96Articles
9Categories
2023-08-16Date
🚨 CISA KEV 1[−]
16 Aug KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-24489 Citrix Content Collaboration ShareFile Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors f…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 9[−]
16 AugNearly 2,000 Citrix NetScaler Instances Hacked via Critical VulnerabilityNearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. "An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing web shells on …THEHACKERNEWS.COM
16 Aug2,000 Citrix NetScaler Instances Backdoored via Recent VulnerabilityTracked as CVE-2023-3519, the critical vulnerability was disclosed last month as a zero-day, being exploited since June 2023, including in attacks against critical infrastructure organizations.SECURITYWEEK.COM
16 AugIvanti Avalanche Impacted by Critical Pre-Auth Stack Buffer OverflowsTwo stack-based buffer overflows collectively tracked as CVE-2023-32560 impact Ivanti Avalanche, an enterprise mobility management (EMM) solution designed to manage, monitor, and secure a wide range of mobile devices.BLEEPINGCOMPUTER.COM
16 AugCritical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 OrganizationsMultiple critical security flaws have been reported in Ivanti Avalanche, an enterprise mobile device management solution that’s used by 30,000 organizations. The vulnerabilities, collectively tracked as CVE-2023-32560 (CVSS score: 9.8), are stack-based buffer overflows in Ivanti …THEHACKERNEWS.COM
16 AugAI-Powered Fuzzing: Breaking the Bug Hunting BarrierDongge Liu, Jonathan Metzman, Oliver Chang, Google Open Source Security Team  Since 2016, OSS-Fuzz has been at the forefront of automated vulnerability discovery for open source projects. Vulnerability discovery is an important part of keeping software supply chains secure, …SECURITY.GOOGLEBLOG.COM
16 Aug(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromiseAdministrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A recent internet scan by Fox-IT researchers has revealed over 1,800 backdoored NetScaler devices, 69% of which…HELPNETSECURITY.COM
16 AugIvanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560)Two stack-based buffer overflow bugs (collectively designated as CVE-2023-32560) have been discovered in Ivanti Avalanche, an enterprise mobility management solution. A buffer overflow arises when the data in a buffer surpasses its storage capacity. This surplus data spills into …HELPNETSECURITY.COM
16 Aug KEVCISA warns of critical Citrix ShareFile flaw exploited in attacksCISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild. [...]BLEEPINGCOMPUTER.COM
16 Aug KEVCISA warns of critical Citrix ShareFile flaw exploited in the wildCISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 16[−]
16 AugClorox Cleans up Security Breach That Disrupted OperationsThe intrusion continues to disrupt "parts of the company's business operations," and it is "working diligently to respond to and address this issue, and is also coordinating with law enforcement," according to the Form 8-K submission.THEREGISTER.COM
16 AugGoogle Introduces First Quantum Resilient FIDO2 Security KeyGoogle on Tuesday announced the first quantum resilient FIDO2 security key implementation as part of its OpenSK security keys initiative. "This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC …THEHACKERNEWS.COM
16 AugChamber of Commerce Urges SEC to Delay Cyber Rule ImplementationThe U.S. Chamber of Commerce urged the Securities and Exchange Commission to delay by a year the effective date of new cybersecurity rules, saying the regulatory move could otherwise have “severe consequences” for companies.CYBERSECURITYDIVE.COM
16 AugIvanti Patches Critical Vulnerability in Avalanche Enterprise MDM SolutionIvanti has patched critical- and high-severity vulnerabilities with the latest release of Avalanche, its enterprise mobile device management solution. The post Ivanti Patches Critical Vulnerability in Avalanche Enterprise MDM Solution appeared first on SecurityWeek .SECURITYWEEK.COM
16 AugMonti Ransomware’s Linux Variant Attacks the Financial & Healthcare IndustriesThe Monti ransomware was found in June 2022 that attracted notice due to its close resemblance to the Conti ransomware, both in name and tactics, drawing attention from cybersecurity experts and organizations. Monti ransomware group has been observed to employ tactics similar to …GBHACKERS.COM
