53Articles
7Categories
2023-09-04Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
4 SepHackers Exploit MinIO Storage System Vulnerabilities to Compromise ServersAn unknown threat actor has been observed weaponizing high-severity security flaws in the MinIO high-performance object storage system to achieve unauthorized code execution on affected servers. Cybersecurity and incident response firm Security Joes said the intrusion leveraged a…THEHACKERNEWS.COM
4 SepPoC Exploit Released for VMware Aria Authentication Bypass VulnerabilityVMware Aria Operations for Network was discovered with an Authentication Bypass vulnerability previously, which had a critical severity. VMware has released patches for fixing this vulnerability. However, a Proof-of-concept and the patch file provided by VMware have been briefed.…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 14[−]
4 SepInfosec products of the month: August 2023Here’s a look at the most interesting products from the past month, featuring releases from: Action1, Adaptive Shield, Bitdefender, Bitwarden, Forescout, ImmuniWeb, Kingston Digital, LastPass, Lineaje, LOKKER, Menlo Security, MongoDB, Netskope, NetSPI, OffSec, Qualys, SentinelOne…HELPNETSECURITY.COM
4 SepRansomware attacks go beyond just data65% of organizations confirmed that ransomware is one of the top three threats to their viability, and for 13%, it is the biggest threat, according to a report by Enterprise Strategy Group (ESG) and Keepit. Organizations’ strategies against ransomware According to the repor…HELPNETSECURITY.COM
4 SepWhy Instagram Threads is a hotbed of risks for businessesInstagram's Threads platform launched to great fanfare in July with a massive surge of users signing up for the new text-sharing and public conversation service, including businesses using the service as an extension of existing social media and communications programs. Many have…CSOONLINE.COM
4 SepSchweitzer Labs Windows Software Flaws Allow Remote Code ExecutionQuickSet and Grid Configurator of Schweitzer Labs were found to be vulnerable to multiple vulnerabilities that can be exploited by threat actors. Nearly, 9 new vulnerabilities were found which include 4 High severity and 5 Medium severity vulnerabilities.  The High severity …GBHACKERS.COM
4 SepChrome Extensions can Steal Plaintext Passwords From Website Source CodeGiven the lack of any security boundary between the extension and a site's elements, the former has unrestricted access to data visible in the source code and may extract any of its contents.BLEEPINGCOMPUTER.COM
4 SepThreat Actors Exploit MS SQL Servers to Deploy FreeWorld RansomwareA campaign named DB#JAMMER is utilizing poorly secured MS SQL servers to distribute Cobalt Strike and a ransomware strain called FreeWorld. Cybersecurity firm Securonix revealed that the attackers gain initial access by brute-forcing the MS SQL server, followed by reconnaissance,…CYWARE.COM
4 SepMore Than 200,000 Indiana Medicaid Members Possibly Exposed in CareSource Data BreachCareSource, the entity that manages software for the Indiana Family and Social Services Administration (FSSA), suffered a data breach in May that may have exposed the personal information of 212,193 Indiana Medicaid members.WRTV.COM
4 SepNew SuperBear Trojan Targets South Korean ActivistsCivil society organizations in South Korea came under the brunt of a phishing attack that used a new RAT called SuperBear. The intrusion targeted an undisclosed activist, who received a malicious LNK file in late August, posing as a member of their organization. The researchers h…CYWARE.COM
4 SepMitigating AI Risks: UK Calls for Robust GuardrailsBritain's Global AI Summit to Focus on Governance, Risk, International Standards The U.K. plans to hold its first-ever global summit on artificial intelligence this November. Goals of the event include detailing AI risks and opportunities, building effective frameworks for using …DATABREACHTODAY.CO.UK
4 SepA full report of penetration test of OPNsense (an open source, FreeBSD based firewall and routing platform).submitted by L4s to secops 1 points | 0 comments https://logicaltrust.net/pentest-reports/report-security-assessment-opnsense-1.0.pdf A full report of penetration test of OPNsense (an open source, FreeBSD based firewall and routing platform).::undefinedLOGICALTRUST.NET
4 SepHackers exploit MinIO storage system to breach corporate networksHackers are exploiting two recent MinIO vulnerabilities to breach object storage systems and access private information, execute arbitrary code, and potentially take over servers. [...]BLEEPINGCOMPUTER.COM
4 SepCybercrime Tremors: Experts Forecast Qakbot ResurgenceTrickBot and Emotet Botnets Both Returned After Disruption by Law Enforcement Has the cry of the Qakbot come to an end? While the pernicious, multifunction malware fell quiet last week thanks to Operation "Duck Hunt," lucrative cybercrime operations have a history of rebooting th…DATABREACHTODAY.CO.UK
4 SepNascent Malware Campaign Targets npm, PyPI, and RubyGems Developerssubmitted by L4s to secops 1 points | 0 comments https://blog.phylum.io/malware-campaign-targets-npm-pypi-and-rubygems-developers/ Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers::Phylum has been extremely busy in the past few weeks, reporting on multiple malw…PHYLUM.IO
