critical Power Platform Flaw After Delays and CriticismMicrosoft on Friday disclosed that it has addressed a critical security flaw impacting Power Platform, but not before it came under criticism for its failure to swiftly act on it. "The vulnerability could lead to unauthorized access to Custom Code functions used for Power Platfor…THEHACKERNEWS.COM
5 AugMicrosoft fixes flaw after being called irresponsible by Tenable CEOTenable also shared proof of concept exploit code and information on the steps required to find vulnerable connector hostnames and how to craft the POST requests to interact with the unsecured API endpoints.BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 2[−]
5 AugCISA Cybersecurity Strategic Plan: An Important Step To Secure Critical InfrastructureAs a founding member of the Network Resilience Coalition, Cisco appreciates CISA’s shared commitment to driving focused attention and investment in efforts to secure and maintain existing critical networked technologies.BLOGS.CISCO.COM
5 AugUS Government Lagging on Border Gateway Protocol SecurityHeads of FCC, CISA Call for BGP Overhaul, Industry Collaboration The U.S. federal government acknowledged that it is lagging behind on border gateway protocol security practices. Officials from several government agencies, ISPs and cloud content providers organized a workshop to …DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 4[−]
5 AugCyberattack disrupts hospital computer systems across US, hindering servicesThe hack caused chaos in medical facilities in several states. In Connecticut, the emergency departments at Manchester Memorial and Rockville General hospital were closed for much of the day and patients were diverted to other nearby medical centers.THEGUARDIAN.COM
5 AugColorado Department of Higher Education warns of massive data breachThe Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in June. [...]BLEEPINGCOMPUTER.COM
5 AugClop ransomware now uses torrents to leak data and evade takedownsThe Clop ransomware gang has once again altered extortion tactics and is now using torrents to leak data stolen in MOVEit attacks. [...]BLEEPINGCOMPUTER.COM
5 AugSpyware maker LetMeSpy shuts down after hacker deletes server dataPoland-based spyware LetMeSpy is no longer operational and said it will shut down after a June data breach wiped out its servers, including its huge trove of data stolen from thousands of victims’ phones. In a notice on its website in both English and Polish, LetMeSpy confi…TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 3[−]
5 AugGoogle explains how Android malware slips onto Google Play StoreTo evade detection by Play Store systems, the threat actors responsible for SharkBot have adopted the now common strategy of releasing versions with limited functionality on Google Play, concealing their apps' suspicious nature.BLEEPINGCOMPUTER.COM
5 AugHackers Deliver Updated STRRAT Malware Using Weaponized PDF FilesA versatile Java-based RAT that is capable of keylogging and credential theft from browsers and email clients emerged in 2020 that is dubbed “STRRAT.” The most recent updated version of STRRAT evolved dramatically, and since its discovery, it has been observed that it…GBHACKERS.COM
5 AugWeekly Update 359Presently sponsored by: EPAS by Detack. No EPAS protected password has ever been cracked and won't be found in any leaks. Give it a try, millions of users use it. Somewhere in the next few hours from publishing this post, I'll finally push the HIBP domain search changes live…TROYHUNT.COM
📡 INFOSEC NEWS 5[−]
5 AugMalicious packages in the NPM designed for highly-targeted attacksThe files and directories targeted by the malicious code could potentially contain developers' sensitive data. Researchers speculate the packages are part of a highly-targeted attack on developers working in the cryptocurrency sector.SECURITYAFFAIRS.COM
5 AugFBI warns of scammers posing as NFT devs to steal your cryptoPotential victims who click on the provided links are redirected to phishing websites masquerading as legitimate extensions of specific NFT projects. Scammers go to great lengths to replicate the appearance and user experience of real NFT platforms.BLEEPINGCOMPUTER.COM
5 AugGovernment watchdog finds U.S. embassies running software vulnerable to attacksThe assessment, which GAO began at the end of last year, also found that many State Department posts lack not only a chief information security officer, but any cybersecurity personnel whatsoever.POLITICO.COM
5 AugMillions of people's healthcare files accessed by Clop gangThe new additions to the victims' list bring the headcount to 514 organizations and more than 36 million individuals, according to Emsisoft threat researchers. It may take months if not years for the full impact and costs to become clear.THEREGISTER.CO.UK
5 AugNew acoustic attack steals data from keystrokes with 95% accuracyA team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%. [...]BLEEPINGCOMPUTER.COM