144Articles
8Categories
2023-08-28Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
28 AugAnalysis of RAR Exploit Files (CVE-2023-38831), (Mon, Aug 28th)My tool zipdump.py can be used to analyse the latest exploits of vulnerability CVE-2023-38831 in WinRAR. ISC.SANS.EDU
28 AugBusybox cpio directory traversal vulnerability (CVE-2023-39810)submitted by bOt to netsec 1 points | 0 comments https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/ This is an automated archive. The original was posted on /r/netsec by /u/aunga on 2023-08-28 08:33:16+00:00.PENTAGRID.CH
28 AugAttacks on Citrix NetScaler systems linked to ransomware actorA threat actor believed to be tied to the FIN8 hacking group exploits the CVE-2023-3519 remote code execution flaw to compromise unpatched Citrix NetScaler systems in domain-wide attacks. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 31[−]
28 AugCustomizing LLMs for domain-specific tasksThe expansion of large language models (LLMs) in recent times has brought about a revolutionary change in machine learning processes and has introduced fresh perspectives on the potential of AI, according to Predibase. Based on survey data from organizations experimenting with LL…HELPNETSECURITY.COM
28 AugAdapting authentication to a cloud-centric landscapeIn this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud trans…HELPNETSECURITY.COM
28 AugCisco Nexus 3000 and 9000 Series Switches Flaw Let Attackers Trigger DoS AttackA Denial-of-Service vulnerability has been discovered in the Cisco Nexus 3000 and 9000 series switches, which could allow a threat actor to cause a denial-of-service condition due to a flaw in the IS-IS (Intermediate System-to-Intermediate System) protocol. ISIS is one of the fam…GBHACKERS.COM
28 AugHow international cybersecurity frameworks can help CISOsLaws and standards around cybersecurity are plenty and to make matters worse they often vary within countries. When CISOs need to focus on cybersecurity across the borders of a country, international agreements and frameworks can bring some guidance on meeting compliance, which c…CSOONLINE.COM
28 AugPoC for no-auth RCE on Juniper firewalls releasedResearchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit. Junos OS vulnerabilities and fix…HELPNETSECURITY.COM
28 AugRemotely Stopping Polish TrainsTurns out that it’s easy to broadcast radio commands that force Polish trains to stop: …the saboteurs appear to have sent simple so-called “radio-stop” commands via radio frequency to the trains they targeted. Because the trains use a radio system that lac…SCHNEIER.COM
28 AugResearchers Discover Reply URL Takeover Flaw in AzureSecurity researchers are urging Azure Active Directory (AD) users to monitor for abandoned reply URLs after revealing a critical vulnerability in the Microsoft Power Platform.INFOSECURITY-MAGAZINE.COM
28 AugLondon's Metropolitan Police Service Probes Cyber Intrusion at One of its SuppliersThe National Crime Agency has been called in to investigate over fears that the data could be exploited by organized crime or terrorists to fabricate warrant cards, or to target officers in the force.THERECORD.MEDIA
28 AugCyberattacks Targeting E-commerce ApplicationsCyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and deploy increasingly more API interfaces, with threat actors constantly exploring more ways to exploit vulnerabilities. This is why regular testing …THEHACKERNEWS.COM
28 AugSoftware Industry Urged to Assume Risk on Open Source SecurityThe manifesto is aimed at organizations that use open-source components as dependencies in their own software, according to Brian Fox, co-founder and CTO of Sonatype and one of the authors of the manifesto.CYBERSECURITYDIVE.COM
28 AugCISA Touts ‘Tremendous Growth’ in Vulnerability Disclosure PlatformThe Vulnerability Disclosure Policy (VDP) Platform has seen “tremendous growth” in onboarding 40 agency programs since its launch in July 2021, the Cybersecurity and Infrastructure Security Agency said Friday in a news release.THERECORD.MEDIA
28 AugWhat software should be patched first | Kaspersky official blogWhat patches should be installed first due to high risk of vulnerability exploitation in relevant software.KASPERSKY.COM
28 AugCyberthreats are taking center fieldThreat actors are opportunistic by nature, quickly evolving their attack methods to capitalize on new vulnerabilities or launch widespread attacks. Their latest target? High-profile sporting events and entertainment venues. Sports organizers, regional host facilities, and even ev…CSOONLINE.COM
