🚨 CISA KEV 1[−]
11 Sep KEVCISA Adds Two Known Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-41064 Apple Multiple products ImageIO Buffer Overflow CVE-2023-41061 Apple Multiple Products Wallet Unspecified Vulnerability These types of …CISA.GOV
⚠️ VULNERABILITY DISCLOSURE 24[−]
11 SepCrypto Phishing Attacks Abuse Google Looker StudioCybercriminals were observed exploiting Google Looker Studio to create counterfeit cryptocurrency phishing websites. Through this, attackers aim to deceive recipients into revealing their crypto wallet login details. Check Point recommends implementing a comprehensive security po…CYWARE.COM
11 SepHackers Exploit Zero-Day Flaw in Software Used by Resorts and HotelsIn the evolving hospitality industry landscape, where vacation rental software has transitioned from luxury to necessity, a growing concern emerges regarding cybersecurity. This software, while primarily simplifying booking, guest interactions, and property management, stores sen…GBHACKERS.COM
11 Sep5 areas where zero trust can’t protect your organizationAdopting zero trust is no fail safe against cyberattacks. Attackers are constantly finding new ways to get around zero trust, and this often happens because not everything within the organization environment was considered when employing zero trust. Among the overlooked risks are…CSOONLINE.COM
11 SepWhy executives should never be exempted from cybersecurity policyWhen I see organizations enforce solid cybersecurity policies for all employees and then turn around and make exceptions for their elite -- executives -- I cringe and scratch my head. My mother used to use "do as I say, not as I do" tactics on me during my teen years. It didn't h…CSOONLINE.COM
11 SepCisco Security Appliance Zero-Day Flaw is Under Attack by Ransomware CrooksThe vulnerability allows attackers to conduct password spraying and brute-force attacks, potentially leading to the identification of valid credentials and unauthorized remote access VPN sessions.ARSTECHNICA.COM
11 SepUK Government Backs Down on Anti-Encryption StanceThe UK government appears to have pulled back on a controversial clause in its forthcoming Online Safety Bill that would have forced tech companies to snoop on users’ messages.INFOSECURITY-MAGAZINE.COM
11 SepVulnerabilities Allow Hackers to Hijack, Disrupt Socomec UPS DevicesA researcher has found 7 vulnerabilities in Socomec UPS products that can be exploited to hijack and disrupt devices. The post Vulnerabilities Allow Hackers to Hijack, Disrupt Socomec UPS Devices appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepCisco Security Appliance Zero-Day Flaw is Under Attack by Ransomware CrooksThe vulnerability allows attackers to conduct password spraying and brute-force attacks, potentially leading to the identification of valid credentials and unauthorized remote access VPN sessions.BLEEPINGCOMPUTER.COM
11 SepBaseline Standards for BYOD Access RequirementsAccording to a survey by Jamf, nearly half of European enterprises lack a formal BYOD policy, leaving them vulnerable to data security risks associated with employees connecting personal devices to corporate resources.HELPNETSECURITY.COM
11 SepHands-On Learning Experiences Encourage Cybersecurity Career DiscoveryWith a mention in the new National Cyber Workforce and Education Strategy and even a dedicated state law , K–12 cybersecurity education clearly has the eye of policymakers. However, despite public attention and new opportunities for high school students to pursue cybersecurity co…NIST.GOV
11 Sep KEVNorth Korean hackers are targeting security researchers: GoogleA campaign by government-backed actors in North Korea is believed to be using zero-day exploits to target security researchers working on vulnerability research and development. Google's threat analysis group (TAG) said it has been tracking the campaign since January 2021 and has…CSOONLINE.COM
11 SepHive0117 Group Attacking Employees of Energy, Finance, & Software IndustriesHive0117 group has launched a new phishing campaign, which targets individuals working for significant industries in the energy, banking, transportation, and software security sectors with headquarters in Russia, Kazakhstan, Latvia, and Estonia. This group is known for disseminat…GBHACKERS.COM