16 AugGoogle released first quantum-resilient FIDO2 key implementationGoogle has announced the first open-source quantum resilient FIDO2 security key implementation, which uses a unique ECC/Dilithium hybrid signature schema co-created with ETH Zurich. [...]BLEEPINGCOMPUTER.COM
16 AugCISA Releases JCDC Remote Monitoring and Management (RMM) Cyber Defense PlanToday, CISA released the Remote Monitoring and Management (RMM) Cyber Defense Plan , the first proactive Plan developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC). This plan addresses systemic risks facing the exploitation of RMM soft…CISA.GOV
16 AugLinkedIn users targeted in account hijacking campaignLinkedIn users are being targeted in an ongoing account hijacking campaign, are getting locked out of their accounts; the hacked accounts are held for ransom. Users discussing their compromised LinkedIn accounts. (Source: Cyberint) The LinkedIn account hijacking campaign The Cybe…HELPNETSECURITY.COM
16 AugSentinelOne Singularity App for Netskope secures remote work from endpoint to cloudEmployees today want the freedom to work where and how they perform best. SentinelOne and Netskope are joining forces to help customers deliver it in a secure way. The technology partners today announced the launch of the SentinelOne Singularity App for Netskope, a joint solution…HELPNETSECURITY.COM
16 AugSemperis aims to ensure security in Active Directory migrations, consolidationCompanies often have extended, complex Active Directory infrastructures that have been expanded over time to encompass different domains, potentially creating security issues when they move to a new AD environment. A new AD migration and consolidation offering from identity-based…CSOONLINE.COM
16 AugReport: PowerShell Gallery susceptible to typosquatting and other package-management attacksResearchers are warning in a new report that PowerShell Gallery (PSGallery), the central repository for PowerShell modules and scripts, lacks package name and ownership protections that other popular registries such as npm put in place to prevent typosquatting attacks. Furthermor…CSOONLINE.COM
16 AugIncident response lessons learned from the Russian attack on ViasatOn February 24, 2022, on the eve of Russia’s invasion of Ukraine, KA-band satellite provider Viasat became the first prominent victim of Russian cyber aggression when a wiper attack turned off tens of thousands of Viasat’s government and commercial broadband customers' modems. At…CSOONLINE.COM
16 Aug3 strategies that can help stop ransomware before it becomes a crisisOver the past decade, the average value of ransoms demanded by hackers has gone from hundreds of dollars to hundreds of thousands -- even into the millions in some cases. With increasingly stringent regulatory requirements and CISOs being sued for not reporting a breach , the sta…CSOONLINE.COM
16 AugPatched Citrix NetScaler Devices Still Contain BackdoorsOnline Scans Show More Than 1,200 Patched NetScaler Devices Are Backdoored Hackers moved faster than system administrators to exploit a zero-day vulnerability in Citrix NetScaler appliances by dropping web shells that remain active even after a patch, warn Dutch security research…DATABREACHTODAY.CO.UK
16 AugFederal Judge Inclined To Grant Claims in Meta Pixel CaseTentative Order Issued in Consolidated Case Against Meta in Privacy Dispute A federal judge issued a tentative order allowing plaintiffs to continue suing social media giant Meta for allegedly intercepting sensitive health data through its web tracking Pixel tool embedded into pa…DATABREACHTODAY.CO.UK
📋 SECURITY BULLETINS 1[−]
16 AugChrome 116 Patches 26 VulnerabilitiesGoogle has released Chrome 116 with patches for 26 vulnerabilities and plans to ship weekly security updates for the popular web browser. The post Chrome 116 Patches 26 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 6[−]
16 AugCISA Publishes JCDC Remote Monitoring and Management Systems Cyber Defense PlanJCDC plan provides a roadmap to address systemic risks by advancing security and resilience of the RMM ecosystem.CISA.GOV
16 AugISF Podcast - Seán Doyle - Cyber and the World Economy - 30 minutessubmitted by ashar to security_cpe 2 points | 0 comments https://www.securityforum.org/spotlight-on/summer-listening-sean-doyle-cyber-and-the-world-economy/ Kicking off the ISF Podcast Summer Listening program, Steve Durbin is joined by Seán Doyle, Lead for the Centre of Cybersec…SECURITYFORUM.ORG