28 AugFour common password mistakes hackers love to exploitThreat actors take advantage of common password mistakes to breach corporate networks. Learn more from Specops Software on the four most common mistakes and how to strengthen your Active Directory against these risks. [...]BLEEPINGCOMPUTER.COM
28 AugExploit released for Juniper firewall bugs allowing RCE attacksProof-of-concept exploit code has been publicly released for vulnerabilities in Juniper SRX firewalls that, when chained, can allow unauthenticated attackers to gain remote code execution in Juniper's JunOS on unpatched devices. [...]BLEEPINGCOMPUTER.COM
28 AugDEF CON 29 - Joseph Gabay - DoS Denial of Shopping Analyzing and Exploiting Physical Shopping Cartsubmitted by ashar to security_cpe 2 points | 0 comments https://youtu.be/fBICDODmCPI?si=RiGdS_ujlOMGESd6 Control Shopping Cart Wheels With Your Phone! DEF CON 29 - Joseph Gabay - DoS Denial of Shopping Analyzing and Exploiting Physical Shopping Cart Many supermarkets and shoppin…YOUTU.BE
28 AugIntern in a company - need help :)submitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/Iwnllmao on 2023-08-28 12:14:33+00:00. Hello everyone. So I’m kinda in an awkward position. I am a newly appointed (2 weeks in) intern in a soft…ZEROBYTES.MONSTER
28 AugVulnerability Scanning in subnetssubmitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/DuePraline3880 on 2023-08-28 08:11:27+00:00. For those of you who work in Vulnerability Management. How much of a pain, if at all, is setting up…ZEROBYTES.MONSTER
28 Augi'm bothered by this : ) .....submitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/Ill-Arm-5597 on 2023-08-28 06:31:10+00:00. I work as a cybersecurity developer. In my company, I’ve developed a Web Application Firewall (WAF). …ZEROBYTES.MONSTER
28 AugLockbit Variants on the Risesubmitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/rvilladiego on 2023-08-28 03:25:37+00:00. Lockbit Black code was leaked in September 2022. We have recently seen an increased number of ransomwa…ZEROBYTES.MONSTER
28 AugSPA-Cart eCommerce CMS 1.9.0.3 Cross Site Scriptingsubmitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174343/spacartecomcms1903-xss.txtPACKETSTORMSECURITY.COM
28 AugSPA-Cart eCommerce CMS 1.9.0.3 SQL Injectionsubmitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174344/spacartecomcm1903-sql.txtPACKETSTORMSECURITY.COM
28 AugPoC for Unauthenticated RCE on Juniper Networks Firewalls ReleasedResearchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit.HELPNETSECURITY.COM
28 AugExperts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated PrivilegeCybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. "An attacker could leverage this abandoned URL to redirect authorization code…THEHACKERNEWS.COM
28 AugUAC Token-Filtering - MS Security Guide” ADMX and ADML files - GPOsubmitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/QuestionFreak on 2023-08-28 14:58:32+00:00. Has anyone implemented the following GPO in your infrastructure? If yes, could you please inform me …ZEROBYTES.MONSTER
28 AugEveryDay Carry software (Cybersecurity).submitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/Apocrypha667 on 2023-08-28 14:11:10+00:00. To the CS professionals: If you had to carry around a USB stick keychain, what would it be on it?ZEROBYTES.MONSTER
28 AugStressed Out and Overwhelmed, SecOps Teams Struggle to Keep UpAmid complexity and noise, security teams are burning out, and data shows it is not getting any better. Sophos research reveals globally that 93% of organizations find the execution of some essential security operation tasks, such as threat hunting, challenging. These challenges …CSOONLINE.COM
28 AugWho Comes Up with this Stuff? Interviewing Authors to Understand How They Produce Security Advicesubmitted by videodrome to security 2 points | 0 comments https://www.usenix.org/system/files/soups2023-neil.pdf cross-posted from: lemmy.capebreton.social/post/397946 Authors: Lorenzo Neil, North Carolina State University; Harshini Sri Ramulu, The George Washington University; Y…USENIX.ORG
28 AugCyber-awareness education is a change-management initiativeAs cyber adversaries continue advancing their tactics, organizations around the globe are at greater risk than ever of being breached. According to recent Fortinet research, cybercriminals are showing no signs of slowing : Ransomware-as-a-Service (RaaS) operations are driving inc…CSOONLINE.COM
28 AugThe Art & Science of Metawar - Winn Schwartau - BSW #318The metaverse is an evolving storytelling environment in which humans have congregated for millennia to experience alternate, immersive, and simulated realities, with or without technology. Storytelling is designed to influence mental and physical perceptions suiting the purposes…YOUTUBE.COM