4 Sep KEVRussia-linked attackers hit UK Ministry of Defence, leak stolen dataRussian-aligned threat actors have reportedly hit the UK's Ministry of Defence (MoD) and leaked stolen information on military and intelligence sites online. Hackers targeted the database of Zaun, a firm which handles physical security for some of Britain's most secretive locatio…CSOONLINE.COM
📢 SECURITY ADVISORIES 2[−]
4 SepBeware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade AntivirusCybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file. The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023.…THEHACKERNEWS.COM
4 SepNCSC Warns of Specific Vulnerabilities in AI Models Like ChatGPTA large language model (LLM) is a deep learning AI model or system that understands, generates, and predicts text-based content, often associated with generative AI. In the current technological landscape, we have robust and known models like:- Cybersecurity analysts at the Natio…GBHACKERS.COM
🔥 INCIDENT REPORTING 8[−]
4 SepDeep Instinct takes a prevention-first approach to stopping ransomware and other malware using deep learningGraham Cluley Security News is sponsored this week by the folks at Deep Instinct. Thanks to the great team there for their support! Deep Instinct protects the data of the world’s largest brands by delivering on the promise of threat prevention with the only cybersecurity pl…GRAHAMCLULEY.COM
4 SepFreecycle Users Told to Change Passwords After Data BreachFreecycle, an online community that encourages sharing unwanted items with eachother than chucking them in the bin or taking them to landfill, has told users to change their passwords after it suffered a data breach.GRAHAMCLULEY.COM
4 SepThe biggest cyber security incidents in August 2023The most impactful cyber attacks and data breaches from across the world in August 2023CSHUB.COM
4 SepUniversity of Sydney Data Breach Impacts Recent ApplicantsIn the data breach announcement, the university says that the incident had a limited impact and the preliminary investigation found no evidence that local students, staff, or alumni have been impacted.BLEEPINGCOMPUTER.COM
4 SepChinese-Speaking Cybercriminals Launch Large-Scale iMessage Smishing Campaign in U.S.A new large-scale smishing campaign is targeting the U.S. by sending iMessages from compromised Apple iCloud accounts with an aim to conduct identity theft and financial fraud. “The Chinese-speaking threat actors behind this campaign are operating a package-tracking text scam sen…THEHACKERNEWS.COM
4 SepShinyHunters Hacker group Claims to Have Hacked Pizza Hut Australia customer dataPizza Hut Australia has fallen victim to a cyberattack resulting in unauthorized access and potential compromise of customer data.  DataBreaches has uncovered alarming details about this breach, with a hacking group known as ShinyHunters claiming responsibility for the attac…GBHACKERS.COM
4 SepIndia: Ayush Jharkhand Portal Breached, 320,000 Patients’ Records ExposedThe compromised data also contains sensitive information about doctors, including their PII, login credentials, usernames, passwords, and phone numbers. The data breach was initiated by a threat actor named "Tanaka".IN.INVESTING.COM
4 SepFreecycle confirms massive data breach impacting 7 million usersFreecycle, an online forum dedicated to exchanging used items rather than trashing them, confirmed a massive data breach that affected more than 7 million users. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 11[−]
4 SepGlobal roaming fraud losses to surpass $8 billion by 2028Losses from global roaming fraud are anticipated to exceed $8 billion by 2028; driven by the increase in bilateral roaming agreements for data-intensive use cases over 5G networks, according to Juniper Research. In turn, it predicts fraudulent data traffic will account for 80% of…HELPNETSECURITY.COM
4 SepSpam is up, QR codes emerge as a significant threat vector85% of phishing emails utilized malicious links in the content of the email, and spam emails increased by 30% from Q1 to Q2 2023, according to a VIPRE report. Information technology organizations also overtook financial institutions (9%) as the most targeted sector for phishing i…HELPNETSECURITY.COM
4 Sep5 ways in which FHE can solve blockchain’s privacy problemsBlockchain technology has gained significant traction due to its decentralized nature and immutability, providing transparency and security for various applications, especially in finance. Having gained notoriety during the 2010s with the boom of cryptocurrencies such as Bitcoin,…HELPNETSECURITY.COM
4 SepISF Podcast 29: Threat Horizon: Future gazingsubmitted by ashar to security_cpe 1 points | 0 comments https://open.spotify.com/episode/4LBDSOHRMdiGGf3WetlDnT Climate change, AI, politics – all pressing topics that have continued to garner attention both within and beyond the cybersecurity industry. Key topics that could fea…OPEN.SPOTIFY.COM
