🚨 CISA KEV 1[−]
14 Sep KEVCISA Adds One Known Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023- 26369 Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cybe…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
14 SepSolarWinds Platform Vulnerability Let Attackers Execute Arbitrary CommandsSolarWinds Platform has published its release notes 2023.3.1, which provides multiple bug fixes and security updates. With this release, the platform has fixed two vulnerabilities, CVE-2023-23840 and CVE-2023-23845, related to arbitrary command execution. SolarWinds Platform is a…GBHACKERS.COM
14 SepN-Able's Take Control Agent Vulnerability Exposes Windows Systems to Privilege EscalationA high-severity security flaw has been disclosed in N-Able's Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges. Tracked as CVE-2023-27470 (CVSS score: 8.8), the issue relates to a Time-of-Check to Time-of-Use (TOCTOU) race condi…THEHACKERNEWS.COM
14 SepWindows 11 ‘ThemeBleed’ RCE bug gets proof-of-concept exploitSecurity researcher Gabe Kirkpatrick has made a proof-of-concept (PoC) exploit available for CVE-2023-38146, aka "ThemeBleed," which enables attackers to trigger arbitrary remote code execution if the target opens a specially crafted '.theme' file. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 29[−]
14 SepRansomware Infection Vectors - Ryan Chapman - PSW #798Ryan has his finger on the pulse of ransomware and response. We discuss how the initial infections are occurring, how they've changed over time, and where they are going in the future! Segment Resources: For folks to see my recent presentations: for528.com/playlist For folks to s…YOUTUBE.COM
14 SepAutomotive supply chain vulnerable to attack as cybersecurity regulation loomsAlmost two-thirds (64%) of automotive industry leaders believe their supply chain is vulnerable to cyberattacks, with many businesses inadequately prepared for a connected automotive era. That's according to new Kaspersky research based on 200 interviews with C-level decision mak…CSOONLINE.COM
14 SepResearchers Detail Eight Vulnerabilities in Azure HDInsight Analytics ServiceMore details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities.THEHACKERNEWS.COM
14 Sep10 principles to ensure strong cybersecurity in agile developmentToday's hyper-competitive business environment requires organizations to move fast and stay innovative. As a result, 80% or more organizations have adopted an agile development approach. Unfortunately, this higher development velocity introduces several opportunities for exploita…CSOONLINE.COM
14 SepWith 0-days hitting Chrome, iOS, and dozens more this month, is no software safe?submitted by conorab to cybersecurity 1 points | 0 comments https://arstechnica.com/security/2023/09/with-0-days-hitting-chrome-ios-and-dozens-more-this-month-is-no-software-safe/ARSTECHNICA.COM
14 SepReport: Compromised Credential Use Jumps 300% in Cloud IntrusionsValid, compromised credentials are also a hot commodity in the cybercrime marketplace, accounting for the vast majority, almost 90%, of assets for sale on the dark web, an IBM Security X-Force report found.CYBERSECURITYDIVE.COM
14 SepNew 3AM Ransomware Family Used As Fallback in Failed LockBit AttackThe attackers behind 3AM, which is written in the Rust programming language, engage in reconnaissance, privilege escalation, and exfiltration of sensitive data before deploying the ransomware.SYMANTEC-ENTERPRISE-BLOGS.SECURITY.COM
14 SepJFrog combines ML development with DevSecOpsWith businesses increasingly relying on a host of AI implementations within their services, JFrog is trying to respond to the need for a central management system to bring AI deliveries in line with an organization's existing DevOps practices. Dubbed "ML model management," JFrog'…CSOONLINE.COM
14 SepHackers claim MGM cyberattack as outage drags into fourth dayMGM Resorts continues to battle a widespread outage after a cyberattack forced it to shut down systems across its properties. The hotel and entertainment giant, which operates a number of hotels and casinos on the Las Vegas Strip including the Bellagio, Aria and Cosmopolitan, shu…TECHCRUNCH.COM
14 SepKubernetes Vulnerability Leads to Remote Code ExecutionA high-severity vulnerability can be exploited to execute code remotely on any Windows endpoint within a Kubernetes cluster. The post Kubernetes Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek .SECURITYWEEK.COM
14 SepCisco 0-Day, Chrome Vulnerability, MGM Shut Down, & More! - PSW #798Lots in the Security News this week. Stay tuned! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-798YOUTUBE.COM