28 AugTrying to create a cybersecurity newsletter and need helpsubmitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/too_fat_to_dance on 2023-08-28 19:48:51+00:00. Hello everyone, I’m in the process of launching a weekly cybersecurity newsletter and would love …ZEROBYTES.MONSTER
📋 SECURITY BULLETINS 1[−]
28 AugVital iPhone security updates could be blocked by proposed UK surveillance rulessubmitted by bOt to cybersecurity 1 points | 0 comments https://www.imore.com/iphone/vital-iphone-security-updates-could-be-blocked-by-proposed-uk-surveillance-rules This is an automated archive. The original was posted on /r/cybersecurity by /u/Shields0001 on 2023-08-27 22:24:46…IMORE.COM
📢 SECURITY ADVISORIES 13[−]
28 AugHacking the future: Notes from DEF CON’s Generative Red Team ChallengeThe 2023 DEF CON hacker convention in Las Vegas was billed as the world's largest hacker event, focused on areas of interest from lockpicking to hacking autos (where the entire brains of a vehicle were reimagined on one badge-sized board) to satellite hacking to artificial intell…CSOONLINE.COM
28 AugKroll SIM-swap attack: FTX, BlockFi and Genesis clients’ info exposedFinancial and risk advisory firm Kroll has suffered a SIM-swapping attack that allowed a threat actor to access files containing personal information of clients of bankrupt cryptocurrency platforms FTX, BlockFi and Genesis. The Kroll SIM-swapping attack On Saturday, August 19, 20…HELPNETSECURITY.COM
28 AugCritical digital infrastructure: Why societies are becoming so vulnerable to cyberattacks | DW Techtopiasubmitted by ashar to security_cpe 1 points | 0 comments https://youtu.be/CQGmnhFSA9w?si=SqMwdJ2Ro0g9MRbD Critical digital infrastructure: Why societies are becoming so vulnerable to cyberattacks For weeks, a cyberattack paralyzed the German district of Anhalt-Bitterfeld in 2021,…YOUTU.BE
28 Augharaj 1.1 Add Administratorsubmitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174335/haraj11-addadmin.txtPACKETSTORMSECURITY.COM
28 AugRed Hat Security Advisory 2023-4769-01submitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174345/RHSA-2023-4769-01.txtPACKETSTORMSECURITY.COM
28 AugDebian Security Advisory 5483-1submitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174346/dsa-5483-1.txtPACKETSTORMSECURITY.COM
28 AugDebian Security Advisory 5484-1submitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174347/dsa-5484-1.txtPACKETSTORMSECURITY.COM
28 AugMalDoc in PDF - Detection bypass by embedding a malicious Word file into a PDF filesubmitted by L4s to secops 7 points | 0 comments https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html MalDoc in PDF - Detection bypass by embedding a malicious Word file into a PDF file::JPCERT/CC has confirmed that a new technique was used in an attack that occurred in July, w…BLOGS.JPCERT.OR.JP
28 AugFree MFA Solutions for Google Accounts that doesn't require personal cell phone usesubmitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/jbmos33 on 2023-08-28 13:34:03+00:00. I sit on a technical advisory committee for a public school system. We finally got them to rollout MFA wit…ZEROBYTES.MONSTER
28 AugCyber Students - Industry, Success, and Failuressubmitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/StrikingInfluence on 2023-08-28 18:46:37+00:00. It’s that time of year where many people are enrolling in programs and starting / have just star…ZEROBYTES.MONSTER
🔥 INCIDENT REPORTING 32[−]
28 AugReady to enhance your continuous assessment efforts? Meet PlexTracGraham Cluley Security News is sponsored this week by the folks at PlexTrac. Thanks to the great team there for their support! If you are investing in solutions for continuous assessment and validation or breach and attack simulation, you know that managing the data and remediati…GRAHAMCLULEY.COM
28 AugCyber Security Today, August 28, 2023 -- SIM card swap led to a Kroll data breach, supplier hack led to a London police data theft, and moreThis episode reports on several newly revealed hacks, including the theft of the names and ranks of 47,000 London police and staff stolen after a hacker got into the IT systems of a firm that prints police warrant cards and staff passesCYBERSECURITYTODAY.LIBSYN.COM
28 Aug3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping AttackThree bankrupt cryptocurrency companies — FTX, BlockFi and Genesis — suffered data breaches following a SIM swapping attack at Kroll. The post 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugLeaked LockBit 3.0 Ransomware Builder Used by Multiple ActorsLockbit v3, aka Lockbit Black, was detected in June 2022, but in September 2022 a builder for this variant was leaked online. The availability of the builder allowed anyone to create their own customized version of the ransomware.SECURITYAFFAIRS.COM
