🚨 CISA KEV 1[−]
10 Aug KEVCISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual StudioCISA has added CVE-2023-38180, a zero-day vulnerability affecting .NET and Visual Studio, to its Known Exploited Vulnerabilities Catalog. The post CISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual Studio appeared first on SecurityWeek .SECURITYWEEK.COM
⚠️ VULNERABILITY DISCLOSURE 33[−]
10 AugMalicious Campaigns Exploit Weak Kubernetes Clusters for Crypto MiningIn total, Kubernetes clusters belonging to more than 350 organizations, open-source projects, and individuals were discovered, 60% of which were the target of an active crypto-mining campaign.THEHACKERNEWS.COM
10 AugAWS Pledges $20M to K-12 Cyber Training, Incident ResponseThe company is participating in a larger collaboration between government agencies and private sector partners to help target rich, resource-poor organizations like local schools combat malicious attacks.CYBERSECURITYDIVE.COM
10 AugHigh-Severity Access Control Vulnerability Found in Spring WebFluxAn advisory on the vulnerability published by JFrog shed light on the exact nature of the flaw, its potential victims, and a proof-of-concept (POC) illustrating the scenarios in which this flaw could be triggered for unauthorized access.INFOSECURITY-MAGAZINE.COM
10 AugOpen Source Tool Used to Target Ukrainian Government AgenciesUkrainian government agencies were targeted by hackers in a phishing campaign that utilized the open-source program MerlinAgent. The campaign was conducted by UAC-0154 and involved sending malicious emails to the targets. As attackers adapt their techniques, vigilance becomes par…CYWARE.COM
10 AugNewly Discovered Inception Attack Exposes Data from AMD Zen CPUsA recent disclosure highlights a fresh wave of vulnerabilities, with a major focus on AMD's 'Inception.' This vulnerability enables data leakage through a novel attack approach. Any system with an affected CPU can potentially be the target of the attack. AMD has released mic…CYWARE.COM
10 AugGoogle to fight hackers with weekly Chrome security updatesGoogle has changed the Google Chrome security updates schedule from bi-weekly to weekly to address the growing patch gap problem that allows threat actors extra time to exploit published n-day and zero-day flaws.BLEEPINGCOMPUTER.COM
10 AugNew Zero-Day Vulnerabilities Could Instantly Drain Crypto WalletsMultiple zero-day vulnerabilities have been discovered in some of the most used cryptographic multi-party computation (MPC) protocols, putting consumers’ cryptocurrency funds at risk of theft.INFOSECURITY-MAGAZINE.COM
10 Aug KEVCryptographic Flaw in Libbitcoin Explorer Cryptocurrency WalletCryptographic flaws still matter. Here’s a flaw in the random-number generator used to create private keys. The seed has only 32 bits of entropy. Seems like this flaw is being exploited in the wild.SCHNEIER.COM
10 AugEmerging Attacker Exploit: Microsoft Cross-Tenant SynchronizationAttackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microso…THEHACKERNEWS.COM
10 AugReport: 37% Of Third-Party Applications Have High-Risk PermissionsExamining data since 2013, Abnormal identified a massive increase in third-party apps integrated with email, underscoring the proliferation of an emerging threat vector that cybercriminals are exploiting as they continue to shift their tactics.HELPNETSECURITY.COM
10 AugLaw Enforcement Takes Down Phishing-as-a-Service SiteAuthorities in Multiple Countries Arrest Operators of 16shop An international law enforcement operation took down a phishing-as-a-service website that security researchers say was responsible for more than 150,000 phishing domains. The site, 16shop, sold phishing kits that target…DATABREACHTODAY.CO.UK
10 AugUpdate: The MOVEit Spree is as Bad as — or Worse — Than You Think it isThe mass exploit of a zero-day vulnerability in MOVEit has compromised more than 600 organizations and 40 million individuals to date, but the numbers mask a more disastrous outcome that’s still unfolding.CYBERSECURITYDIVE.COM
10 AugAuthorities Taken Down Bulletproof Hosting Provider LolekThe well-known bulletproof hosting platform, Lolek Hosted, has been shut down by law enforcement officials from the United States and Poland to limit fraudsters’ access to tools that enable anonymous online behavior. These platforms give hackers anonymity and are frequently…GBHACKERS.COM
