🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
26 AugCVE-2023-36844 And Friends: Unauth RCE In Juniper Devicessubmitted by bOt to netsec 1 points | 0 comments https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/ This is an automated archive. The original was posted on /r/netsec by /u/dx7r__ on 2023-08-26 10:37:41+00:00.LABS.WATCHTOWR.COM
⚠️ VULNERABILITY DISCLOSURE 7[−]
26 AugKroll Suffers Data Breach: Employee Falls Victim to SIM Swapping AttackRisk and financial advisory solutions provider Kroll on Friday disclosed that one of its employees fell victim to a "highly sophisticated" SIM swapping attack. The incident, which took place on August 19, 2023, targeted the employee's T-Mobile account, the company said. "Specific…THEHACKERNEWS.COM
26 AugUpdate: Prospect Medical Stolen Data Listed for Sale by Emerging Ransomware GroupThe Rhysida ransomware group claimed responsibility for a ransomware attack against Prospect Medical Holdings that forced multiple hospital closures earlier this month and continues to impact operations.CYBERSECURITYDIVE.COM
26 AugMalwarebytes Announces Acquisition of Online Privacy Company CyrusThis strategic acquisition reinforces Malwarebytes' commitment to privacy by giving users more control over their information, no matter where or how they choose to browse and interact online.DARKREADING.COM
26 AugmacOS: Who?s Behind This Network Connection?, (Sat, Aug 26th)When you must investigate suspicious behavior or work on an actual incident, you could be asked to determine who's behind a network connection. From a pure network point of view, your firewall or any network security control device/app will tell you that the source is the con…ISC.SANS.EDU
26 AugA Brazilian phone spyware was hacked and victims’ stolen device data ‘deleted’A Portuguese-language spyware called WebDetetive has been used to compromise more than 76,000 Android phones in recent years across South America, largely in Brazil. WebDetetive is also the latest phone spyware company in recent months to have been hacked. In an undated note seen…TECHCRUNCH.COM
26 AugFake Email Validation NPM Package Contains C2 and Sophisticated Data Exfiltrationsubmitted by L4s to secops 4 points | 0 comments https://blog.phylum.io/npm-emails-validator-package-malware/ Fake Email Validation NPM Package Contains C2 and Sophisticated Data Exfiltration::On the morning of August 24, Phylum’s automated risk detection system identified a susp…PHYLUM.IO
26 AugNew OpenSecurityTraining2 class "Exploitation 4011: Windows Kernel Exploitation: Race Condition + UAF in KTM" by Cedric Halbronn (~33 hours)submitted by L4s to secops 3 points | 0 comments https://ost2.fyi/Exp4011 New OpenSecurityTraining2 class “Exploitation 4011: Windows Kernel Exploitation: Race Condition + UAF in KTM” by Cedric Halbronn (~33 hours)::undefinedOST2.FYI
🔥 INCIDENT REPORTING 6[−]
26 AugUpdate: Discord Notifies Users of Data Breach Impacting 180 AccountsThe breach, which was publicly acknowledged by Discord in May 2023, impacted a total of 180 accounts, according to a data breach notification filed with the Office of the Maine Attorney General.HACKREAD.COM
26 AugThousands of SSNs Leaked After Ransomware Attack on Ohio State Archive OrganizationOne of the oldest historical societies in the state of Ohio was hit with a ransomware attack that leaked the sensitive information of thousands, according to a statement the organization released this week.THERECORD.MEDIA
26 AugThe Three Malware Loaders Behind 80% of IncidentsQakBot, SocGholish, and Raspberry Robin are the most prevalent malware loaders causing havoc for security teams, with QakBot being the most versatile and persistent threat.RELIAQUEST.COM
26 AugUK: Teens Found Responsible for Lapsus$ CyberattacksArion Kurtaj, 18, was deemed by psychiatrists to be unfit to stand trial. Though he could not be found “guilty” of committing the acts with criminal intent, a jury at Southwark Crown Court determined that he was at least the one who carried them out.INFOSECURITY-MAGAZINE.COM
26 AugLockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New VariantsThe leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants. Russian cybersecurity company Kaspersky said it detected a ransomware intrusion that deployed a version of LockBit but with a markedly different ransom demand…THEHACKERNEWS.COM
26 AugDB Podcast Episode 203 - Ransomeware deep divesubmitted by ashar to security_cpe 1 points | 0 comments https://securitycafe.ca/@chetwisniewski/110940233007891201 Deep Dive: Chester Wisniewski | Understanding the Modern Ransomware Era: The Impact on Organisations and the Urgency for Awareness and PreparationSECURITYCAFE.CA
🕵️ THREAT INTELLIGENCE 5[−]
26 AugDOJ Charged Tornado Cash Founders With Laundering More Than $1 BillionThe duo operated the Tornado Cash cryptocurrency mixer that facilitated more than $1 billion in money laundering transactions and laundered hundreds of millions of dollars for the Lazarus APT group.SECURITYAFFAIRS.COM
26 AugMaking security keys post quantum resilientsubmitted by bOt to netsec 0 points | 0 comments https://elie.net/publication/hybrid-post-quantum-signatures-in-hardware-security-keys/? This is an automated archive. The original was posted on /r/netsec by /u/ebursztein on 2023-08-26 15:55:36+00:00.ELIE.NET
26 AugHow Cross-Site Frame Counting Exposes Private Repositories on GitHubsubmitted by bOt to netsec 1 points | 0 comments https://mr-medi.github.io/research/2023/07/31/exploring-cross-site-frame-counting-attacks.html This is an automated archive. The original was posted on /r/netsec by /u/AnonVersal on 2023-08-26 10:55:07+00:00.MR-MEDI.GITHUB.IO
26 AugThreat Hunting Newsletter - Excel for Threat Hunterssubmitted by bOt to netsec 1 points | 0 comments https://marcusedmondson.substack.com/p/5-steps-to-create-conditional-formatting This is an automated archive. The original was posted on /r/netsec by /u/m_edmondson on 2023-08-26 10:50:04+00:00. I wrote a newsletter on how to use E…MARCUSEDMONDSON.SUBSTACK.COM
26 AugHack Hard: A Retro RPG Educational Hacking Game with A Die Hard Tributesubmitted by bOt to netsec 1 points | 0 comments https://github.com/milosilo/hack_hard This is an automated archive. The original was posted on /r/netsec by /u/MyAccessAccount on 2023-08-26 01:44:01+00:00.GITHUB.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
26 AugAdversary On The Defense: ANTIBOT.PWThe Antibot web traffic filtering service, originally a GitHub project, has evolved into a commercial platform for malicious actors, offering features like cloaking to evade analysis and prolong phishing and malware campaigns.INQUEST.NET
📡 INFOSEC NEWS 2[−]
26 AugCypago Raises $13 Million for GRC Automation PlatformThe new investment will allow Cypago to expand its research and development, product, and go-to-market teams, and grow its presence in the North American and European markets.SECURITYWEEK.COM
26 AugUnitedHealthcare Fined $80K for Six-Month Records Access DelayThe HHS' Office for Civil Rights said UnitedHealthcare had agreed to settle a case involving potential HIPAA violations related to allegations that the company took six months to fulfill a health plan member's request to access his PHI.BANKINFOSECURITY.COM