28 AugHackers Disruptred Poland’s Railway System SignalsPoland’s Railway infrastructure, a crucial transit route for Western weapons transported to Ukraine, has been compromised by cybercriminals. The signals were intermingled with recordings of the Russian national anthem and a speech by President Vladimir Putin, according to t…GBHACKERS.COM
28 AugLeaseweb Reports Cloud Disruptions Due to CyberattackDutch cloud company Leaseweb shut down some critical systems last week due to a cyberattack. The post Leaseweb Reports Cloud Disruptions Due to Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugOhio History Organization Says Personal Information Stolen in Ransomware AttackPersonal information stolen in ransomware attack at Ohio History Connection posted online after organization refuses to pay ransom. The post Ohio History Organization Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugMet Police Officers at Risk After Serious Data BreachScotland Yard Probes Impact of Suspected Hack Attack Against Service Provider London's Metropolitan Police Service is investigating a serious data breach that may have exposed names, ranks and photographs for potentially all 47,000 personnel, after someone gained access "unauthor…DATABREACHTODAY.CO.UK
28 AugBrazilian Phone Spyware was Hacked and Victims’ Devices ‘Deleted’ From ServerA Portuguese-language spyware called WebDetetive has been used to compromise more than 76,000 Android phones in recent years across South America, largely in Brazil. It is also the latest phone spyware company in recent months to have been hacked.TECHCRUNCH.COM
28 Aug3 Malware Loaders Detected in 80% of Attacks: Security FirmQakBot, SocGholish, and Raspberry Robin are the three most popular malware loaders, accounting for 80% of the observed incidents. The post 3 Malware Loaders Detected in 80% of Attacks: Security Firm appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugAdvanced analytics can help detect insider threats rapidlyWhile external cyber threats capture headlines, the rise of insider threats from within an organization is a growing concern. In 2023, the average cost of a data breach caused by an insider reached $4.90 million, 9.6% higher than the global average data breach cost of $4.45 milli…SECURITYINTELLIGENCE.COM
28 AugHacking Group Kittensec Claims to ‘Pwn Anything We See’ to Expose CorruptionOn July 28, KittenSec claimed in a Telegram post to have hacked multiple Romanian government systems and posted a file containing roughly 36 gigabytes of data, including emails, documents, contracts, and healthcare-related data.CYBERSCOOP.COM
28 AugProfile: TA505 / CL0P ransomwareProfile on the TA505 cybercrime group and CL0P ransomwareCYBER.GC.CA
28 AugProfile: ALPHV/BlackCat ransomwareProfile on the ALPHV cybercrime group and BlackCat ransomwareCYBER.GC.CA
28 Aug10 Million Likely Impacted by Data Breach at French Unemployment AgencyThe personal information of roughly 10 million individuals might have been compromised in a data breach at French unemployment agency Pole Emploi. The post 10 Million Likely Impacted by Data Breach at French Unemployment Agency appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugMom’s Meals service discloses data breach impacting 1.2 millionPurFoods, which conducts business in the U.S. as 'Mom's Meals,' is warning of a data breach after the personal information of 1.2 million customers and employees was stolen in a ransomware attack. [...]BLEEPINGCOMPUTER.COM
28 AugLeaseweb Reports Cloud Disruptions Due to Cyberattack“The issue had an impact on a specific portion of our cloud-based infrastructure leading to downtime for a small number of cloud customers,” Leaseweb told customers in an email notification.SECURITYWEEK.COM
28 AugMom’s Meals discloses data breach impacting 1.2 million peoplePurFoods, which conducts business in the U.S. as 'Mom's Meals,' is warning of a data breach after the personal information of 1.2 million customers and employees was stolen in a ransomware attack. [...]BLEEPINGCOMPUTER.COM
28 AugHTML Smuggling Leads to Domain Wide Ransomwaresubmitted by bOt to cybersecurity 1 points | 0 comments https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/ This is an automated archive. The original was posted on /r/cybersecurity by /u/TheDFIRReport on 2023-08-28 11:34:53+00:00.THEDFIRREPORT.COM
28 AugA Brazilian phone spyware was hacked and victims’ devices ‘deleted’ from serversubmitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/Icy-Avocado-1634 on 2023-08-28 02:49:44+00:00.ZEROBYTES.MONSTER
28 Aug‘Incredible concern and anger’ among Metropolitan Police after hackers breach datasubmitted by c0mmando to netsec 13 points | 2 comments https://therecord.media/metropolitan-police-data-leak-hackers-ukTHERECORD.MEDIA