11 SepCISA warns govt agencies to secure iPhones against spyware attacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies today to patch security vulnerabilities abused as part of a zero-click iMessage exploit chain to infect iPhones with NSO Group's Pegasus spyware. [...]BLEEPINGCOMPUTER.COM
11 SepNews Alert: Traceable AI report exposes true scale of API-related data breaches, top challengesSan Francisco, Calif. — Traceable AI, the industry’s leading API security company, today released its comprehensive research report – the 2023 State of API Security: A Global Study on the Reality of API Risk. Despite APIs being critical to the … (more…)LASTWATCHDOG.COM
11 SepSome of the Top Universities Wouldn’t Pass Cybersecurity Exam: Left Websites VulnerableMany universities worldwide, including some of the most prestigious, leave their webpages unpatched, leaking sensitive information, and even open to full takeovers, a Cybernews Research team investigation reveals.SECURITYAFFAIRS.COM
11 SepA Vulnerability in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software Could Allow for Unauthorized AccessA vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) software that could allow for unauthorized access. Cisco Adaptive Security Appliance (ASA) Software is the core operating system for the Cisco ASA Fami…CISECURITY.ORG
11 SepRoot Admin User: When Do Common Usernames Pose a Threat?Honeypot Hits Reinforce Need for Strong Passwords and Multifactor Authentication Honeypot data collected by CISO Jesse La Grew highlights how attackers continue to target default usernames - including for SSH - together with weak passwords to gain brute force remote access to the…DATABREACHTODAY.CO.UK
11 SepMGM Resorts shuts down IT systems after cyberattackMGM Resorts International disclosed today that it is dealing with a cybersecurity issue that impacted some of its systems, including its main website and online reservations. [...]BLEEPINGCOMPUTER.COM
11 SepIdentity is the Perimeter - Jeff Reich - BSW #319Managing identities continues to add complexity for granting access to enterprise resources. Between the increasing number and expanding types of identities, including carbon-based, silicon-based, and artificial identities, and the evolution of cloud computing and remote work, ma…YOUTUBE.COM
11 SepGoogle fixes another Chrome zero-day bug exploited in attacksGoogle released emergency security updates to fix the fourth Chrome zero-day vulnerability exploited in attacks since the start of the year. [...]BLEEPINGCOMPUTER.COM
11 SepApple fixes 0-Day Vulnerability in Older Operating Systems, (Mon, Sep 11th)This update fixes the ImageIO vulnerability Apple patched for current operating systems last week. Now, Apple follows up with a patch for its older, but still supported, operating system versions.
ISC.SANS.EDU
11 SepNew WiKI-Eve attack can steal numerical passwords over WiFiA new attack dubbed 'WiKI-Eve' can intercept the cleartext transmissions of smartphones connected to modern WiFi routers and deduce individual numeric keystrokes at an accuracy rate of up to 90%, allowing numerical passwords to be stolen. [...]BLEEPINGCOMPUTER.COM
11 SepJudge Gives Green Light to Meta Pixel Web Tracker LawsuitJudge Dismisses Some Plaintiff Claims But Allows Proposed Class Action to Advance A federal judge has given the green light for attorneys to proceed with a consolidated class action lawsuit against Meta that accuses the social media giant of intercepting sensitive health informat…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 8[−]
11 SepCISA Director Says Critical Infrastructure Cyber Incident Reporting Rules Almost ReadyFinal work is underway for the Cyber Incident Reporting for Critical Infrastructure Act, which CISA Director Jen Easterly expects to be done by the end of the year or early 2024 at the latest, she said at the Billington Cybersecurity Summit.CYBERSECURITYDIVE.COM
11 SepRansomware: It Takes A Village, Says NCSCUK Crime and Cybersecurity Agencies Urge 'Holistic' View of Ransomware Ecosystem Stopping the ransomware epidemic is less about tackling individual crypto-locking malware variants and more about combating the entire ecosystem of bad actors underpinning digital extortion, the Brit…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 23[−]