14 SepKubernetes Admins Warned to Patch Clusters Against New RCE VulnsTwo new high-severity Kubernetes vulnerabilities flagged by Akamai leave all Windows endpoints on an unpatched cluster open to remote code execution (RCE) with system privileges.DARKREADING.COM
14 SepICS Computers in Western Countries See Increasing Attacks: ReportICS computers in the Western world have been increasingly attacked, but the percentages are still small compared to other parts of the globe. The post ICS Computers in Western Countries See Increasing Attacks: Report appeared first on SecurityWeek .SECURITYWEEK.COM
14 SepMicrosoft Uncovers Flaws in ncurses Library Affecting Linux and macOS SystemsA set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. "Using environment variable poisoning, attackers could chain these…THEHACKERNEWS.COM
14 SepCISA Releases Seven Industrial Control Systems AdvisoriesCISA released seven Industrial Control Systems (ICS) advisories on September 14, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-257-01 Siemens SIMATIC, SIPLUS Products ICSA-23-257-02 Siemens …CISA.GOV
14 SepSAP Patches Critical Vulnerability Impacting NetWeaver, S/4HANAFive of the SAP security notes released this month are rated ‘hot news’, the German software company’s highest rating. Three of them, however, are updates for previously released security notes.SECURITYWEEK.COM
14 SepGreater Manchester Police latest force to suffer serious data breachUh-oh, yet another UK police force has suffered a serious data breach. After the incidents involving Cumbria Police, Norfolk and Suffolk Police, and – perhaps worst of all – the PSNI in Northern Ireland, it’s now Greater Manchester Police finding itself in the hot seat.GRAHAMCLULEY.COM
14 SepWhite House, Federal Cyber Leaders Pledge Renewed Support for Open-Source SecurityTop cybersecurity officials from the Biden administration pledged additional support to the open source software community and private sector security executives during the Secure Open Source Software Summit in Washington D.C. on Tuesday.CYBERSECURITYDIVE.COM
14 SepBatLoader Unleashed in Ongoing Webex Malvertising CampaignA new malvertising campaign has surfaced, targeting corporate users downloading popular web conferencing software Cisco Webex with BatLoader. Webex itself has not been compromised; rather, threat actors are exploiting brand impersonation to distribute the malware. The malicious a…CYWARE.COM
14 SepGreater Manchester Police Caught Up in Ransomware HackEmployee Information Among Compromised Data Hackers stole the personal details of thousands of police officers and staff in a ransomware attack that swept up one of the United Kingdom's largest law enforcement agencies. The Greater Manchester Police on Thursday described the atta…DATABREACHTODAY.CO.UK
14 SepLokiBot Information Stealer Packs Fresh Infection StrategiesInfo Stealer Continues to Succeed via Phishing, Exploiting Ancient Flaw in Office In Norse mythology, Loki is a cowardly trickster god who can change age, shape and sex. The malware incarnation is more prosaic, tending to focus on stealing Microsoft users' data, at times by using…DATABREACHTODAY.CO.UK
14 SepA Second Major British Police Force Suffers a Cyberattack in Less Than a MonthPersonal details of thousands of police officers and staff from Greater Manchester Police have been hacked from a company that makes identity cards. The post A Second Major British Police Force Suffers a Cyberattack in Less Than a Month appeared first on SecurityWeek .SECURITYWEEK.COM
14 SepCritical cloud-delivered security services for SASESASE = SD-WAN + SSE is an equation that has become conspicuous in the security industry. If you aren't a cybersecurity professional, you might mistake it for a high school advanced algebra problem or perhaps one of Einstein's scientific formulas. But IT professionals understand a…CSOONLINE.COM
14 SepLatest Fraud Schemes Targeting the Payments EcosystemThreat actors are utilizing advanced techniques such as malvertising and SEO to conduct sophisticated fraud schemes, targeting authentication processes and exploiting technical misconfigurations, according to a report by Visa.HELPNETSECURITY.COM
14 SepUS-Canada International Joint Commission for Managing Lake and River Systems Suffers CyberattackOn Wednesday, an ICJ spokesperson confirmed that it was dealing with a cybersecurity issue but declined to elaborate on whether law enforcement has been contacted or if the organization was facing operational issues.THERECORD.MEDIA