28 AugLockbit 3.0 Builder Leaked: Anyone Can Blend RansomwareIt has come to the attention of researchers that the LockBit 3.0 builder has suffered from a leak, which now allows anyone to create various versions of the LockBit ransomware according to their own preferences. This poses a serious security risk that should not be taken lightly.…GBHACKERS.COM
28 AugMom’s Meals Service Discloses Data Breach Impacting 1.2 Million PeoplePurFoods, which conducts business in the U.S. as 'Mom's Meals,' is warning of a data breach after the personal information of 1.2 million customers and employees was stolen in a ransomware attack.BLEEPINGCOMPUTER.COM
28 Augmessed up on my first real incident response... (HELP)submitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/LuckyAd4953 on 2023-08-28 17:13:55+00:00. User clicked a phishing email and emails went out to all of her contacts. We reset her password, reset…ZEROBYTES.MONSTER
28 AugHTML Smuggling Leads to Domain Wide Ransomwaresubmitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/TheDFIRReport on 2023-08-28 15:18:09+00:00. In this case a threat actor delivered a password protected ZIP file via HTML smuggling. Within the p…ZEROBYTES.MONSTER
28 AugSpain warns of LockBit Locker ransomware phishing attacksThe National Police of Spain is warning of an ongoing 'LockBit Locker' ransomware campaign targeting architecture companies in the country through phishing emails. [...]BLEEPINGCOMPUTER.COM
28 AugRansomware Attack Cleanup Costs: $10M So Far for RackspaceFallout From Crypto-Locking Malware Attacks and Data Exfiltration Remains Costly Ransomware and data-exfiltration attacks are continuing to stick victims with serious bills to cover cleanup, legal and other resulting costs - to the tune of $10.8 million and counting for cloud com…DATABREACHTODAY.CO.UK
28 AugDFIR Analyst Seeking New Opportunities in Cybersecuritysubmitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/Paiet on 2023-08-28 18:48:53+00:00. I hope you’re all doing fantastic. I’m reaching out to this incredible community to find new cybersecurity o…ZEROBYTES.MONSTER
28 AugIncident Response: Clouds, SMBs, and more! | News - PSW7976:00pm ET - Amanda Berlin 7:00pm ET - Security News This week, we start things off with an interview with Amanda Berlin, Lead Incident Detection Engineer at Blumira (primary), Mental Health Hackers, & Cybersecurity Conference Training, about Incident Response: Clouds, SMBs, and m…YOUTUBE.COM
28 AugSimplify Your Audit Process | Enterprise News | Black Hat Executive Interviews - ESW330This week, we kick things off with and interview with Erik Huckle, Group Product Manager at Sailpoint, about Simplify Your Audit Process without Compromising Identity Data Security. Then we discuss our weekly Enterprise News for the week. Finally we will be airing some more inter…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 44[−]
28 AugISC Stormcast For Monday, August 28th, 2023 https://isc.sans.edu/podcastdetail/8634, (Mon, Aug 28th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
28 AugExperts demand clarity as they struggle with cloud security prioritizationCloud Native Application Protection Platforms (CNAPPs) have emerged as a critical category of security tooling in recent years due to the complexity of comprehensively securing multi-cloud environments, according to Cloud Security Alliance. Secure cloud computing environment Much…HELPNETSECURITY.COM
28 AugWhat true diversity in the cybersecurity industry looks likeIn this Help Net Security video, Larry Whiteside, Jr., CISO at RegScale and President of Cyversity, discusses how, now more than ever, the cybersecurity industry needs the diversity of thought to address the increasingly complex and technology-driven challenges organizations face…HELPNETSECURITY.COM
28 AugUncovering a privacy-preserving approach to machine learningIn the era of data-driven decision making, businesses are harnessing the power of machine learning (ML) to unlock valuable insights, gain operational efficiencies, and solidify competitive advantage. Although recent developments in generative artificial intelligence (AI) have rai…HELPNETSECURITY.COM
28 AugPolish Authorities Investigate Hacking Attack on Local RailwaysThe attack took place on Saturday. Threat actors transmitted a signal triggering an emergency status that stopped the trains near the city of Szczecin. According to the media, the attack stopped at least 20 trains and paralyzed the traffic for hours.SECURITYAFFAIRS.COM
