110Articles
10Categories
2023-09-13Date
🚨 CISA KEV 1[−]
13 Sep KEVCISA Adds Three Known Vulnerabilities to CatalogCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-35674 Android Framework Privilege Escalation Vulnerability CVE-2023-20269 Cisco Adaptive Security Appliance and Firepower Threat Defense Un…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 13[−]
13 Sep KEVMozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and ThunderbirdMozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser. The shortcoming, assigned the identifier CVE-2…THEHACKERNEWS.COM
13 Sep KEVUpdate Adobe Acrobat and Reader to Patch Actively Exploited VulnerabilityAdobe's Patch Tuesday update for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for …THEHACKERNEWS.COM
13 Sep KEVUnusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-dayssubmitted by c0mmando to netsec 1 points | 0 comments https://blog.talosintelligence.com/microsoft-patch-tuesday-for-september-2023/ Fifty-six of the vulnerabilities included in this month’s Patch Tuesday are considered “important,” according to Microsoft, while two are of “moder…TALOSINTELLIGENCE.COM
13 SepWindows Arbitrary File Deletion Vulnerability Leads to Full System CompromiseThreat actors were using Windows Arbitrary File Deletion to perform Denial-of-service attacks on systems affected by this vulnerability. However, recent reports indicate that this Windows Arbitrary file deletion can be used for a full compromise. The possibility of this attack de…GBHACKERS.COM
13 Sep KEVChrome Zero-Day Vulnerability Exploited in the WildChrome’s Stable and Extended stable channels have been upgraded to 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows as part of a security update. One “Critical” security upgrade is included in this release. In the coming days and weeks, the u…GBHACKERS.COM
13 Sep KEVMozilla Zero-Day Vulnerability Exploited in the Wild – Patch Now!In a race against time to safeguard user security, major browser vendors, including Google and Mozilla, have scrambled to release urgent updates in response to a critical vulnerability discovered in the WebP Codec.  This newly unearthed vulnerability, bearing the identifier …GBHACKERS.COM
13 SepSeveral Siemens ICS Products Impacted by Critical CodeMeter VulnerabilityOne of the advisories describes CVE-2023-3935, a critical vulnerability affecting Wibu Systems’ CodeMeter software licensing and protection technology, which is used by several Siemens products, including PSS, SIMATIC, SIMIT, SINEC, and SINEMA.SECURITYWEEK.COM
13 SepZero-Click Exploit in iPhonesMake sure you update your iPhones : Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones. T…SCHNEIER.COM
13 SepAdobe Says Critical PDF Reader Zero-Day Being ExploitedAs part of its scheduled batch of Patch Tuesday updates, Adobe warned that hackers are exploiting a remotely exploitable vulnerability — CVE-2023-26369 — to launch code execution attacks.SECURITYWEEK.COM
13 SepAlert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows EndpointsThree interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores o…THEHACKERNEWS.COM
13 SepSevere Azure HDInsight flaws highlight dangers of cross-site scriptingSecurity researchers have found eight serious cross-site scripting (XSS) flaws in Azure HDInsight, a big data processing service powered by open-source technologies like Apache Hadoop, Spark, Hive and Kafka running on Azure. The flaws could have allowed attackers to inject and ex…CSOONLINE.COM
13 SepNew Kubernetes vulnerability allows privilege escalation in WindowsThe latest version of Kubernetes released last month includes patches for an entire class of vulnerabilities that allow attackers to abuse the subPath property of YAML configuration files to execute malicious commands on Windows hosts. “The vulnerability allows remote code execut…CSOONLINE.COM
13 SepCVE-2023-38146: Arbitrary Code Execution via Windows Themessubmitted by L4s to secops 1 points | 0 comments https://exploits.forsale/themebleed/ CVE-2023-38146: Arbitrary Code Execution via Windows Themes::undefinedEXPLOITS.FORSALE
⚠️ VULNERABILITY DISCLOSURE 29[−]