14 Sep5 cyber hygiene strategies to help prevent cyber attacksThe world of cybersecurity is constantly inundated with news on the latest data breaches, cybercriminal attack trends, and security measures. And while that information is critical for adapting to the ever-changing nature of cybercrime, it's also important to pay attention to fou…CSOONLINE.COM
14 SepDetection Difficulty - Why are we still missing attackers? - Chris Sanders - ESW #331We talk to Chris Sanders today, who has been steeped in the world of SecOps and detection/response for many years. After many years of writing books and training folks in the cybersecurity industry, he started delving into cognitive psychology and educational effectiveness. He le…YOUTUBE.COM
14 SepBreaches, detecting deepfakes, cloning yourself, and cars are a privacy nightmare! - ESW #331In this news segment, we start off by discussing funding, acquisitions, and Ironnet's unfortunate demise. We discuss Gmail's new, extra verifications for sensitive actions and Lockheed Martin's Hoppr SBOM and software supply-chain utility kit. We get into CISA's roadmap to help s…YOUTUBE.COM
📢 SECURITY ADVISORIES 9[−]
14 SepTech Industry Leaders Endorse Regulating Artificial Intelligence at Rare Summit in WashingtonTech executives discussed the idea of government regulations for artificial intelligence (AI) at an unusual closed-door meeting in the U.S. Senate on September 13th. The post Tech Industry Leaders Endorse Regulating Artificial Intelligence at Rare Summit in Washington appeared fi…SECURITYWEEK.COM
14 SepWeather Happens – CISA Helps Keep Critical Infrastructure PreparedIn recognition of National Preparedness Month, CISA's Chief Meteorologist, Sunny Wescott, talks about a lesser-known side of CISA – our role in helping critical infrastructure prepare for and respond to natural disasters.CISA.GOV
14 SepBLASTPASS: Government agencies told to secure iPhones against spyware attacksCISA, the United States's Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group. Read more in my article on the …TRIPWIRE.COM
14 SepUS Senator Seeks Input on Ways to Protect Patient PrivacyInquiry Is Latest Move by a Lawmaker Hinting of New Data Protection Legislation The drumbeat for potential federal legislation to better protect sensitive health information - or at least new regulations - appears to be growing louder in Congress. One of the Senate's four lawmake…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 35[−]
14 SepRecord Number of Cyberattacks Targeting Critical IT Infrastructure Reported to UK Government This YearWhile the total count of attacks might seem low — just 13 that affected organizations operating critical technology services — the number marks a significant increase from the four disruptions the sector recorded in 2022 and 2021.THERECORD.MEDIA
14 SepRussian Journalist's iPhone Compromised by NSO Group's Zero-Click SpywareThe iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group's Pegasus spyware, a new collaborative investigation from Access Now and the Citizen Lab has revealed. The infiltration is said to have happened o…THEHACKERNEWS.COM
14 SepAirbus Investigates Data Leak Allegedly Involving Thousands of SuppliersAccording to the Hudson Rock, the threat actor — who appears to be linked to a December 2022 breach of the FBI’s InfraGard system — posted the leaked information publicly without making any demands.THERECORD.MEDIA
14 SepMalindoAir - 4,328,232 breached accountsIn early 2019, the Malaysian airline Malindo Air suffered a data breach that exposed tens of millions of customer records . Containing 4.3M unique email addresses, the breach also exposed extensive personal information including names, dates of birth, genders, physical addresses,…HAVEIBEENPWNED.COM
14 SepCaesars Entertainment Reportedly Pays Ransom to AttackersHalf of $30 Million Demand Paid to Same Group That Hit MGM Resorts, Reports Say Hotel and casino giant Caesars Entertainment paid approximately half of an initial $30 million ransom demand to attackers who infected its systems with ransomware, according to news reports. The attac…DATABREACHTODAY.CO.UK
14 SepA full timeline of the MGM Resorts cyber attackThe cyber security incident was allegedly caused by a successful phishing attackCSHUB.COM
14 SepCyberattack Causes St. Louis County to Shut Down Some Public Safety Computer ServersA cyberattack caused St. Louis County to shut down some computer systems used to look up court cases, issue charges and process people in custody at the jail, County Executive Sam Page said Tuesday.STLTODAY.COM
14 SepRansomware Gang Takes Credit for Disruptive MGM Resorts CyberattackA known ransomware gang has taken credit for the highly disruptive cyberattack on MGM Resorts, and the company has yet to restore impacted systems. The post Ransomware Gang Takes Credit for Disruptive MGM Resorts Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