10 AugUK cybersecurity giant NCC Group is making more layoffsU.K. cybersecurity giant NCC Group has confirmed it’s making more layoffs, just months after it slashed its workforce by 7%. The Manchester, U.K.-based company is undergoing its second round of layoffs in just six months, a person with knowledge of the matter told TechCrunch. NCC…TECHCRUNCH.COM
10 AugWe Want Your Input to Help Secure Open Source SoftwareToday, CISA, the Office of the National Cyber Director (ONCD), and other federal partners are announcing a RFI to receive your input on where the on areas for prioritization to secure open source software.CISA.GOV
10 AugCryptohack Roundup: Zero-Day Bugs in 15 Crypto WalletsAlso: Curve Finance Recovers 73% of Stolen $73 Million In this week's roundup of digital assets-related cybersecurity incidents, Fireblocks found bugs in 15 crypto wallets, Curve Finance recouped most stolen funds, ethereum saw a high flow of illicit funds, the NFT faded more, th…DATABREACHTODAY.CO.UK
10 AugFourty Vulnerabilities Patched in Android With August 2023 Security Updates“Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible,” Google noted in its security bulletin.SECURITYWEEK.COM
10 AugCISA Releases Twelve Industrial Control Systems AdvisoriesCISA released twelve Industrial Control Systems (ICS) advisories on August 10, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-222-01 Siemens Solid Edge, JT2Go and Teamcenter Visualization ICS…CISA.GOV
10 AugNorthern Ireland Police Disclose Another Serious Data BreachPrivacy Watchdog Probing Accidental Leak of Personal Information for Entire Force One day after personal information for all 10,000 police officers and staff in Northern Ireland was accidentally exposed online, putting their safety at risk, the nation's police service said it's p…DATABREACHTODAY.CO.UK
10 AugCount of Organizations Affected by MOVEit Attacks Hits 621Breach Notifications Say Over 40 Million Individuals' Personal Information Exposed At least 621organizations have now confirmed that they were affected by the zero-day attack on MOVEit file-sharing servers that began in late May, collectively affecting 40 million individuals, rep…DATABREACHTODAY.CO.UK
10 AugGafgyt malware exploits five-years-old flaw in EoL Zyxel routerFortinet has issued an alert warning that the Gafgyt botnet malware is actively trying to exploit a vulnerability in the end-of-life Zyxel P660HN-T1A router in thousands of daily attacks. [...]BLEEPINGCOMPUTER.COM
10 AugResearchers Uncover 'Inception' Flaw in AMD CPUsVulnerability Allows Manipulation of CPU to Leak Data Security researchers uncovered a vulnerability in AMD chips that could allow hackers to trick a computer system into leaking data from its kernel. They named the flaw after the 2010 movie "Inception," since both the hacking te…DATABREACHTODAY.CO.UK
10 AugHow An Unpatched Microsoft Exchange 0-Day Likely Caused One Of The UK's Biggest Hacks EverPACKETSTORMSECURITY.COM
10 AugMaking Chrome more secure by bringing Key Pinning to AndroidPosted by David Adrian, Joe DeBlasio and Carlos Joan Rafael Ibarra Lopez, Chrome Security Chrome 106 added support for enforcing key pins on Android by default, bringing Android to parity with Chrome on desktop platforms. But what is key pinning anyway? One of the reasons Chrome …SECURITY.GOOGLEBLOG.COM
10 AugRightbiz - 65,376 breached accountsIn June 2023, data belonging to the "UK's No.1 Business Marketplace" Rightbiz appeared on a popular hacking forum. Comprising of more than 18M rows of data, the breach included 65k unique email addresses along with names, phone numbers and physical address. Rightbiz did…HAVEIBEENPWNED.COM
10 AugCheck Point beefs up SASE offering with $490M Perimeter 81 acquisitionCybersecurity company Check Point Software is acquiring secure access service edge (SASE) and network security vendor Perimeter 81 for $490 million, to beef up its offerings for security beyond the network perimeter at a time when business is increasingly conducted in hybrid and …CSOONLINE.COM
10 AugTakeovers of MFA-protected accounts increase, as Microsoft 365 phishing campaign showsA Microsoft 365 phishing campaign has targeted over 100 companies since March and successfully compromised accounts belonging to senior business executives. The attackers used EvilProxy, a phishing toolkit that uses reverse-proxy tactics to bypass multifactor authentication (MFA)…CSOONLINE.COM