13 SepPower grid of Asian nation shows signs of intrusion by espionage group ⚡⚡⚡submitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/power-grid-asian-nation-cyber-espionage-redfly-shadowpad Hackers attacked the national power grid of an unspecified Asian country earlier this year using malware typically deployed by personnel connecte…THERECORD.MEDIA
13 SepNew backdoor tool spotted in use against targets in Brazil, Israel, UAEsubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/sponsor-backdoor-charming-kitten-brazil-israel-uae Suspected Iranian nation-state hackers attacked organizations in Brazil, Israel and the United Arab Emirates using previously unidentified backdoor mal…THERECORD.MEDIA
13 SepRansomware crew hits Save The Children, steals 7TB of datasubmitted by c0mmando to netsec 1 points | 0 comments https://www.theregister.com/2023/09/11/bianlian_save_the_children/ As highlighted by VX-Underground and Emsisoft threat analyst Brett Callow earlier today, BianLian bragged on its website it had hit an organization that, based…THEREGISTER.COM
13 Sep KEVMicrosoft Releases Patch for Two New Actively Exploited Zero-Days FlawsMicrosoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors. Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Modera…THEHACKERNEWS.COM
13 SepNew Exploit Puts Thousands of GitHub Repositories and Millions of Users at RiskA new vulnerability in GitHub's repository creation and username renaming operations could enable attackers to hijack popular repositories and distribute malicious code, posing a significant risk to the open-source community.CHECKMARX.COM
13 SepAfter Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware DeliveryAfter Apple and Google, Mozilla has also patched an image processing-related zero-day vulnerability exploited by spyware. The post After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery appeared first on SecurityWeek .SECURITYWEEK.COM
13 Sep KEVMozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and ThunderbirdMozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser.THEHACKERNEWS.COM
13 Sep“Authorized” to break in: Adversaries use valid credentials to compromise cloud environmentsOverprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple y…SECURITYINTELLIGENCE.COM
13 SepGigamon’s ‘Precryption’ to block attacks hiding behind encryptionWith promises of unprecedented visibility into encrypted traffic across virtual machines (VM) and container workloads, deep observability company Gigamon has launched a new "Precryption" technology. Gigamon's GigaVUE 6.4 will deploy the Precryption technology to enable IT and sec…CSOONLINE.COM
13 Sep KEVMicrosoft Patches a Pair of Actively Exploited Zero-DaysIn total, Microsoft released 59 new patches addressing bugs across its product gamut. They affect Microsoft Windows, Exchange Server, Office, .NET and Visual Studio, Azure, Microsoft Dynamics, and Windows Defender.DARKREADING.COM
13 SepCISA Offering Free Vulnerability Scanning Service to Water UtilitiesCISA is offering a free vulnerability scanning service to water utilities to help them protect drinking water and wastewater systems against cyberattacks. The post CISA Offering Free Vulnerability Scanning Service to Water Utilities appeared first on SecurityWeek .SECURITYWEEK.COM
13 SepSAP Patches Critical Vulnerability Impacting NetWeaver, S/4HANASAP has released patches for a critical vulnerability impacting multiple enterprise applications, including NetWeaver and S/4HANA. The post SAP Patches Critical Vulnerability Impacting NetWeaver, S/4HANA appeared first on SecurityWeek .SECURITYWEEK.COM
13 SepCISA Releases Open Source Software Security RoadmapCISA details its plan to support the open source software ecosystem and secure the use of open source software within the federal government. The post CISA Releases Open Source Software Security Roadmap appeared first on SecurityWeek .SECURITYWEEK.COM
13 SepHow end-user phishing training works (and why it doesn’t)Training end-users to spot phishing has its benefits, but it's clear to see organizations as a whole have failed to make a dent in phishing attacks. Learn more from Specops Software on how phishers use social engineering to exploit human psychology. [...]BLEEPINGCOMPUTER.COM
13 SepResearchers Detail 8 Vulnerabilities in Azure HDInsight Analytics ServiceMore details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities. "The identified vulnerabilities consisted of six stor…THEHACKERNEWS.COM