4 SepVietnamese Cybercriminals Targeting Facebook Business Accounts with MalvertisingMalicious actors associated with the Vietnamese cybercrime ecosystem are leveraging advertising-as-a-vector on social media platforms such as Meta-owned Facebook to distribute malware. “Threat actors have long used fraudulent ads as a vector to target victims with scams, malverti…THEHACKERNEWS.COM
4 SepThe Nine Cybersecurity Habits - George Finney - BSW VaultCheck out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on March 15, 2021. In 1989, Stephen Covey first published "The 7 Habits of Highly Effective People," empowering and inspiring leaders for over 25 years. Is t…YOUTUBE.COM
4 SepUK Cyber Agency Warns of Prompt Injection Attacks in AIThreat actors are manipulating the technology behind large language model chatbots to access confidential information, generate offensive content, and "trigger unintended consequences," warned the U.K. cybersecurity agency.BANKINFOSECURITY.COM
4 SepCreating a YARA Rule to Detect Obfuscated Strings, (Mon, Sep 4th)I wrote a blog post " Quickpost: Analysis of PDF/ActiveMime Polyglot Maldocs " on how to analyse PDF/ActiveMime polyglot malicious document files and also developed a YARA rule to detect them. ISC.SANS.EDU
4 SepMicrosoft Says Goodbye to Wordpad, Snipping Tool, and Other UtilitiesMicrosoft Windows announced deprecated features for Windows clients 11 and 10. In this article, we’ll delve into the features and functionalities that are no longer actively developed for Windows clients.  Please note that the information below is subject to change and…GBHACKERS.COM
4 SepEverything You Wanted to Know About AI Security but Were Afraid to AskThere’s been a great deal of AI hype recently, but that doesn’t mean the robots are here to replace us. This article sets the record straight and explains how businesses should approach AI. From musing about self-driving cars to fearing AI bots that could destroy the world, there…THEHACKERNEWS.COM
4 SepMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
🎙️ PODCASTS 1[−]
4 SepCyber Security Today, Sept. 4, 2023 - Cybersecurity tips for parents as the new school year startsThis episode offers cybersecurity and privacy advice and links to websites for parents about to send their kids back to schoolCYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 15[−]
4 SepGamaredon Hackers Amplified Hacks Amid Kyiv CounteroffensiveA hacking group linked to Russian domestic intelligence agency the FSB has intensified attacks in tandem with a Ukrainian military push to expel Russian invaders, say Kyiv cyber defenders.BANKINFOSECURITY.COM
4 SepFake YouPorn Extortion Scam Threatens to Leak Your Sex TapeA new sextortion scam is making the rounds that pretends to be an email from the adult site YouPorn, warning that a sexually explicit video of you was uploaded to the site and suggesting you pay to have it taken down.BLEEPINGCOMPUTER.COM
4 SepInsurance Costs Rise, Coverage Shrinks, but Policies Remain EssentialWhile 69% have seen their premiums rise by more than 50% in the past year, companies still feel the need to carry policies, overwhelmingly choosing to allocate more budget to pay for the increases, according to a report published by Delinea.DARKREADING.COM
4 SepVietnamese Cybercriminals Targeting Facebook Business Accounts with MalvertisingVictims are approached through various platforms ranging from Facebook and LinkedIn to WhatsApp and freelance job portals like Upwork. Another known distribution mechanism is the use of search engine poisoning to boost bogus software.THEHACKERNEWS.COM
4 SepMaker of Chastity Device Left Users’ Emails, Passwords, and Locations ExposedA company, that makes a chastity device that can be controlled over the internet, exposed users’ email addresses, plaintext passwords, home addresses and IP addresses, and — in some cases — GPS coordinates, due to several flaws in its servers.TECHCRUNCH.COM
4 SepTips for parents sending kids back to school | Kaspersky official blogHow to keep kids safe and secure heading back to schoolKASPERSKY.COM
4 SepX (Twitter) to Collect Biometric Data from Premium Users to Combat ImpersonationX, the social media site formerly known as Twitter, has updated its privacy policy to collect users’ biometric data to tackle fraud and impersonation on the platform. “Based on your consent, we may collect and use your biometric information for safety, security, and identificatio…THEHACKERNEWS.COM
4 SepOkta: Hackers target IT help desks to gain Super Admin, disable MFAIdentity and access management company Okta released a warning about social engineering attacks targeting IT service desk agents at U.S.-based customers in an attempt to trick them into resetting multi-factor authentication (MFA) for high-privileged users. [...]BLEEPINGCOMPUTER.COM
4 SepInsurer fined $3M for exposing data of 650k clients for two yearsThe Swedish Authority for Privacy Protection (IMY) has fined Trygg-Hansa 35 million Swedish krona ($3,000,000) for exposing the sensitive data of hundreds of thousands of customers on its online portal. [...]BLEEPINGCOMPUTER.COM
4 SepGerman financial agency site disrupted by DDoS attack since FridayThe German Federal Financial Supervisory Authority (BaFin) announced today that an ongoing distributed denial-of-service (DDoS) attack has been impacting its website since Friday. [...]BLEEPINGCOMPUTER.COM