28 AugBlack Hat Fireside Chat: How to achieve API security — as AI-boosted attacks intensifyAPI security has arisen as a cornerstone of securing massively interconnected cloud applications. At Black Hat USA 2023 , I had a great discussion about API security with Data Theorem COO Doug Dooley and Applovin CISO Jeremiah Kung. For a … (more…)LASTWATCHDOG.COM
28 AugTwo Men Arrested Following Poland Railway HackingPolish police have arrested two men suspected of illegally hacking into the national railway's communications network, causing disruption to 20 trains. The post Two Men Arrested Following Poland Railway Hacking appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugTrends in Business Email CompromiseResearchers at Trustwave have published a report outlining trends in business email compromise (BEC) attacks, finding that these attacks spiked in February of 2023.KNOWBE4.COM
28 AugSigns of Malware Attack Targeting Rust Developers Found on Crates.ioThe Crates.io Rust package registry was targeted in preparation of a malware attack aimed at developers, according to Phylum. The post Signs of Malware Attack Targeting Rust Developers Found on Crates.io appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 5 points | 1 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
28 AugRaise pushed back 6-7 months after getting CISSPsubmitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/Hefty_Meringue8694 on 2023-08-28 12:58:54+00:00. 2 months ago, my boss and his boss came up to me stating they want me to get the CISSP so I can…ZEROBYTES.MONSTER
28 AugKali Linux Toolssubmitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/Background-Touch-744 on 2023-08-28 12:54:15+00:00. When you installed kali linux I’m curious what tools you first installed? What are some must …ZEROBYTES.MONSTER
28 AugGreen Dot Bank and ACH/direct deposit fraud attemptssubmitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/hubbyofhoarder on 2023-08-28 11:32:36+00:00. Lately I’ve seen an uptick in attempted ACH and direct deposit fraud attempts aimed at my company. …ZEROBYTES.MONSTER
28 AugPcap analyzer version 2submitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/B6– on 2023-08-28 11:00:53+00:00. Hi everyone I have made a simple tool to analyze pcap files but it wasn’t really doing anything but calculatin…ZEROBYTES.MONSTER
28 AugCISCO WLCs and APs VA and config scansubmitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/aeth3rz on 2023-08-28 08:53:14+00:00. Hi experts, New to this field, I understand that it would be best to scan every devices in the network. Fo…ZEROBYTES.MONSTER
28 AugMentorship Monday - Post All Career, Education and Job questions here!submitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/AutoModerator on 2023-08-28 00:00:19+00:00. This is the weekly thread for career and education questions and advice. There are no stupid questio…ZEROBYTES.MONSTER
28 AugFlightPath LMS 5.0-rc2 Cross Site Scriptingsubmitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174331/flightpathlms50rc2-xss.txtPACKETSTORMSECURITY.COM
28 AugGlobal Domains International 2.0 Cross Site Scriptingsubmitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174332/gdi20-xss.txtPACKETSTORMSECURITY.COM
28 AugGusto Recipes Management 1.5.1 Cross Site Scriptingsubmitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174333/gustorecipesmgmt151-xss.txtPACKETSTORMSECURITY.COM
28 AugHaasCMS 1.0 Cross Site Scriptingsubmitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174334/haascms10-xss.txtPACKETSTORMSECURITY.COM
28 AugHasan MWB 1 Cross Site Scriptingsubmitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174336/hasanmwb1-xss.txtPACKETSTORMSECURITY.COM
28 AugHesk Rtl CMS 1 Cross Site Scriptingsubmitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174337/hesktrlcms1-xss.txtPACKETSTORMSECURITY.COM
28 AugHospital HMS 2 SQL Injectionsubmitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174338/hospitalhms2-sql.txtPACKETSTORMSECURITY.COM
28 AugHospital HMS 2.7 SQL Injectionsubmitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174339/hospitalhms27-sql.txtPACKETSTORMSECURITY.COM
28 AugHighPlus CMS 0.1.3 SQL Injectionsubmitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174340/highpluscms013-sql.txtPACKETSTORMSECURITY.COM
28 AugJorani 1.0.3 Cross Site Scriptingsubmitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174341/jorani103-xss.txtPACKETSTORMSECURITY.COM
28 AugHorse Market Sell And Rent Portal Script 1.5.7 Cross Site Scriptingsubmitted by bOt to packetstorm 1 points | 0 comments https://packetstormsecurity.com/files/174342/hmsrps157-xss.txtPACKETSTORMSECURITY.COM
28 AugAlleged leak of 270k user e-mails + unsalted MD5 password hashes (!!!) from popular sim racing service Trading Paintssubmitted by sunaurus to cybersecurity 21 points | 2 comments https://twitter.com/musantro/status/1696060732666736961TWITTER.COM