10 AugEmbrace services to improve security operationsIt's no secret that the threat landscape is becoming more complex by the day. At the same time, the attack surface at many organizations continues to grow. The combination means security analysts are bogged down more than ever to effectively triage, respond to, and remediate aler…CSOONLINE.COM
10 AugGoogle Cloud launches Chronicle CyberShield to help government agencies tackle threatsGoogle Cloud has announced the launch of Chronicle CyberShield to help government agencies integrate threat intelligence, detection, and response to tackle cyber threats. The solution enables governments to raise threat and situational awareness, build cybersecurity skills and ca…CSOONLINE.COM
10 AugVulnerability management, its impact and threat modeling methodologiesVulnerability management is a security practice designed to avoid events that could potentially harm an organization. It is a regular ongoing process that identifies, assesses, and manages vulnerabilities across all the components of an IT ecosystem. Cybersecurity is one of the m…SECURITYINTELLIGENCE.COM
10 AugDeloitte Safeguards Software Development LifecyclePalo Alto Networks and Deloitte have a new SSDL offering to reinforce customers' cloud environments with enhanced security measures from code to cloud. The post Deloitte Safeguards Software Development Lifecycle appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
10 AugHacker Archetypes - D&D Classessubmitted by Sparkega to cybersecurity 13 points | 3 comments https://www.gosecure.net/blog/2023/08/09/how-unparalleled-rdp-monitoring-reveal-attackers-tradecraft/ Researchers analyzed 190 million hacking events on a honeynet and categorized the types of hackers into Dungeons and…GOSECURE.NET
📋 SECURITY BULLETINS 2[−]
10 AugAdobe Patches 30 Acrobat, Reader Vulnerabilities on Patch TuesdayAdobe on Tuesday rolled out a big batch of security updates for its flagship Acrobat and Reader software, patching at least 30 vulnerabilities affecting Windows and macOS installations.SECURITYWEEK.COM
10 AugMicrosoft Exchange updates pulled after breaking non-English installsMicrosoft has pulled Microsoft Exchange Server's August security updates from Windows Update after finding they break Exchange on non-English installs. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 8[−]
10 AugWhite House Launches AI Cyber Challenge to Make Software More SecureThe Biden-Harris Administration has launched a major two-year competition using AI to protect the United States’ most important software, such as code that helps run the internet and critical infrastructure.HELPNETSECURITY.COM
10 AugChina-Linked Hackers Strike 17 Nations in Three-Year-Long Cyber CampaignHackers associated with China's Ministry of State Security (MSS) have been linked to attacks in 17 different countries in Asia, Europe, and North America from 2021 to 2023.THEHACKERNEWS.COM
10 AugNIST Releases Draft Overhaul of Its Core Cybersecurity FrameworkThe National Institute of Standards and Technology released a long-anticipated draft version of the Cybersecurity Framework 2.0 Tuesday, the first major update of the agency’s risk guidance since 2014.CYBERSECURITYDIVE.COM
10 AugCISA: New Whirlpool backdoor used in Barracuda ESG hacksThe U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor malware named 'Whirlpool' used in attacks on compromised Barracuda Email Security Gateway (ESG) devices. [...]BLEEPINGCOMPUTER.COM
10 AugChinese RedHotel Spy Group Linked to Hacks in 17 CountriesMotives, Operations Closely Linked to China's Ministry of State Security A Chinese state-sponsored spy group called RedHotel has emerged as a dominant espionage agent against government entities of at least 17 countries worldwide. Researchers said the motives and operations of th…DATABREACHTODAY.CO.UK
10 AugASecuritySite Podcast: World Leaders in Cryptography: Tahir ElGamal - 1 hour 10 minutessubmitted by ashar to security_cpe 1 points | 0 comments https://podcasts.apple.com/se/podcast/asecuritysite-podcast/id1617044319?i=1000620624222 Podcast reference page In research, we build on the shoulders of giants, and Taher Elgamal is one the giants of cybersecurity. His wor…PODCASTS.APPLE.COM
10 AugDataministeriet podcast 76. The Truth Teller with a wonderful laugh. Guest: Heidi Saas - 58 minutessubmitted by ashar to security_cpe 3 points | 0 comments https://open.spotify.com/episode/6pRFDCHhJUhLCz0CcnEtDP?si=68b31b5dbe1140e8 Podcast about GDPR and Privacy. This guest is from the USA.OPEN.SPOTIFY.COM