🔥 INCIDENT REPORTING 24[−]
16 AugLaw Firm Facing Lawsuit in Aftermath of Its Own Big BreachThe lawsuit complaint stems from a March hacking incident at San Francisco-based Orrick, Herrington & Sutcliffe that compromised the information of nearly 153,000 individuals, including victims of a client's data breach three years ago.BANKINFOSECURITY.COM
16 AugTIAA Hit With Class-Action Lawsuit Over MOVEit Data BreachThe breach affected some 2.3 million TIAA clients, according to a lawsuit filed last week in U.S. District Court in New York. The suit alleges TIAA did not use “reasonable security procedures and practices” to protect clients’ sensitive information.CYBERSECURITYDIVE.COM
16 AugLinkedIn Accounts Hacked in Widespread Hijacking CampaignAs reported today by Cyberint, many LinkedIn users have been complaining about account takeovers or lockouts and an inability to resolve the problems through LinkedIn support.BLEEPINGCOMPUTER.COM
16 AugKnight Ransomware Used in a Spam Campaign Impersonating TripAdvisorKnight ransomware, a recycled version of Cyclops ransomware, is being used in an ongoing spam campaign impersonating TripAdvisor.CYWARE.COM
16 AugA Gentle Reminder: The Evolving Nature of Digital Scams, (Wed, Aug 16th)Considering the global turbulence from destabilizing events such as physical conflicts, freak weather and pandemics, financial wealth has never been more critical for a nation and its citizens so that daily life can continue. Money is needed for daily necessities such as food, me…ISC.SANS.EDU
16 AugNorfolk and Suffolk police admit to data breach impacting 1,230 peopleSensitive information was mistakenly published online following Freedom of Information requestsCSHUB.COM
16 AugPrince George's County Public Schools Responds Suffers Network Outage Owing to CyberattackDistrict leaders initially said they were working to address a “broad network outage” that knocked out email and other services. On Monday night, the district released a statement saying 4,500 of the system’s 180,000 accounts were “impacted.”THERECORD.MEDIA
16 AugUK Electoral Commission HackedThe UK Electoral Commission discovered last year that it was hacked the year before. That’s fourteen months between the hack and the discovery. It doesn’t know who was behind the hack. We worked with external security experts and the National Cyber Security Centre to …SCHNEIER.COM
16 AugWhat's the State of Credential theft in 2023?At a little overt halfway through 2023, credential theft is still a major thorn in the side of IT teams. The heart of the problem is the value of data to cybercriminals and the evolution of the techniques they use to get hold of it. The 2023 Verizon Data Breach Investigations Rep…THEHACKERNEWS.COM
16 AugRansomware Attack on Rapattoni Disrupts US Real Estate Property ListingsReal estate agents' ability to list or update property information has been compromised by an attack on California-based data services company Rapattoni, which hosts multiple listing services.BANKINFOSECURITY.COM
16 AugCleaning Products Giant Clorox Takes Systems Offline Following CyberattackCleaning products manufacturer and marketer Clorox Company has taken certain systems offline after falling victim to a cyberattack. The post Cleaning Products Giant Clorox Takes Systems Offline Following Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
16 AugHow Generative AI Will Improve Incident ResponseIn this episode of CyberEd.io's podcast series "Cybersecurity Insights," Alex Waintraub, DFIR expert evangelist at CYGNVS, discusses how generative AI will play a role in the future of incident response - and in all aspects of cybersecurity - and emphasizes its dangers as well as…DATABREACHTODAY.CO.UK
16 AugRansomware's Paradox: Why Falling Monetization Rates Are Accompanied by Soaring Ransom Payments - A Must-Read Analysis.Grab a cup of coffee, and let's talk about something that's been making waves in the cybersecurity world: ransomware. You've probably heard about the alarming rise in ransom payments, but did you know that ransom monetization rates have actually fallen to a record low? It's a com…KNOWBE4.COM