13 SepPerception Point launches MSP program to help partners tackle threatsCybersecurity provider Perception Point has announced the launch of a new managed service provider (MSP) program to empower partners with dedicated, enterprise-level threat prevention, detection, and response. The tailored security offering is designed for MSPs and managed securi…CSOONLINE.COM
13 Sep KEVHigh-Profile CVEs Turn up in Vulnerability Exploit SalesThree reported purchases of vulnerability exploits on the dark web during the first half of the year included high-profile, actively exploited CVEs, according to research by Flashpoint.CYBERSECURITYDIVE.COM
13 SepUS Cyber Command Wrapped Second ‘Hunt Forward’ Mission to LithuaniaMembers of the command’s Cyber National Mission Force (CNMF) worked for months alongside experts from Lithuania’s Information Technology and Communications Department, which is part of the country’s Ministry of the Interior.THERECORD.MEDIA
13 SepDistributed Energy Resources Get Cybersecurity Boost with $39M DOE FundingThe US Department of Energy gives $39 million in funding for nine projects to advance the cybersecurity of distributed energy resources. The post Distributed Energy Resources Get Cybersecurity Boost with $39M DOE Funding appeared first on SecurityWeek .SECURITYWEEK.COM
13 SepMozilla Releases Security Updates for Multiple ProductsMozilla has released security updates to address a vulnerability affecting Firefox, Firefox ESR, and Thunderbird. A cyber threat actor can exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Mozilla’s advisory ( MFS…CISA.GOV
13 SepBlack Hat Fireside Chat: The impactful role crowdsourced security intelligence must playFrom Kickstarter to Wikipedia, crowdsourcing has become a part of everyday life. Sharing intel for a greater good Now one distinctive type of crowdsourcing — ethical hacking – is positioned to become a much more impactful component of securing modern … (more…)LASTWATCHDOG.COM
13 SepPartnering up on XDR: A rising tide lifts all security teamsSecurity is a community effort; it takes a network of partners to ensure everyone is secure. That's why Cisco's Extended Detection and Response (XDR) solution, launched in April, focuses on correlating telemetry from several third-party security vendors to increase interoperabili…CSOONLINE.COM
13 SepUsing AI-generated code can lead to business riskLittle things can get you into big trouble. This has been true for all human history. One of the most famous descriptions of it comes from a proverb centuries ago that begins "For want of a nail the [horse]shoe was lost..." and concludes with the entire kingdom being lost "...all…CSOONLINE.COM
13 SepRollbar discloses data breach after hackers stole access tokensSoftware bug-tracking company Rollbar disclosed a data breach after unknown attackers hacked its systems in early August and gained access to customer access tokens. [...]BLEEPINGCOMPUTER.COM
13 SepNew Paper: “Securing AI: Similar or Different?“As you may have noticed, we have released a new paper on securing AI . I want to share a few additional things here on top our official launch blog . src: http://bit.ly/ociso-ai1-pod For a few years (so, yes, I did start before the ChatGPT launch, if you have to ask…), I’ve been …MEDIUM.COM
13 SepPegasus Infection of Galina Timchenko, exiled Russian Journalist and Publishersubmitted by c0mmando to netsec 1 points | 0 comments https://citizenlab.ca/2023/09/pegasus-infection-of-galina-timchenko-exiled-russian-journalist-and-publisher/ In an investigative collaboration with Access Now, the Citizen Lab has analyzed forensic artifacts from the iPhone of…CITIZENLAB.CA
13 Sep KEVMicrosoft Patches Fix Word and Streaming Services Zero-DaysPatch Contains 59 Bugs Fixes, Including 5 Critical Ones Microsoft's September dump of fixes addresses two actively exploited zero-day vulnerabilities, including one in Microsoft Word that has a proof-of-concept code available publicly. "Definitely put this one on the top of your …DATABREACHTODAY.CO.UK
13 SepA Vulnerability in Mozilla Products Could Allow for Arbitrary Code ExecutionA vulnerability has been discovered in Mozilla products, which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thund…CISECURITY.ORG