🔥 INCIDENT REPORTING 10[−]
10 AugTargetCompany Ransomware Deploy Fully Undetectable Malware on SQL ServerThe TargetCompany ransomware (aka Mallox, Fargo, and Tohnichi) is actively targeting the organizations that are using or running vulnerable SQL servers. Apart from this, recently, the TargetCompany ransomware unveiled a new variant of malware along with several malicious tools fo…GBHACKERS.COM
10 AugNew Report Exposes Vice Society's Collaboration with Rhysida RansomwareTactical similarities have been unearthed between the double extortion ransomware group known as Rhysida and Vice Society, including in their targeting of education and healthcare sectors.THEHACKERNEWS.COM
10 AugIsraeli Hospital Redirects New Patients Following Ransomware AttackAn Israeli hospital near the city of Tel Aviv was hacked on Tuesday by a group of unknown cybercriminals, prompting it to stop admitting new patients and redirecting people to nearby hospitals.THERECORD.MEDIA
10 AugUkraine Says It Thwarted Attempt to Breach Military TabletsUkraine’s security service, the SBU, attributed the attack to the infamous hacking group known as Sandworm, working on behalf of GRU, the Russian military intelligence agency. The SBU said it was able to stop the operation during the planning phase.THERECORD.MEDIA
10 AugBreach Connected to MOVEit Flaw Affects Missouri Medicaid RecipientsThe Missouri Department of Social Services (DSS) has issued an alert urging residents to safeguard their personal information following a cyberattack originating from a data security breach at IBM Consulting in May 2023.INFOSECURITY-MAGAZINE.COM
10 AugThe State of Ransomware in Healthcare 2023How ransomware impacts the healthcare industry, including the frequency, root causes of attacks, and data recovery costs.SOPHOS.COM
10 AugThreat Report: Ransomware Down, Targeted Attacks on the RiseFortinet's Derek Manky Analyzes 2023 Threat Landscape Shifts Ransomware incidents are down, but the volume and impact of targeted attacks are on the rise. These are among the findings of the new Global Threat Landscape Report from Fortinet's FortiGuard Labs. Fortinet's Derek Mank…DATABREACHTODAY.CO.UK
10 AugBreach Roundup: SEC Fines 11 Orgs for Record-Keeping FailureAlso, North Korean Hackers Breached Russian Missile Maker This week, Wall Street fined firms for using WhatsApp, NK hackers breached a Russian missile maker, Ivanti backtracked, ransomware attacks cost manufacturers $46B, a cyberattack shut down Gemini North Observatory, ad fraud…DATABREACHTODAY.CO.UK
10 AugProof of Concept: Managing Software Supply Chain WoesAlso: Lessons Learned From the MOVEit Breaches; Tools for Managing SBOMs In the latest "Proof of Concept," Mike Baker, VP/IT CISO at DXC Technology and a CyberEdBoard member, and Chris Hughes, co-founder and CISO at Aquia, join ISMG editors to explore the state of the software su…DATABREACHTODAY.CO.UK
10 AugRhysida ransomware – what you need to knowRhysida is a Windows-based ransomware operation that has come to prominence since May 2023, after being linked to a series of high profile cyber attacks in Western Europe, North and South America, and Australia. Learn more in my article on the Tripwire State of Security blog.TRIPWIRE.COM
🕵️ THREAT INTELLIGENCE 19[−]
10 AugISC Stormcast For Thursday, August 10th, 2023 https://isc.sans.edu/podcastdetail/8610, (Thu, Aug 10th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
10 AugReport: Threat Actors Abuse Valid Accounts Using Manual TacticsThreat actors are spurning the rise of automation and using manual tactics to intrude organizations’ networks and rapidly access sensitive data, according to CrowdStrike’s 2023 Threat Hunting Report released Tuesday.CYBERSECURITYDIVE.COM
10 AugCybercriminals Increasingly Using EvilProxy Phishing Kit to Target ExecutivesThreat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thou…THEHACKERNEWS.COM
10 AugResearchers Tricked Hackers into Reveal Their Secrets Using HoneypotIn the last three years, hackers unknowingly seeking data or malware deployment have found a seemingly vulnerable virtual machine that is hosted in the U.S., which in reality, is a cleverly designed trap. While this cleverly designed, trap has been implanted by cybersecurity rese…GBHACKERS.COM