16 AugMore UK Police Suffer Freedom of Information Data BreachConstabularies of Norfolk and Suffolk Alert Follows FOIA Breach in Northern Ireland England's Norfolk and Suffolk constabularies report that they accidentally exposed information on victims and witnesses in response to freedom of information requests just one week after police in…DATABREACHTODAY.CO.UK
16 AugBeware of New Hacking Attack Targeting LinkedIn Accounts WorldwideAn ongoing campaign has resulted in the compromise of multiple LinkedIn accounts. However, the motive behind this campaign remains unclear at this time. Numerous users have reported instances of their LinkedIn accounts being temporarily locked, hacked, or permanently deleted. In …GBHACKERS.COM
16 AugHacked electronic sign declares “Putin is a dickhead” as Russian ruble slumpsSomeone clearly isn't very impressed with Vladimir Putin, as the Russian economy continues to tank in the wake of sanctions.GRAHAMCLULEY.COM
16 AugLockBit’s dirty little secret: ransomware gang is failing to publish victims’ dataThe LockBit ransomware gang may be having more than a few headaches right now. According to a researcher who spent a year undercover gathering intelligence on the LockBit group, the ransomware gang is trying to cover up "the fact it often cannot consistently publish stolen data."GRAHAMCLULEY.COM
16 AugCybercriminals May Already Have Hacked Your LinkedIn AccountNew reports show many LinkedIn users have reported complaints about accounts being taken over by bad actors.KNOWBE4.COM
16 AugRansomware Attacks Surge as Generative AI Becomes a Commodity Tool in the Threat Actor’s ArsenalAccording to a new report, cybercriminals are making full use of AI to create more convincing phishing emails, generating malware, and more to increase the chances of ransomware attack success.KNOWBE4.COM
16 AugSEC cybersecurity rules shape the future of incident managementThe SEC adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted rules requiring fo…HELPNETSECURITY.COM
16 AugCost of a data breach 2023: Healthcare industry impactsData breaches are becoming more costly across all industries, with healthcare in the lead. The 2023 Cost of a Data Breach Report analyzes data collected from March 2022 to March 2023. Healthcare remains a top target for online criminal groups. These data breach costs are the high…SECURITYINTELLIGENCE.COM
16 AugGerman Police Warn of Increased Foreign Cybercrime ThreatBKA Says Cybercrime From Overseas Actors Surged by 8% in 2022 Ransomware and other cyberthreats stemming from overseas actors surged last year in Germany, causing losses worth billions of euros, the country's federal police said. While domestic cybercrime decreased by 6.5% in com…DATABREACHTODAY.CO.UK
16 AugDEFCON Talk: Using ML Models for Red Teaming and Bug Bountysubmitted by L4s to secops 1 points | 0 comments https://5stars217.github.io/2023-08-08-red-teaming-with-ml-models/ DEFCON Talk: Using ML Models for Red Teaming and Bug Bounty::How I hacked a bunch of companies via machine learning attacks.5STARS217.GITHUB.IO
🕵️ THREAT INTELLIGENCE 20[−]
16 AugISC Stormcast For Wednesday, August 16th, 2023 https://isc.sans.edu/podcastdetail/8618, (Wed, Aug 16th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
16 AugCybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts WarnThe phishing campaigns identified by Netskope not only abuse Cloudflare R2 to distribute static phishing pages, but also leverage its Turnstile offering, a CAPTCHA replacement, to place such pages behind anti-bot barriers to evade detection.THEHACKERNEWS.COM
16 AugGigabud RAT Attacking Android Users to Steal Banking CredentialsRecent reports indicate that GigaBud malware has been targeting more than 99 financial institutions in Thailand, Indonesia, Vietnam, the Philippines, and Peru. GigaBud is an undocumented Android Remote Access Trojan (RAT) and has been active since July 2022. Investigating the sam…GBHACKERS.COM
16 AugGitHub Paid Out $1.5 Million in Bug Bounties in 2022GitHub says it paid out more than $1.5 million in bug bounties for 364 vulnerabilities in 2022, reaching a total of nearly $4 million since 2016. The post GitHub Paid Out $1.5 Million in Bug Bounties in 2022 appeared first on SecurityWeek .SECURITYWEEK.COM
16 AugExperts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain AttacksActive flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry's users. "These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true …THEHACKERNEWS.COM