📋 SECURITY BULLETINS 1[−]
13 SepCyber Security Today, Sept. 13, 2023 - Crooks target Facebook Messenger accounts of businesses, a warning to IT support staff and moreThis episode reports on the latest security updates, a scam aimed at IT service desk staff of American organizations that use access management solutions from Okta, and moreCYBERSECURITYTODAY.LIBSYN.COM
📢 SECURITY ADVISORIES 11[−]
13 SepUK ICO and NCSC Set to Share Anonymized Threat IntelligenceThe UK’s data protection regulator and its leading security agency have signed an agreement to cooperate more closely on cyber incidents, in a bid to make the country the safest place in the world to do business.INFOSECURITY-MAGAZINE.COM
13 SepRansomware: It Takes A Village, Says the UK NCSCStopping the ransomware epidemic is less about tackling individual crypto-locking malware variants and more about combating the entire ecosystem of bad actors underpinning digital extortion, the British government said Monday.BANKINFOSECURITY.COM
13 SepUS Agencies Publish Cybersecurity Report on Deepfake ThreatsCISA, FBI and NSA have published a cybersecurity report on deepfakes and recommendations for identifying and responding to such threats. The post US Agencies Publish Cybersecurity Report on Deepfake Threats appeared first on SecurityWeek .SECURITYWEEK.COM
13 SepUS Federal Agencies Urge Firms to Prepare for DeepfakesThe NSA, FBI and CISA Find the AI-Generated Media 'Particularly Concerning' U.S. federal agencies are advising organizations to hone their real-time verification capabilities and passive detection techniques to alleviate the impact of deepfakes. The technology's easy accessibilit…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 20[−]
13 SepCoinEx confirms hack after $31 million in cryptocurrency allegedly stolen from exchangesubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/coinex-confirms-hack-after-31-million-allegedly-stolen Cryptocurrency exchange CoinEx confirmed that a hacker stole millions of dollars worth of cryptocurrency in an attack on Tuesday. The global exchan…THERECORD.MEDIA
13 SepIsrael Investigates Potential Breach of Lawmakers’ PhonesOn Saturday, 15 members of the Yesh Atid political party, including the Israeli opposition leader Yair Lapid, had their WhatsApp accounts temporarily blocked, sparking concerns about potential phone hacking.THERECORD.MEDIA
13 SepCISOs and Board Members Work More Closely Than Ever BeforeA recent survey by Proofpoint reveals that 73% of board members believe they will face a major cyberattack in the next 12 months, up from 65% in the previous year. Additionally, 53% feel unprepared to handle a targeted attack.HELPNETSECURITY.COM
13 SepChinese Redfly Hacked National Power Grid & Maintained Access for 6 MonthsCybersecurity researchers at Symantec’s Threat Hunter Team recently discovered that the Redfly threat actor group used ShadowPad Trojan to breach an Asian national grid for 6 months. Artificial intelligence-driven cyber threats grow as technology advances, significantly inf…GBHACKERS.COM
13 SepRansomware gang steals 6.8TB of data from Save The ChildrenRansomware gang BianLian has claimed responsibility for the cyber attack which saw them steal financial, medical and health dataCSHUB.COM
13 SepHow Cyberattacks Are Transforming WarfareThere is a new battlefield. It is global and challenging to defend. What began with a high-profile incident back in 2007, when Estonia was hit by hackers targeting its government and commercial sector, has evolved into cyber warfare that is being waged constantly worldwide. Today…THEHACKERNEWS.COM
13 SepRust-Written 3AM Ransomware: A Sneak Peek into a New Malware FamilyA new ransomware family called 3AM has emerged in the wild after it was detected in a single incident in which an unidentified affiliate deployed the strain following an unsuccessful attempt to deploy LockBit (aka Bitwise Spider or Syrphid) in the target network. "3AM is written …THEHACKERNEWS.COM
13 SepBig MGM Resorts Outage Traces to Ransomware, Researchers SayAlphv/BlackCat Group Reportedly Hit Casino Operator via Social Engineering Attack Booking and reservation systems, as well as slot machines, hotel room door locks, ATMs and more remain offline at multiple MGM Resorts properties as the publicly traded casino hotel giant battles "a…DATABREACHTODAY.CO.UK