10 AugEuropean Startup Pistachio Raises €3.25 Million for Cybersecurity Training PlatformNorway-based startup Pistachio has raised €3.25 million ($3.5 million) for its AI-based cybersecurity training platform. The post European Startup Pistachio Raises €3.25 Million for Cybersecurity Training Platform appeared first on SecurityWeek .SECURITYWEEK.COM
10 AugNew Infostealer Malware Steal Logs & Corporate Access DataInfostealer malware is becoming extremely popular among cybercriminals, especially in the malware-as-a-service (MaaS) based sector. These kinds of malware remain undetected as much as possible for stealing information from the user’s device and transfer to the C2 server of the at…GBHACKERS.COM
10 AugPro-Russian Hacker Group Claims Attacks on French, Dutch WebsitesThe latest attacks come a week after the group, NoName057(16), hit Spanish and Italian government and private sector organizations with distributed denial-of-service (DDoS) attacks.THERECORD.MEDIA
10 AugManaging and Securing Distributed Cloud EnvironmentsThe complexity and challenge of distributed cloud environments often necessitate managing multiple infrastructure, technology, and security stacks, multiple policy engines, multiple sets of controls, and multiple asset inventories. The post Managing and Securing Distributed Cloud…SECURITYWEEK.COM
10 AugSymmetry Systems Raises $17.7M for Data Security Posture Management PlatformSymmetry Systems has raised $17.7 million for its AI-powered Data Security Posture Management (DSPM) platform. The post Symmetry Systems Raises $17.7M for Data Security Posture Management Platform appeared first on SecurityWeek .SECURITYWEEK.COM
10 AugBlack Hat: "Five cyber phases of Russia's hybrid war"The Cyberwire reported: "Victor Zhora, deputy chairman and chief digital transformation officer at Ukraine's State Service of Special Communication and Information Protection (SSSCIP) --effectively Kyiv's cybersecurity lead-- said at Black Hat that Russian cyber ops would continu…KNOWBE4.COM
10 AugCheck Point to Buy SSE, ZTNA Startup Perimeter 81 for $490MPerimeter 81 Cuts Valuation By 51%, Becomes Second Cyber Firm to Lose Unicorn Horns Perimeter 81 will be sold to Check Point for $490 million but had to slash its valuation by more than half to seal the deal. Check Point said its proposed buy of New York-based Perimeter 81 will f…DATABREACHTODAY.CO.UK
10 AugMoustachedBouncer hackers use AiTM attacks to spy on diplomatsA cyberespionage group named 'MoustachedBouncer' has been observed using adversary-in-the-middle (AitM) attacks at ISPs to hack foreign embassies in Belarus. [...]BLEEPINGCOMPUTER.COM
10 AugAI's Role in Cybersecurity: Black Hat USA 2023 Reveals How Large Language Models Are Shaping the Future of Phishing Attacks and DefenseAt Black Hat USA 2023, a session led by a team of security researchers, including Fredrik Heiding, Bruce Schneier, Arun Vishwanath, and Jeremy Bernstein, unveiled an intriguing experiment. They tested large language models (LLMs) to see how they performed in both writing convinci…KNOWBE4.COM
10 AugCheck Point to Acquire SASE Security Firm Perimeter 81 for $490 MillionCheck Point will acquire SASE and ZTNA cybersecurity firm Perimeter 81 for $490 million, a big discount to its $1 billion valuation in 2022. The post Check Point to Acquire SASE Security Firm Perimeter 81 for $490 Million appeared first on SecurityWeek .SECURITYWEEK.COM
10 AugAttackers Use EvilProxy to target C-suite ExcecutivesPhishing Kit Primarily Used in Attacks Against Employees of Fortune 500 Companies Threat actors are taking control of cloud-based Microsoft 365 accounts of C-suite executives using a multi-factor authentication phishing tool. Proofpoint researchers say attackers use automation to…DATABREACHTODAY.CO.UK
10 AugThe Pentagon’s 2023 cyber strategy: What you need to knowIn May 2023, the Department of Defense (DoD) released an unclassified fact sheet detailing its latest cyber strategy. This latest update is another indication of the Pentagon’s intent to combat threat actors, coming fast on the heels of the 2022 National Security Strategy a…SECURITYINTELLIGENCE.COM
10 AugBSIDES PGH (PITTSBURGH) 2023 - 18 videossubmitted by ashar to security_cpe 4 points | 0 comments https://youtu.be/1ftFbtU2HhY Schedule BSidesPGH 2023 Track 1 - 10 videos BSidesPGH 2023 Track 2 - 8 videosYOUTU.BE
10 AugESET Research Podcast: Unmasking MoustachedBouncerListen as ESET's Director of Threat Research Jean-Ian Boutin unravels the tactics, techniques and procedures of MoustachedBouncer, an APT group taking aim at foreign embassies in BelarusWELIVESECURITY.COM