16 AugHow AI Can Help Mitigate BEC ScamsAI Is a Powerful Ally, Equipping Firms With Enhanced Detection and Training Apart from some of the threats surrounding AI, this emerging technology can help defenders formulate effective policies and controls to prevent and mitigate BEC scams. With the evolving threat landscape, …DATABREACHTODAY.CO.UK
16 AugGoogle Releases Security Key Implementation Resilient to Quantum AttacksGoogle has released the first quantum-resilient FIDO2 security key implementation as part of its OpenSK project. The post Google Releases Security Key Implementation Resilient to Quantum Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
16 AugNot Another Voter Registration Scam (But It Looks Like One)The UK government’s voter registration website is causing confusion again, according to Ax Sharma at BleepingComputer . The site, hosted at a “.com” address, often makes users wonder if they’re being scammed.KNOWBE4.COM
16 AugOnline Scams Targeting Individuals Double in a Single Quarter as Global Risk RisesNew analysis of the second quarter of this year makes it clear that individuals and organizations alike are at an increasing risk of web- and email-based scams.KNOWBE4.COM
16 AugSocial Media Platforms Become Half of all Phishing Attack TargetsSocial platforms are the current favorite target of cybercriminals, displacing financial institutions, providing cybercriminals with credentials to be used as launch points for further phishing campaigns.KNOWBE4.COM
16 AugBeyond Identity unveils The Passkey Journey to aid enterprise passkey deployment decisionsBeyond Identity has launched The Passkey Journey – a free, GDPR-compliant tool built to help development and user experience (UX) teams understand, plan, and optimize different end user authentication experiences. The tool solves key challenges around passkey adoption and offers …HELPNETSECURITY.COM
16 AugStellar Cyber and OCI partner to offer expanded cybersecurity capabilitiesStellar Cyber has unveiled that the Stellar Cyber Open XDR platform is available on Oracle Cloud Infrastructure (OCI) to help users manage their security operations. Joint customers of Oracle and Stellar Cyber can expect to reduce cyber risk and improve security analyst efficienc…HELPNETSECURITY.COM
16 AugBitdefender enhances security for iOS devices with Scam AlertBitdefender has launched an advanced security feature for iOS users, Scam Alert. The new technology protects users from phishing scams delivered through SMS/MMS messages and calendar invites. Layered on top of existing protection in Bitdefender Mobile Security for iOS, Scam Alert…HELPNETSECURITY.COM
16 AugWhy the “voluntary AI commitments” extracted by the White House are nowhere near enoughRepresentatives from Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI recently convened at the White House for a meeting with President Biden with the stated mission of “ensuring the responsible development and distribution of artificial intelligence (AI) techno…HELPNETSECURITY.COM
16 Aug KEVHow CISOs break down complex security challengesThe role of the CISO has evolved into a critical position that encompasses many responsibilities aimed at safeguarding digital assets, preserving data integrity, and mitigating cyber threats. In essence, the role of the CISO is a complex and ever-evolving one that demands a balan…HELPNETSECURITY.COM
16 AugZero Trust Edge — Forrester Names Palo Alto Networks a LeaderPalo Alto Networks was named a Leader in The Forrester Wave™: Zero Trust Edge Solutions, Q3 2023. The post Zero Trust Edge — Forrester Names Palo Alto Networks a Leader appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
16 AugAdvocate Aurora to Settle Web Tracker Claims for $12.25MAttorneys to Get $4.3M and Class Reps to Get $3,500 Each Under Proposed Settlement Advocate Aurora Health has agreed to pay $12.25 million to settle consolidated class action claims that the Illinois-based hospital chain invaded patient privacy by using tracking codes on its webs…DATABREACHTODAY.CO.UK
16 AugRiskLens, Axio Lead Cyber Risk Quantification Forrester WaveThreatConnect Earns High Marks as CRQ Helps CISOs Prove Return on Cyber Investment Recently acquired RiskLens edged out startup Axio and incumbent ThreatConnect for the top spot in Forrester's first-ever cyber risk quantification rankings. Cyber risk quantification focused on the…DATABREACHTODAY.CO.UK