14 SepClass Action Lawsuit Against Capita Attracts 2,000 Claimants in Wake of Data TheftThe number of claimants in a class action lawsuit against Capita, a UK company, is increasing following a cybersecurity breach in March. Manchester-based law firm, Barings Law, sent a legal letter to Capita in June after receiving numerous enquiries.THEREGISTER.COM
14 SepLockBit Affiliate Deploys New 3AM Ransomware in Recent AttackA LockBit affiliate has deployed the new 3AM ransomware family on a victim’s network, after LockBit’s execution was blocked. The post LockBit Affiliate Deploys New 3AM Ransomware in Recent Attack appeared first on SecurityWeek .SECURITYWEEK.COM
14 SepFree Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ YearsA download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack. The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a B…THEHACKERNEWS.COM
14 SepCaesars Entertainment says customer data stolen in cyberattackHotel and casino giant Caesars Entertainment said Thursday that hackers stole a huge trove of customer data in a recent cyberattack, confirming recent media reports. Caesars said in an 8-K notice with federal regulators filed before markets opened on Thursday that hackers stole a…TECHCRUNCH.COM
14 SepRoyal Dutch Football Association Confirms It Paid Ransom for Hacked Employee DataThe governing body for soccer in the Netherlands said this week that it paid a ransom to hackers who breached its systems earlier this year and stole the sensitive data of more than 1.2 million employees and members.THERECORD.MEDIA
14 SepNew 3AM Ransomware Used as a Backup to LockBit InfectionSymantec researchers spotted a new ransomware family called 3AM that is written in Rust and attempts to stop services and delete Volume Shadow copies before encrypting files. The ransomware is currently being used in limited attacks. Its exact origins remain unknown. It is recomm…CYWARE.COM
14 SepManchester Police officers' data exposed in ransomware attackUnited Kingdom's Greater Manchester Police (GMP) said earlier today that some of its employees' personal information was impacted by a ransomware attack that hit a third-party supplier. [...]BLEEPINGCOMPUTER.COM
14 SepAuthMind Raises Seed Funding for its Identity SecOps PlatformThe Maryland-based startup, which aims to help businesses protect themselves from identity-related cyberattacks, announced that it has raised an $8.5 million seed round led by Ballistic Ventures, with strategic participation from IBM Ventures.TECHCRUNCH.COM
14 SepRedLine and Vidar Stealers Abuse EV Certificates, Shift to Ransomware PayloadsThreat actors are using EV code signing certificates to distribute both information-stealing malware and ransomware, indicating a streamlining of operations and the need for stronger security measures.TRENDMICRO.COM
14 SepCaesars Entertainment confirms ransom payment, customer data theftCaesars Entertainment, self-described as the largest U.S. casino chain with the most extensive loyalty program in the industry, says it paid a ransom to avoid the online leak of customer data stolen in a recent cyberattack. [...]BLEEPINGCOMPUTER.COM
14 SepIranian hackers breach defense orgs in password spray attacksMicrosoft says an Iranian-backed threat group has targeted thousands of organizations in the U.S. and worldwide in password spray attacks since February 2023. [...]BLEEPINGCOMPUTER.COM
14 SepExiled Russian Journalist's Phone Hacked With Pegasus SpywareThe notorious spyware was reportedly installed on the iPhone of Galina Timchenko, owner of the Russian independent media outlet Meduza, while she was in Berlin for a private conference with other Russian independent journalists living in exile.THERECORD.MEDIA
14 SepFederal Agency Warns Healthcare Sector of Akira Ransomware ThreatsFederal authorities are warning the health sector about threats posed by Akira, a RaaS group that surfaced about six months ago and has been linked to several dozen attacks on predominately small and midsized entities across many industries.HEALTHCAREINFOSECURITY.COM
14 SepWhite House Urging Dozens of Countries to Publicly Commit to Not Pay RansomsThe U.S. National Security Council (NSC) is urging the governments of all countries participating in the International Counter Ransomware Initiative (CRI) to issue a joint statement announcing they will not pay ransoms to cybercriminals.THERECORD.MEDIA