13 SepRedLine/Vidar Abuses EV Certificates, Shifts to RansomwareIn this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.TRENDMICRO.COM
13 SepCanadian Nurses Association Confirms Data Theft After Hackers Dump Stolen InformationWhile operations were not affected, some systems were compromised. The ransomware groups Snatch and Nokoyawa claimed responsibility for the attack, with Snatch leaking 37 GB of data from the association.THERECORD.MEDIA
13 SepWeaponized Free Download Manager for Linux Steals System Data & PasswordsIn recent years, Linux systems gained prominence among diverse threat actors, with more than 260,000 unique samples emerging in H1 2023. In the case of Linux, threat actors can run multiple campaigns without being detected for years, and maintain long-term existence on the compro…GBHACKERS.COM
13 SepRedfly Group Compromised National Power Grid in Six-Months-Long CampaignThe Redfly threat actor group used the ShadowPad Trojan to compromise a national grid in an Asian country, stealing credentials and maintaining a presence for up to six months.SYMANTEC-ENTERPRISE-BLOGS.SECURITY.COM
13 SepHackers use new 3AM ransomware to save failed LockBit attackA new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network. [...]BLEEPINGCOMPUTER.COM
13 SepCost of a data breach 2023: Pharmaceutical industry impactsData breaches are both commonplace and costly in the medical industry.  Two industry verticals that fall under the medical umbrella — healthcare and pharmaceuticals — sit at the top of the list of the highest average cost of a data breach, according to IBM’…SECURITYINTELLIGENCE.COM
13 SepmacOS Info-Stealer Malware ‘MetaStealer’ Targeting BusinessesThe MetaStealer macOS information stealer has been targeting businesses to exfiltrate keychain and other valuable information. The post macOS Info-Stealer Malware ‘MetaStealer’ Targeting Businesses appeared first on SecurityWeek .SECURITYWEEK.COM
13 SepAirbus Launches Investigation After Hacker Leaks DataAirbus has launched an investigation after a hacker claimed to have breached the company’s systems and leaked some business documents. The post Airbus Launches Investigation After Hacker Leaks Data appeared first on SecurityWeek .SECURITYWEEK.COM
13 SepHackers steal $53 million worth of cryptocurrency from CoinExGlobal cryptocurrency exchange CoinEX announced that someone hacked its hot wallets and stole large amounts of digital assets that were used to support the platform's operations. [...]BLEEPINGCOMPUTER.COM
13 SepDigital forensics firm Binalyze raises $19M to investigate cyber threatsBinalyze, a London-based startup building a toolset for digital forensics and incident response, this week announced that it raised $19 million in a Series A round led by Molten Ventures with participation from Cisco Investments, Citibank Ventures and Deutsche Bank Ventures. Foun…TECHCRUNCH.COM
13 SepFeds Warn Healthcare Sector of Akira Ransomware ThreatsHHS: Group Seems to Favor Targeting Small & Midsized Entities that Lack MFA on VPNs Authorities are warning of threats posed by Akira, a ransomware group that surfaced in March and has been linked to dozens of attacks on small and midsized entities. The group is targeting many in…DATABREACHTODAY.CO.UK
13 SepRansomware Infection Vectors | News - PSW7986:00pm ET - Amanda Berlin 7:00pm ET - Security News This week, we start things off with an interview with Amanda Berlin, Lead Incident Detection Engineer at Blumira (primary), Mental Health Hackers, & Cybersecurity Conference Training, about Incident Response: Clouds, SMBs, and m…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 17[−]
13 SepISC Stormcast For Wednesday, September 13th, 2023 https://isc.sans.edu/podcastdetail/8656, (Wed, Sep 13th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
13 SepMicrosoft Warns of New Phishing Campaign Targeting Corporations via Teams MessagesMicrosoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as lures to infiltrate corporate networks. The tech giant's Threat Intelligence team is tracking the cluster under the name Storm-0324, which is also known by…THEHACKERNEWS.COM