10 AugMoustachedBouncer: Espionage against foreign diplomats in BelarusLong-term espionage against diplomats, leveraging email-based C&C protocols, C++ modular backdoors, and adversary-in-the-middle (AitM) attacks… Sounds like the infamous Turla? Think again!WELIVESECURITY.COM
🌐 CYBER THREAT LANDSCAPE 6[−]
10 AugOpenBullet Campaign: Cybercriminals Target Script KiddiesExperienced cybercriminals are taking on script kiddies in a new malware campaign through malicious OpenBullet configuration files. Malicious configurations are shared on platforms like Telegram to deliver a Rust-based dropper and a Python-based RAT named Patent. Adversaries have…CYWARE.COM
10 AugBalada Injector Still at Large – New Domains DiscoveredThe Balada Injector malware continues to evade security software by using new domain names and obfuscation techniques, posing a persistent threat to vulnerable WordPress websites.SECURITYAFFAIRS.COM
10 AugPrivate network adoption grows as enterprises seek greater control and securityA market survey of prospective enterprises by Spirent reveals that security and network resiliency are key drivers motivating enterprises to consider private networking, fuelling a market forecast to reach $7.7 billion by 2027.HELPNETSECURITY.COM
10 AugNew Statc Stealer Malware Emerges: Your Sensitive Data at RiskA new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information. "Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat," Zscaler ThreatLa…THEHACKERNEWS.COM
10 AugSafeguarding Against Silent Cyber Threats: Exploring the Stealer Log LifecycleInfostealer malware has risen to prominence as one of the most significant vectors of cybercrime over the past three years. Learn from Flare about information stealer logs and their role in the cybercrime ecosystem. [...]BLEEPINGCOMPUTER.COM
10 AugNew Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware AttacksMalicious actors are using a legitimate Rust-based injector called Freeze[.]rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-tr…THEHACKERNEWS.COM
🎙️ PODCASTS 2[−]
10 AugSmashing Security podcast #334: Acoustic attacks, and the tears of a crypto rapperRazzlekhan, the self-proclaimed Crocodile of Wall Street, pleads guilty to the biggest crypto laundering scheme in history, and just how safe are you typing while on a Zoom call? Meanwhile, Graham rants about public EV chargers. All this and more is discussed in the latest editio…GRAHAMCLULEY.COM
10 AugS3 Ep147: What if you type in your password during a meeting?Latest episode - listen now! (Full transcript inside.)NAKEDSECURITY.SOPHOS.COM
📡 INFOSEC NEWS 21[−]
10 AugInterpol Busts Phishing-as-a-Service Platform '16Shop,' Leading to 3 ArrestsInterpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan. 16Shop specialized in the sales of phishing kits that other cybercriminals can purchase to mount phishing attacks…THEHACKERNEWS.COM
10 AugAttacker combines phone, email lures into believable, complex attack chainA social engineering phone call lends authenticity to the attacker's malicious emailSOPHOS.COM
10 AugData of All Serving Police Officers Police Service of Northern Ireland Mistakenly Published OnlineThe Police Service of Northern Ireland (PSNI) has mistakenly shared sensitive data of all 10,000 serving police officers in response to a Freedom of Information (FOI) request. The request aimed at determining the number of PSNI officers.SECURITYAFFAIRS.COM
10 AugEncryption Flaws in Popular Chinese Language App Put Users' Typed Data at RiskA widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users. The findings from the University of Toronto's Citizen Lab, which carried out an analys…THEHACKERNEWS.COM
10 AugC-Level Executives at Over 100 Firms Targeted in Massive Cloud Account Takeover Scheme Using EvilProxyMost of the attacks targeted high-ranking executives. The researchers estimated that the campaign targeted over 100 organizations globally, collectively representing 1.5 million employees.SECURITYAFFAIRS.COM
10 AugSome things never change ? such as SQL Authentication ?encryption?, (Thu, Aug 10th)Fat client applications running on (usually) Windows are still extremely common in enterprises. When I look at internal penetration tests or red team engagements for any larger enterprise, it is almost 100% guaranteed that one will stumble upon such an application.