14 SepPennsylvania County Experiences Security Breach With Jail Employee EmailA cyber event last month may have affected the security of some information maintained by Butler County. County officials say they found out on August 8th that an email account related to the County jail was sending unauthorized spam emails.BUTLERRADIO.COM
14 SepCaesars Confirms Ransomware Hack, Stolen Loyalty Program DatabaseThe hijacked data includes driver’s license numbers and/or social security numbers from a Caesars Entertainment loyalty database. The post Caesars Confirms Ransomware Hack, Stolen Loyalty Program Database appeared first on SecurityWeek .SECURITYWEEK.COM
14 SepCryptohack Roundup: Vitalik Buterin's Social Media HackedAlso: CoinEx Hack, OneCoin Founder's Sentencing, Another FTX Guilty Plea This week, Vitalik Buterin was the victim of a SIM swapping attack, North Korea likely orchestrated the $55 million CoinEx hack, OneCoin co-founder Karl Sebastian Greenwood was sentenced to 20 years in priso…DATABREACHTODAY.CO.UK
14 SepRollbar Discloses Data Breach After Hackers Stole Access TokensWhile inside Rollbar's servers, attackers accessed sensitive customer information, including usernames and email addresses, account names, and project information, such as environment names and service link configuration.BLEEPINGCOMPUTER.COM
14 SepMGM Suffers Ransomware Attack that Started with a Simple Helpdesk CallAs the aftermath unfolds, the details around the recent attack on MGM Resorts, providing crucial insight into the attacks impact, who’s responsible, and how it started.KNOWBE4.COM
14 SepAuckland transport authority hit by suspected ransomware attackThe Auckland Transport (AT) transportation authority in New Zealand is dealing with a widespread outage caused by a cyber incident, impacting a wide range of customer services. [...]BLEEPINGCOMPUTER.COM
14 SepNo Dice for MGM Las Vegas as It Battles Fallout from Ransomware Attack After a 10-minute Vishing ScamFour days later, $52 million in lost revenues and counting, a cyber attack on MGM Resorts International, a $14 billion Las Vegas gaming empire with Hollywood-famous hotel spreads like the Bellagio, Cosmopolitan, E xcalibur, Luxor, and the MGM Grand itself, had the house brought d…KNOWBE4.COM
14 SepBreach Roundup: Pegasus on Exiled Russian Journalist's PhoneAlso: 9-Year Prison Sentence for Insider Trading Fueled by Password Theft This week, exiled Russian journalist Galina Timchenko's iPhone was found to contain NSO Group's Pegasus spyware, a Russian businessman was sentenced for insider trading, more than 300,000 people were affect…DATABREACHTODAY.CO.UK
14 SepMGM Resorts ESXi servers allegedly encrypted in ransomware attackAn affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems. [...]BLEEPINGCOMPUTER.COM
14 SepMGM casino's ESXi servers allegedly encrypted in ransomware attackAn affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems. [...]BLEEPINGCOMPUTER.COM
14 SepPeach Sandstorm password spray campaigns enable intelligence collection at high-value targetsSince February 2023, Microsoft has observed a high volume of password spray attacks attributed to Peach Sandstorm, an Iranian nation-state group. In a small number of cases, Peach Sandstorm successfully authenticated to an account and used a combination of publicly available and …MICROSOFT.COM
🕵️ THREAT INTELLIGENCE 27[−]
14 SepDShield and qemu Sitting in a Tree: L-O-G-G-I-N-G, (Thu, Sep 14th)[This is a Guest Diary by Allen Ingle, an ISC intern as part of the SANS.edu BACS program]
ISC.SANS.EDU
14 SepMicrosoft Azure HDInsight Plagued With XSS Vulnerabilitiessubmitted by IllNess to securitynews 1 points | 0 comments https://www.darkreading.com/application-security/microsoft-azure-hdinsight-xss-vulnerabilitiesDARKREADING.COM
14 SepISC Stormcast For Thursday, September 14th, 2023 https://isc.sans.edu/podcastdetail/8658, (Thu, Sep 14th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
14 SepWireshark Tutorial: Display Filter Expressionssubmitted by throws_lemy to cybersecurity 1 points | 0 comments https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/UNIT42.PALOALTONETWORKS.COM
14 SepCisco IOS Verification Flaw Let Attackers Execute Arbitrary CodeCisco has been discovered with an arbitrary code execution flaw on their Cisco IOS XR Software image verification checks, which allows an authenticated, local attacker to execute arbitrary code on their underlying operating system. Cisco Internetwork Operating System (IOS) is a n…GBHACKERS.COM
14 SepMicrosoft Teams as a Tool for Storm-0324 Threat Group to Hack Corporate NetworksAccording to recent reports, a threat actor known as Storm-0324 has been using email-based initial infection vectors to attack organizations. However, as of July 2023, the threat actor has been found to have been using Microsoft Teams to send Phishing emails. Once the threat acto…GBHACKERS.COM