11 SepViva Air - 932,232 breached accountsIn March 2022, the now defunct Columbian airline Viva Air suffered a data breach and subsequent ransomware attack . Among a trove of other ransomed data, the incident exposed a log of 2.6M transactions with 932k unique email addresses, physical and IP addresses, names, phone numb…HAVEIBEENPWNED.COM
11 SepCybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised WindowsA new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatL…THEHACKERNEWS.COM
11 SepCyber Security Today, Sept 11, 2023 - Warnings from Cisco, a huge DDoS attack and more MOVEit and ransomware victimsThis episode reports on vulnerabilities that have to be dealt with in Cisco applications, the sentencing of a Russian businessman in the US to nine years in prison for his role in a nearly US$100 million stock market cheating scheme, and moreCYBERSECURITYTODAY.LIBSYN.COM
11 SepDymocks Booksellers Suffers Data Breach Impacting 836,000 CustomersThe company was informed that its customer data was stolen on September 6th, 2023, by Troy Hunt, the creator of the data breach notification service 'Have I Been Pwned' (HIBP), after a threat actor released it on a hacking forum.BLEEPINGCOMPUTER.COM
11 SepReport: 74% of Organizations Witnessed Multiple Breaches Due to API VulnerabilitiesAccording to the API security company Traceable, in collaboration with the Ponemon Institute, 60% of organizations surveyed reported at least one breach within the past two years, with 74% experiencing three or more incidents.INFOSECURITY-MAGAZINE.COM
11 SepOn Robots Killing PeopleThe robot revolution began long ago, and so did the killing. One day in 1979, a robot at a Ford Motor Company casting plant malfunctioned—human workers determined that it was not going fast enough. And so twenty-five-year-old Robert Williams was asked to climb into a storag…SCHNEIER.COM
11 SepMicrosoft Teams Phishing Attack Pushes DarkGate MalwareThe campaign started in late August 2023, when Microsoft Teams phishing messages were seen being sent by two compromised external Office 365 accounts to other organizations.BLEEPINGCOMPUTER.COM
11 SepHow to Prevent API Breaches: A Guide to Robust SecurityWith the growing reliance on web applications and digital platforms, the use of application programming interfaces (APIs) has become increasingly popular. If you aren’t familiar with the term, APIs allow applications to communicate with each other and they play a vital role in mo…THEHACKERNEWS.COM
11 SepHackers Using Microsoft Teams to Deliver DarkGate Malware Via HR-themed MessagesRecent reports indicate that threat actors have been using Microsoft Teams to deliver DarkGate Loader malware. The campaign originated from two compromised external Office 365 accounts identified to be “Akkaravit Tattamanas” (63090101@my.buu.ac.th) and “ABNER DAVID RIVERA ROJAS” …GBHACKERS.COM
11 SepAP Stylebook Breach May Have Hit Hundreds of JournalistsThe Associated Press (AP) has warned that users of a popular writing style guide have been hit by phishing attacks after their personal information was compromised in a data breach.INFOSECURITY-MAGAZINE.COM
11 SepBookstore Chain Dymocks Discloses Data Breach Possibly Impacting 800k CustomersThe personal information of more than 800,000 individuals was stolen from bookstore chain Dymocks in a cyberattack last week. The post Bookstore Chain Dymocks Discloses Data Breach Possibly Impacting 800k Customers appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepAssociated Press Stylebook Users Targeted in Phishing Attack Following Data BreachCybercriminals breached an AP Stylebook website and obtained information on customers who were then targeted in phishing attacks. The post Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepCybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised WindowsA new cyberattack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium.THEHACKERNEWS.COM
11 SepSquare says daylong outage caused by DNS errorSquare said there was “no evidence” a cyberattack caused an outage that left customers and small businesses unable to use the payment giant’s technology on Thursday through early-Friday. The payments technology giant said in a post-mortem of the daylong outage t…TECHCRUNCH.COM