16 AugWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 8 points | 5 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
16 AugHow Browser Sync Can Unknowingly Risk Your Businesssubmitted by L4s to secops 6 points | 0 comments https://socradar.io/how-browser-sync-can-unknowingly-risk-your-business/ How Browser Sync Can Unknowingly Risk Your Business::Upon initiating browser sync, users trigger a process that shares vital data across devices. By default, …SOCRADAR.IO
🌐 CYBER THREAT LANDSCAPE 3[−]
16 AugRaccoon Stealer Malware Returns With New Stealthier VersionThe developers of Raccoon Stealer information-stealing malware have ended their 6-month hiatus from hacker forums to promote a new 2.3.0 version of the malware to cybercriminals.BLEEPINGCOMPUTER.COM
16 AugExperts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain AttacksThe flaws have to do with the service's lax policy surrounding package names, lacking protections against typosquatting attacks, as a result enabling attackers to upload malicious PowerShell modules that appear genuine to unsuspecting users.THEHACKERNEWS.COM
16 AugMassive 400,000 proxy botnet built with stealthy malware infectionsA new campaign involving the delivery of proxy server apps to Windows systems has been uncovered, where users are reportedly involuntarily acting as residential exit nodes controlled by a private company. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 16[−]
16 AugGuide: How Google Workspace-based Organizations can leverage Chrome to improve SecurityMore and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture …THEHACKERNEWS.COM
16 AugAutomotive data privacy under scrutiny in CaliforniaCalifornia regulators are examining how automakers and others handle data collected from internet-connected vehicles, the California Privacy Protection Agency said late last month.CYBERSECURITYDIVE.COM
16 AugMajor U.S. energy org targeted in QR code phishing attackA phishing campaign was observed predominantly targeting a notable energy company in the US, employing QR codes to slip malicious emails into inboxes and bypass security. [...]BLEEPINGCOMPUTER.COM
16 AugJust announced: AI and security standards keynotes at mWISEGet ready for the mWISE cybersecurity conference from Mandiant, taking place September 18-20, 2023 in Washington, DC. mWISE just announced new keynote panels focused on Artificial Intelligence (AI) and advanced adversaries. [...]BLEEPINGCOMPUTER.COM
16 AugThis $70 device can spoof an Apple device and trick you into sharing your passwordAttendees at Def Con, one of the world’s largest hacking conferences, are used to weird shenanigans, such as a seemingly innocuous wall of computer screens that display people’s passwords sniffed over the conference Wi-Fi network. But at this year’s event, even conference veteran…TECHCRUNCH.COM
16 AugChrome 116 Patches 26 VulnerabilitiesGoogle on Tuesday announced the release of Chrome 116 to the stable channel with patches for 26 vulnerabilities, including 21 reported by external researchers. Of the externally reported bugs, eight have a severity rating of ‘high.’SECURITYWEEK.COM
16 AugMajor U.S. Energy Organization Targeted in QR Code Phishing AttackAccording to Cofense, who spotted this campaign, this is the first time that QR codes have been used at this scale, indicating that more phishing actors may be testing their effectiveness as an attack vector.BLEEPINGCOMPUTER.COM
16 AugUseful gadgets for information security | Kaspersky official blogSome tools to increase the physical security of your company’s information infrastructure.KASPERSKY.COM
16 AugFBI warns about scams that lure you in as a mobile beta-testerApps on your iPhone must come from the App Store. Except when they don't... we explain what to look out for.NAKEDSECURITY.SOPHOS.COM
16 AugFile sharing site Anonfiles shuts down due to overwhelming abuseAnonfiles, a popular service for sharing files anonymously, has shut down after saying it can no longer deal with the overwhelming abuse by its users. [...]BLEEPINGCOMPUTER.COM
16 AugDEF CON 31: Robot vacuums may be doing more than they claimWhen it comes to privacy, it remains complicated and near impossible for a consumer to make an informed decision.WELIVESECURITY.COM