28 Aug[Video] PyCript Burp Suite Extension: Bypassing Client-Side Encryption Guide and Demosubmitted by bOt to netsec 1 points | 0 comments https://video.souravkalal.tech/Burp/pycript.html This is an automated archive. The original was posted on /r/netsec by /u/Ano_F on 2023-08-28 14:41:47+00:00.VIDEO.SOURAVKALAL.TECH
28 AugHackers Embed Weaponized Word File into a PDF to Evade DetectionTo avoid detection, hackers employed a new method dubbed “MalDoc in PDF” to insert a malicious Word file into a PDF file. Despite having magic numbers and a PDF-specific file format, a file created with MalDoc in PDF may be opened in Word. If the file includes a …GBHACKERS.COM
28 AugAcquisition Chatter Swirls Around SentinelOne, BlackBerryCybersecurity vendors SentinelOne and BlackBerry have been separately named in public acquisition chatter with a surprise suitor emerging. The post Acquisition Chatter Swirls Around SentinelOne, BlackBerry appeared first on SecurityWeek .SECURITYWEEK.COM
28 Aughow do you address html files/embedded html in email security process?submitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/Mindless_IT_Pesant on 2023-08-28 16:45:45+00:00. Been doing some reading on HTML smuggling () . trying to figure out how to implement HTML/HTM b…ZEROBYTES.MONSTER
28 AugHow to ask without sounding like they did something wrongsubmitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/fredagsguf on 2023-08-28 15:33:09+00:00. Hi everyone, I’m currently in a position where see a lot of flaws inside our company. However each time…ZEROBYTES.MONSTER
28 AugBrowser Extension Risk Report: High # Risks for SaaS Datasubmitted by bOt to cybersecurity 1 points | 0 comments https://spin.ai/blog/browser-extension-risk-report/ This is an automated archive. The original was posted on /r/cybersecurity by /u/KolideKenny on 2023-08-28 14:19:37+00:00.SPIN.AI
28 AugFlexibility or pay?submitted by bOt to cybersecurity 1 points | 0 comments This is an automated archive. The original was posted on /r/cybersecurity by /u/apainfulpilgrimage on 2023-08-28 13:43:26+00:00. I have a job and they basically let me do whatever i want, but i bring results and save their a…ZEROBYTES.MONSTER
28 AugThe Art & Science of Metawar | Black Hat Executive Interviews - BSW #318This week, we start things off with an interview with Winn Schwartau, Security Guy since 1983, Time & Analogue thinker and writer, and Former recording engineer and producer at WinnSchwartau.Com, about The Art & Science of Metawar . Then we follow up with our Leadership and Commu…YOUTUBE.COM
28 AugCrypto Investor Data Stolen From Kroll In SIM SwapFTX, BlockFI and Genesis Claimants at Risk of Phishing Kroll is warning claimants in three major cryptocurrency bankruptcy cases that hackers obtained their personal data after the attacker convinced a mobile carrier to redirect an employee's phone number to their own device. Hac…DATABREACHTODAY.CO.UK
28 AugWhy Not To Automate Security in SDLC with SAST? My thoughts and arguments why SAST should be as widely adopted as code quality checks.submitted by bOt to netsec 1 points | 0 comments https://medium.com/@theowni/why-not-to-automate-security-in-sdlc-11961f1c699f This is an automated archive. The original was posted on /r/netsec by /u/theowni on 2023-08-28 17:17:51+00:00.MEDIUM.COM
28 AugCyber Info-Sharing Guide for Healthcare Sector UpdatedSector Urged to Broaden Info Sharing Beyond Traditional Indicators Public-private cybersecurity councils urged the healthcare industry to be more expansive in sharing signs of hacking, warning that traditional indicators aren't enough. Fending off hackers requires additional shar…DATABREACHTODAY.CO.UK
28 AugCISO's Actionable Strategy for Success, Security Basics are Hard, & Building Culture - BSW #318In the leadership and communications section, A CISO's Actionable Strategy for Success, Security basics aren’t so basic — they’re hard, Building a Culture Where Employees Feel Free to Speak Up, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show N…YOUTUBE.COM
28 AugReport: Moscow to help cybercriminals operate with 'near impunity', Canada among targetssubmitted by bOt to cybersecurity 1 points | 0 comments https://www.youtube.com/watch?v=ZVOw6zmQyHE This is an automated archive. The original was posted on /r/cybersecurity by /u/yankmywire on 2023-08-28 19:37:13+00:00.YOUTUBE.COM
28 AugBypassing BitLockersubmitted by bOt to cybersecurity 1 points | 0 comments https://hackaday.com/2023/08/25/bypassing-bitlocker-with-a-logic-analzyer/ This is an automated archive. The original was posted on /r/cybersecurity by /u/WashingtonPass on 2023-08-28 18:30:38+00:00.HACKADAY.COM