11 SepGenerative AI, Contactless Tech Make Hotels Vulnerable to CyberattacksThe transition to mobile and contactless services in the hospitality industry is making hotels more vulnerable to cyber threats, according to a report from Trustwave SpiderLabs.CYBERSECURITYDIVE.COM
11 SepRhysida Ransomware Gang Claims to Have Hacked Three More US HospitalsThe Singing River Health System, which operates three hospitals and 10 clinics, experienced a cyberattack that disrupted various services, including laboratory and radiology testing.SECURITYAFFAIRS.COM
11 SepReport: 75% of Education Sector Attacks Linked to Compromised AccountsAccording to a report by Netwrix, 69% of organizations in the education sector have experienced a cyberattack in the past year. Phishing and user account compromise were the most common attack methods in this sector.HELPNETSECURITY.COM
11 SepX-based NFT phishing attack causes losses of over $691,000Hackers compromised Vitalik Buterin, the Ethereum co-founder's, X account then posted a phishing link to his followersCSHUB.COM
11 SepFacebook Messenger phishing wave targets 100K business accounts per weekHackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware. [...]BLEEPINGCOMPUTER.COM
11 SepSquare: Last week’s outage was caused by DNS issue, not a cyberattackPayment processing firm Square says a widespread outage that took down a large part of the company's infrastructure last week was caused by a DNS issue. [...]BLEEPINGCOMPUTER.COM
11 SepIT Systems Encrypted After UK School Hit By RansomwareA spate of cyberattacks against UK schools has claimed its latest victim after a Maidstone secondary school, Church of England St Augustine Academy, suffered a serious security breach late last week.INFOSECURITY-MAGAZINE.COM
11 SepMGM Resorts Confirms ‘Cybersecurity Issue’, Shuts Down SystemsMGM Resorts confirms "cybersecurity incident" led to the shutdown of web sites and IT systems of hotels throughout the United States. The post MGM Resorts Confirms ‘Cybersecurity Issue’, Shuts Down Systems appeared first on SecurityWeek .SECURITYWEEK.COM
🕵️ THREAT INTELLIGENCE 19[−]
11 SepISC Stormcast For Monday, September 11th, 2023 https://isc.sans.edu/podcastdetail/8652, (Mon, Sep 11th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
11 SepW3LL Panel Phishing Kit Used to Hijack Over 56,000 Microsoft 365 AccountsW3LL, an initially obscure threat group, has transformed into a significant player in the cyber underworld, selling a phishing kit called W3LL Panel and 16 specialized tools for BEC attacks. Group-IB identified close to 850 unique phishing websites attributed to the W3LL Panel. P…CYWARE.COM
11 SepGUEST ESSAY: Robust data management can prevent theft, guard intellectual propertyIn an era of global economic uncertainty, fraud levels tend to surge, bringing to light the critical issue of intellectual property (IP) theft. Related: Neutralizing insider threats This pervasive problem extends beyond traditional notions of fraud, encompassing both insider thre…LASTWATCHDOG.COM
11 SepFBI Blames North Korean Hackers for $41 Million Stake.com HeistFBI says North Korean hacking group Lazarus has stolen $41 million in cryptocurrency from online betting platform Stake.com. The post FBI Blames North Korean Hackers for $41 Million Stake.com Heist appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepSpies, Hackers, Informants: How China Snoops on the WestSome of the ways China has worked to spy on the West in recent years. The post Spies, Hackers, Informants: How China Snoops on the West appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepMicrosoft Teams Phishing Campaign Distributes DarkGate MalwareResearchers at Truesec are tracking a phishing campaign that’s distributing the DarkGate Loader malware via external Microsoft Teams messages.KNOWBE4.COM
11 SepWhy keep Cybercom and the NSA’s dual-hat arrangement?The dual-hat arrangement, where one person leads both the National Security Agency (NSA) and U.S. Cyber Command (Cybercom), has been in place since Cybercom’s creation in 2010. What was once touted as temporary 13 years ago now seems established. Will the dual-hat arrangeme…SECURITYINTELLIGENCE.COM