13 SepSecurityWeek to Host Cyber AI & Automation SummitVirtual conference will explore cybersecurity use-cases for AI technology and the race to protect LLM algorithms from adversarial use. The post SecurityWeek to Host Cyber AI & Automation Summit appeared first on SecurityWeek .SECURITYWEEK.COM
13 SepCan You Guess Common Phishing Themes in Southeast Asia?Researchers at Cyfirma outline trends in phishing campaigns around the world, finding that Singapore is disproportionately targeted by phishing attacks.KNOWBE4.COM
13 SepChina Says No Law Banning iPhone Use in Govt AgenciesChina said it was following media reports about suspected security issues with iPhones but insisted there was no ban on its officials using the devices The post China Says No Law Banning iPhone Use in Govt Agencies appeared first on SecurityWeek .SECURITYWEEK.COM
13 SepNewly Discovered MetaStealer Malware Targets macOS UsersA new MetaStealer malware has surfaced in the wild, targeting macOS business users. Written in Golang, the malware is distributed via social engineering tactics, where attackers pose as fake design clients and lure victims into executing malicious payloads. Apple’s XProtect updat…CYWARE.COM
13 SepCISOs and Board Reporting – an Ongoing ProblemBoards often complain they receive overly-technical reports from management teams that fail to put governance in business and financial terms. The post CISOs and Board Reporting – an Ongoing Problem appeared first on SecurityWeek .SECURITYWEEK.COM
13 SepHow Next-Gen Threats Are Taking a Page From APTsCybercriminals are increasingly trying to find ways to get around security, detection, intelligence and controls as APTs start to merge with conventional cybercrime. The post How Next-Gen Threats Are Taking a Page From APTs appeared first on SecurityWeek .SECURITYWEEK.COM
13 SepCommunity Feedback Request: Weekly Threadssubmitted by shellsharks to cybersecurity 2 points | 0 comments Hello /c/cybersecurity! I wanted to take the temperature on weekly threads (i.e. Mentorship Monday, Training Tuesday, etc…) and get an idea of whether people like these and want to see them continue. I’ve noticed a d…INFOSEC.PUB
13 SepReconAIzer: OpenAI-based Extension for Burp SuiteBurp Suite, the renowned Bug Bounty Hunting and Web Application Penetration Testing tool, has been improvised with many extensions over the years. Many of Burp’s Extensions have been used by Bug Bounty Hunters and Security Researchers for various purposes. It has been nearly a ye…GBHACKERS.COM
13 SepEU Chief Announces Plans to Boost AI DevelopmentEU Will Grant AI Startups Access to Supercomputers, Commission President Says The European Union will open up supercomputers to artificial intelligence startups in a bid to boost innovation inside the trading bloc, European Commission President Ursula von der Leyen said Wednesday…DATABREACHTODAY.CO.UK
13 SepHackers Attack Facebook Business Users Aggressively to Steal Login CredentialsA new and highly concerning cyber threat has emerged, as a botnet known as “MrTonyScam” has been orchestrating an extensive Messenger phishing campaign on Facebook. Recently, this campaign has flooded the platform with malicious messages, posing a significant risk to …GBHACKERS.COM
13 SepNetwork Device Supply Chain Security - BTS #13In this edition of Below The Surface, we discuss Network Device Supply Chain Security with Nate Warfield, Director of Threat Research & Intelligence at Eclypsium. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! →Full Sh…YOUTUBE.COM
13 SepAuthMind Scores $8.5M Seed Funding for ITDR TechMaryland startup scores $8.5 million in seed-stage funding to compete in the Identity Threat Detection and Response (ITDR) category. The post AuthMind Scores $8.5M Seed Funding for ITDR Tech appeared first on SecurityWeek .SECURITYWEEK.COM
13 SepChinese APT41 Implicated in Asian National Power Grid HackSymantec Finds APT41 Fingerprint in a ShadowPad Trojan Attack on Asian Power Grid Cybersecurity researchers at Symantec said a cybercriminal entity with possible ties to the Chinese government used the ShadowPad Trojan to target an Asian country's national power grid earlier this…DATABREACHTODAY.CO.UK