28 AugMystery | Qakbot | Crates.io | VDP | NetScaler | Entra ID | SynthID | Jason Wood & more – SWN322This week, Doug Talks: Mystery, Qakbot, Crates.io, VDP, NetScaler, Entra ID, SynthID, FreeBSD, Jason Wood, and more on the Security Weekly News. →Full Show Notes: https://securityweekly.com/swn322 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our web…YOUTUBE.COM
28 AugAI cars | Sandstorm | BGP | Earth Estries | DOE | Aria | Aaran Leyland & more – SWN323This week, Doug Talks: AI cars, Sandstorm, BGP, Earth Estries, DOE, Aria , Aaran Leyland, and more on the Security Weekly News. →Full Show Notes: https://securityweekly.com/swn323 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our website: https://www…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 9[−]
28 AugKmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced CapabilitiesAn updated version of a botnet malware called KmsdBot is now targeting Internet of Things (IoT) devices, simultaneously branching out its capabilities and the attack surface. "The binary now includes support for Telnet scanning and support for more CPU architectures," Akamai secu…THEHACKERNEWS.COM
28 AugKmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities"The binary now includes support for Telnet scanning and support for more CPU architectures," Akamai security researcher Larry W. Cashdollar said in an analysis published this month.THEHACKERNEWS.COM
28 AugBaseline cyber threat assessment: CybercrimeAssessment of the threat to Canada and Canadians posed by global cybercrimeCYBER.GC.CA
28 AugDevelopers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram ChannelIn yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages have been discovered on the Rust programming language's crate registry. The libraries, uploaded between August 14 and 16, 2023, were published by a user nam…THEHACKERNEWS.COM
28 AugSigns of Malware Attack Targeting Rust Developers Found on Crates.ioThe Rust Foundation was notified and it quickly removed the packages and locked the uploader’s account. GitHub was also notified and took action against the associated account.SECURITYWEEK.COM
28 AugRecovering from a supply-chain attack: What are the lessons to learn from the 3CX hack?The campaign started with a trojanized version of unsupported financial softwareWELIVESECURITY.COM
📡 INFOSEC NEWS 11[−]
28 AugTor Tweaks Onion Routing Software to Fend Off DDoS AttacksThe updated software now supports a proof-of-work challenge called EquiX. Designed by Tevador, who developed Monero's proof-of-work algorithm, it is "a CPU-friendly client puzzle with fast verification and small solution size (16 bytes).THEREGISTER.COM
28 AugUK Privacy Regulator Warns of Surging Number of “Text Pest” CasesThe UK’s data protection watchdog is urging victims of so-called “text pests” to come forward after revealing that nearly a third (29%) of 18–34-year-olds have had their personal information misused.INFOSECURITY-MAGAZINE.COM
28 AugVendors Training AI With Customer Data Is an Enterprise RiskZoom received some flak recently for planning to use customer data to train its machine learning models. The reality, however, is that the video conferencing company is not the first, nor will it be the last, to have similar plans.DARKREADING.COM
28 AugMicrosoft blames ‘unsupported processor’ blue screens on OEM vendorsMicrosoft says the recent wave of blue screens impacting some Windows users is not caused by issues in its August 2023 optional updates. [...]BLEEPINGCOMPUTER.COM
28 AugUncovering a Privacy-Preserving Approach to Machine LearningIn the era of data-driven decision making, businesses are harnessing the power of machine learning (ML) to unlock valuable insights, gain operational efficiencies, and solidify competitive advantage.HELPNETSECURITY.COM
28 AugMicrosoft will enable Exchange Extended Protection by default this fallMicrosoft announced today that Windows Extended Protection will be enabled by default on servers running Exchange Server 2019 starting this fall after installing the 2023 H2 Cumulative Update (CU14). [...]BLEEPINGCOMPUTER.COM
28 AugMalDoc in PDFs: Hiding malicious Word docs in PDF filesJapan's computer emergency response team (JPCERT) is sharing a new 'MalDoc in PDF' attack detected in July 2023 that bypasses detection by embedding malicious Word files into PDFs. [...]BLEEPINGCOMPUTER.COM
28 AugWhy a Wiz-SentinelOne Deal Makes Sense, and Why It Might NotDespite the Financial Hurdles, the Perks of Building a CNAPP-XDR Platform Are Clear Venture-backed cloud security firm Wiz swallowing up publicly traded endpoint security firm SentinelOne would be one of the most unorthodox and surprising acquisitions the cybersecurity industry h…DATABREACHTODAY.CO.UK