11 SepCharming Kiten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E.The Iranian threat actor known as Charming Kiten has been linked to a new wave of attacks targeting different entities in Brazil, Israel, and the U.A.E. using a previously undocumented backdoor named Sponsor. Slovak cybersecurity firm is tracking the cluster under the name Ballis…THEHACKERNEWS.COM
11 SepNew HijackLoader Malware Used to Distribute Various Malware FamiliesA new malware loader known as HijackLoader has gained popularity among cybercriminals for distributing various payloads, including DanaBot, SystemBC, and RedLine Stealer. HijackLoader uses a modular architecture that facilitates threat actors to perform code injection and executi…CYWARE.COM
11 SepAfter Microsoft and X, Hackers Launch DDoS Attack on TelegramAnonymous Sudan launches a DDoS attack against Telegram in retaliation for the suspension of their primary account on the platform. The post After Microsoft and X, Hackers Launch DDoS Attack on Telegram appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepNotepad++ v8.5.7 Released: Fix for 4 Security VulnerabilitiesNotepad++ v8.5.7 has been released, which has several bug fixes and new features. There has also been Integrity and authenticity validation, added Security enhancement and fixed a memory leak while reading Utf8-16 files. Multiple vulnerabilities in Notepad++ relating to Heap buff…GBHACKERS.COM
11 SepThe necessity of a robust K-12 digital infrastructureK-12 requires technology that is safe, accessible, resilient, sustainable, and capable of adapting to evolving technological landscapes.SOPHOS.COM
11 SepGitHub - boringtools/git-alerts: A Public Git repository & misconfiguration detection toolsubmitted by L4s to secops 1 points | 0 comments https://github.com/boringtools/git-alerts GitHub - boringtools/git-alerts: A Public Git repository & misconfiguration detection tool::A Public Git repository & misconfiguration detection tool - GitHub - boringtools/git-aler…GITHUB.COM
11 SepIranian hackers backdoor 34 orgs with new Sponsor malwareA nation-state threat actor known as 'Charming Kitten' (Phosphorus, TA453, APT35/42) has been observed deploying a previously unknown backdoor malware named 'Sponsor' against 34 companies around the globe. [...]BLEEPINGCOMPUTER.COM
11 SepApple issues emergency patches.submitted by IllNess to securitynews 1 points | 0 comments https://thecyberwire.com/stories/b2ce1ad8482949838b91ed9f405ac901/apple-issues-emergency-patchesTHECYBERWIRE.COM
11 SepUS Marks 22 Years Since 9/11 Terrorist AttacksOne organization is hoping to transform the anniversary of 9/11 into a day of doing good. The post US Marks 22 Years Since 9/11 Terrorist Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepThe Secrets of Top Performing CISOs as the Board Expands Cybersecurity Risk Oversight - BSW #319In the leadership and communications section, The importance of CISOs is not recognised by senior leadership, The secret habits of top-performing CISOs, Get *Free* copies of two of our favorite leadership books, and more! Visit https://www.securityweekly.com/bsw for all the lates…YOUTUBE.COM
11 SepDarkGate Malware Operators on a Phishing SpreeVectors Includes Teams Phishing and Malvertising Advertising on Russian-language criminal forums is paying off for the author of the DarkGate malware as reflected by a spike in infections, including an unusual phishing campaign on Microsoft Teams to deliver the loader through HR-…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 7[−]
11 SepNew HijackLoader Modular Malware Loader Making Waves in the Cybercrime WorldA new malware loader called HijackLoader is gaining traction among the cybercriminal community to deliver various payloads such as DanaBot, SystemBC, and RedLine Stealer. "Even though HijackLoader does not contain advanced features, it is capable of using a variety of modules for…THEHACKERNEWS.COM
11 SepWashington DC-Based Group Targeted in Apparent Pegasus HackResearchers have claimed that an individual employed by a Washington DC-based organization with international offices was targeted with the Pegasus spyware, raising new concerns about the proliferation of spyware that can infect Apple devices.THEGUARDIAN.COM