ISC.SANS.EDU
10 AugDell Compellent hardcoded key exposes VMware vCenter admin credsAn unfixed hardcoded encryption key flaw in Dell's Compellent Integration Tools for VMware (CITV) allows attackers to decrypt stored vCenter admin credentials and retrieve the cleartext password. [...]BLEEPINGCOMPUTER.COM
10 AugCheck Point buys Perimeter 81 for $490M to enhance its security tools for hybrid and remote workersThere is yet more M&A coming out of the security industry. In the latest development, Check Point, the enterprise cybersecurity company, has picked up Perimeter 81 to beef up its tools for remote and hybrid workers. Check Point will pay around $490 million for thon a “c…TECHCRUNCH.COM
10 AugOsano, a data privacy management platform, nabs $25MOsano, an Austin, Texas-based startup developing a platform to help companies manage their data privacy, today announced that it raised $25 million in a Series B funding round led by Baird Capital with Jump Capital, LiveOak, NextCoast and TDF. In an interview with TechCrunch, CEO…TECHCRUNCH.COM
10 AugBelarus hackers target foreign diplomats with help of local ISPs, researchers sayHackers with apparent links to the Belarusian government have been targeting foreign diplomats in the country for nearly 10 years, according to security researchers. On Thursday, antivirus firm ESET published a report that details the activities of a newly discovered government h…TECHCRUNCH.COM
10 AugIRS Confirms Takedown of Bulletproof Hosting Provider LolekA popular bulletproof hosting platform was taken down by authorities in the U.S. and Poland this week, marking the latest effort to limit the anonymous access cybercriminals have to critical tools.THERECORD.MEDIA
10 AugIdentity management platform Veza secures $15M from Capital One and ServiceNowVeza, a platform that helps to secure identity access across apps, data systems and cloud infrastructure, today announced that it raised $15 million in a funding round led by Capital One Ventures and ServiceNow — valuing the company at $415 million. Bringing Veza’s to…TECHCRUNCH.COM
10 AugEncryption Flaws in Popular Chinese Language App Put Users' Typed Data at RiskThe findings come from the University of Toronto's Citizen Lab, which carried out an analysis of the encryption mechanism used in Tencent's Sogou Input Method, an app that has over 455 million monthly active users across Windows, Android, and iOS.THEHACKERNEWS.COM
10 AugSweet Security Raises $12M Seed Round for its Cloud Security SuiteThe $12 million seed round was led by Glilot Capital Partners, with participation from CyberArk Ventures and a number of angel investors including Gerhard Eschelbeck, a former CISO at Google, and Travis McPeak, who led product security at Databricks.TECHCRUNCH.COM
10 AugProtecting your information and data when using applications- ITSAP.40.200Applications (apps) are software programs that provide the functionality to enable you to be connected, productive, creative, and entertained. You can choose from millions of apps and install them on most of the devices you and your organization rely on like cell phones, computer…CYBER.GC.CA
10 AugSecondary Market Medical Device Security RisksLegacy infusion pumps commonly available for purchase on the secondary market often contain wireless authentication and other sensitive data that the original medical organization owners failed to purge, warned researcher Deral Heiland, citing a recent study conducted by security…DATABREACHTODAY.CO.UK
10 Aug10,000 N Ireland police officers and staff have their details exposed after spreadsheet screw-upEarlier this week, the details of all 10,000 staff at the Police Service of Northern Ireland (PSNI) were exposed after a spreadsheet containing the data was mistakenly published online.GRAHAMCLULEY.COM
10 AugAzure Serial Console Attack and Defense - Part 1Ever had a virtual machine crash? Azure Serial console is a great way to directly connect to your Virtual machine and debug what went wrong. Azure Serial Console is a feature that’s available for free for everyone. While the primary intent of this feature is to assist users…MSRC.MICROSOFT.COM
10 AugTunnelCrack vulnerabilities in VPN clients | Kaspersky official blogThe majority of VPN clients are vulnerable to TunnelCrack. How to keep them operating securely?KASPERSKY.COM