13 SepDOD Cyber Strategy Aims to Disrupt Hackers, Deepen Ally WorkDefense Department Will Conduct Defensive Ops on Internal Network, Invest in People The Defense Department's updated cyber strategy calls for disrupting malicious actors and boosting the cyber capabilities of U.S. allies to take on Chinese threats to critical infrastructure. Defe…DATABREACHTODAY.CO.UK
13 SepMeet AI-Powered Prisma SASE at SASE Converge 2023SASE Converge 2023 is a two-day virtual experience featuring thought leaders and technologists from across the globe, revealing Prisma SASE, powered by AI. The post Meet AI-Powered Prisma SASE at SASE Converge 2023 appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
13 SepStealthy Remcos Malware Attack Campaign Takes Aim at Colombian FirmsThe attackers employed highly obfuscated BAT files and multi-layered obfuscation techniques to evade detection and load the Remcos malware into memory, bypassing traditional antivirus and endpoint security solutions.RESEARCH.CHECKPOINT.COM
🎙️ PODCASTS 1[−]
13 SepSmashing Security podcast #339: Bitcoin boo-boo, deepfakes for good, and time to say goodbye to usernames?Deepfakes are being used for good (perhaps), common usernames could pose a security threat, and someone has paid a $500,000 fee... just to send $1,865. Oh, and our guest mentions Mr Blobby (to the horror of the show's hosts...) All this and much much more is discussed in the late…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 15[−]
13 SepNew MidgeDropper Variant DiscoveredResearchers at FortiGuard Labs have discovered a new dropper variant called MidgeDropper, which has a complex infection chain and uses code obfuscation and sideloading techniques.FORTINET.COM
13 SepCoinEx Exchange Loses $27 Million Worth of Crypto in Suspected HackA CoinEx hot wallet transferred $27 million of various tokens to a wallet with no previous history in what the exchange’s team has referred to as “anomalous withdrawals."COINTELEGRAPH.COM
13 SepWebinar: Identity Threat Detection & Response (ITDR) – Rips in Your Identity FabricIn today's digital age, SaaS applications have become the backbone of modern businesses. They streamline operations, enhance productivity, and foster innovation. But with great power comes great responsibility. As organizations integrate more SaaS applications into their workflow…THEHACKERNEWS.COM
13 SepCertifID, Which Develops Products To Prevent Wire Fraud, Raises $20MThe real estate fraud prevention startup CertifID has raised $20 million in a funding round led by Arthur Ventures, bringing its valuation to over double its previous value.TECHCRUNCH.COM
13 SepNearly 15,000 Accounts Raided at Automaker Sites to Harvest Vehicle IDsAttackers appear to have deployed bots to break into customer accounts at several large automakers, then harvested important information about thousands of individual vehicles and offered it for sale in private Telegram channels, researchers said.THERECORD.MEDIA
13 SepMicrosoft Teams down: Ongoing outage behind message failures, delaysMicrosoft is investigating an ongoing outage preventing customers from sending or receiving messages using the company's Microsoft Teams communication platform. [...]BLEEPINGCOMPUTER.COM
13 SepFrance demands Apple pull iPhone 12 due to high RF radiation levelsThe Agence Nationale des Fréquences (ANFR) has asked Apple to withdraw iPhone 12 smartphones from the French market because the device emits radiofrequency energy that is beyond the limit permitted to be absorbed by the human body. [...]BLEEPINGCOMPUTER.COM
13 SepJourney to the Cloud: Navigating the Transformation - Part 1Nikko Asset Management's Marcus Rameke Defines the Requirements In Part 1 of this three-part blog post, Nikko Asset Management's Marcus Rameke provides an introduction and defines the requirements for making the transformative journey to the cloud. Parts 2 and 3 will discuss more…DATABREACHTODAY.CO.UK
13 SepNew Windows 11 feature blocks NTLM-based attacks over SMBMicrosoft added a new security feature to Windows 11 that lets admins block NTLM over SMB to prevent pass-the-hash, NTLM relay, or password-cracking attacks. [...]BLEEPINGCOMPUTER.COM
13 SepRead it right! How to spot scams on RedditDo you know what types of scams and other fakery you should look out for when using a platform that once billed itself as “the front page of the Internet”?WELIVESECURITY.COM