11 SepTechnical Analysis of HijackLoaderHijackLoader has been observed loading various malware families such as Danabot, SystemBC, and RedLine Stealer. The malware uses syscalls to evade security solutions, has anti-analysis techniques, and delays code execution at different stages.ZSCALER.COM
11 SepMicrosoft Teams Phishing Campaign Deploys DarkGate MalwareA recent phishing campaign leverages Microsoft Teams messages to disseminate the powerful DarkGate Loader malware via malicious attachments. The existing security measures in Microsoft Teams, such as Safe Attachments and Safe Links, were unable to identify or prevent this attack.…CYWARE.COM
11 SepVulnerabilities Allow Hackers to Hijack, Disrupt Socomec UPS DevicesAaron Flecha Menendez, an ICS security consultant at Spain-based cybersecurity firm S21sec, discovered that some Socomec UPS devices, specifically MODULYS GP (MOD3GP-SY-120K), are affected by seven vulnerabilities.SECURITYWEEK.COM
11 SepSponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoorESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named SponsorWELIVESECURITY.COM
📡 INFOSEC NEWS 12[−]
11 SepBack-to-school threats: virtual classrooms and videoconferencing | Kaspersky official blogKids at school: how to ensure privacy and security in educational tools and videoconferencing apps offered by a school.KASPERSKY.COM
11 SepLive Webinar | Claranet & Approach Fireside Panel on Awareness, Behaviour, and Security CultureDATABREACHTODAY.CO.UK
11 SepLive Webinar | Data Protection and its Modern Role in Cyber Recovery (Auf Deutsch)DATABREACHTODAY.CO.UK
11 SepMassive DDoS Attack on US Financial Company Thwarted by Cybersecurity FirmThe attack against the company, detected last week, peaked at 633.7 gigabits of traffic per second. According to the cloud computing company Gcore, as of this year, DDoS attacks can reach as high as 800 Gbps.THERECORD.MEDIA
11 SepCerta Raises $35M to Bring AI to Third-Party Risk ManagementThe San Francisco-based company plans to invest in artificial intelligence (AI) that converts text-based policies into controlled workflows integrated with third-party tools.HEALTHCAREINFOSECURITY.COM
11 SepRise in Tech-Support Scams Abusing Windows Action Center NotificationsThese scams now impersonate security providers like McAfee and Avast and use pirated movie streaming websites and social media platforms like X (formerly Twitter) to direct users to fraudulent tech-support pages.ZSCALER.COM
11 SepGoogle Chrome Rolls Out Support for 'Privacy Sandbox' to Bid Farewell to Tracking CookiesGoogle has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users, nearly four months after it announced the plans. "We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide,…THEHACKERNEWS.COM
11 SepRussian Infosec Boss Gets Nine Years Sentence for Hack-And-Trade OperationRussian owner of security firm M-13, Vladislav Klyushin, has been sentenced to nine years in prison for his role in a cybercrime operation that stole confidential financial information and made $93 million through insider trading.THEREGISTER.COM
11 Sep0xPass raises $1.8M from Balaji Srinivasan and others to build secure login systems for web30xPass is among the many startups trying to make crypto wallets secure and convenient for mass adoption. Specifically, it’s solving the login piece of user experience, which, at the moment, is cumbersome and requires users to have a decent level of technical know-how. Incub…TECHCRUNCH.COM
11 SepVietnamese Hackers Deploy Python-Based Stealer via Facebook MessengerA new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' accounts. "Originating yet again from a Vietnamese-based group, this ca…THEHACKERNEWS.COM
11 SepMGM Resorts blames ‘cybersecurity issue’ for ongoing outageHotel and casino giant MGM Resorts has confirmed a “cybersecurity issue” is to blame for an ongoing outage affecting systems at the company’s Las Vegas properties. “MGM Resorts recently identified a cybersecurity issue affecting some of the company’s systems,” the company s…TECHCRUNCH.COM
11 SepMicrosoft will block 3rd-party printer drivers in Windows UpdateMicrosoft will block third-party printer driver delivery in Windows Update as part of a substantial and gradual shift in its printer driver strategy over the next 4 years. [...]BLEEPINGCOMPUTER.COM