14 SepNext-Gen Email Firewalls: Beyond Spam Filters to Secure Inboxes ChecklistEmail communication is still widely used as an attack vector despite the ever-changing nature of cyber threats. The vast number of people who use it for communication daily, both professionally and personally, makes it a tempting target. Cybercriminals are becoming more skilled a…GBHACKERS.COM
14 SepFake Signal and Telegram Apps in the Google Play StoreGoogle removed fake Signal and Telegram apps from its Play store. An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESE…SCHNEIER.COM
14 SepNorth Korean Hackers Steal $53 Million in Cryptocurrency From CoinExNorth Korean hackers stole $53 million in cryptocurrency from crypto exchange CoinEx after the hot wallet private key was leaked. The post North Korean Hackers Steal $53 Million in Cryptocurrency From CoinEx appeared first on SecurityWeek .SECURITYWEEK.COM
14 SepCan Someone Guess My Password From the Wi-Fi Signal On My Phone?Cybercriminals can't ascertain your phone password just from a Wi-Fi signal, but they can come close according to a method described in a recent research paper . Researchers have demonstrated a method that uses Wi-Fi signals to infer numerical passwords, and the mechanics behind …KNOWBE4.COM
14 SepGUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get doneIn today’s digital age, trust has become a cornerstone of building a better Internet. Preserving privacy for a greater good The Internet was designed as a platform for peer research, not for the vast scale and diverse uses we see … (more…)LASTWATCHDOG.COM
14 SepColumn-Level Encryption 101: What is It, implementation & Benefitssubmitted by L4s to secops 1 points | 0 comments https://www.piiano.com/blog/column-level-encryption Column-Level Encryption 101: What is It, implementation & Benefits::Explore the advantages of column-level encryption and understand database encryption methods and related se…PIIANO.COM
14 SepHow I got started: Cloud security engineerIn today’s increasingly cloud-focused business environment, cloud security engineers are pivotal in protecting an organization’s critical data and infrastructure. As experts in cloud security, they leverage their expertise to ensure that the ever-expanding amount of c…SECURITYINTELLIGENCE.COM
14 SepAzure HDInsight Flaws Allowed Data Access, Session Hijacking, Payload DeliveryOrca Security details eight XSS vulnerabilities in Azure HDInsight that could lead to information leaks, session hijacking, and payload delivery. The post Azure HDInsight Flaws Allowed Data Access, Session Hijacking, Payload Delivery appeared first on SecurityWeek .SECURITYWEEK.COM
14 SepFake Cisco Webex Google Ads abuse tracking templates to push malwareThreat actors use Google Ads tracking templates as a loophole to create convincing Webex software search ads that redirect users to websites that distribute the BatLoader malware. [...]BLEEPINGCOMPUTER.COM
14 SepAutomation is key to effective and efficient pentest reportingGraham Cluley Security News is sponsored this week by the folks at PlexTrac. Thanks to the great team there for their support! Getting high-quality, actionable pentesting reports doesn’t have to take hours. In fact, automating your processes with PlexTrac enables building a repor…GRAHAMCLULEY.COM
14 SepCriminal IP Elevates Payment Security with PCI DSS Level 1 CertificationCriminal IP, a cyber threat intelligence search engine, has achieved PCI DSS Level 1 certification. Learn more from Criminal IP about their cyber threat intelligence search engine. [...]BLEEPINGCOMPUTER.COM
14 SepUpcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak: I’m speaking at swampUP 2023 in San Jose, California, on September 13, 2023 at 11:35 AM PT. The list is maintained on this page .SCHNEIER.COM
14 SepA One-Two Punch for Security ROICost avoidance is a powerful way to kick-off ROI discussions. However, to quickly move beyond objections, shifting to a more tangible approach to calculate ROI can help. The post A One-Two Punch for Security ROI appeared first on SecurityWeek .SECURITYWEEK.COM
14 SepThe GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Treesubmitted by L4s to secops 1 points | 0 comments https://www.paloaltonetworks.com/blog/prisma-cloud/github-actions-worm-dependencies/ The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree::GitHub Actions worm compromises GitHub repositories…PALOALTONETWORKS.COM
14 SepChina Denies Banning Government Use of Apple iPhonesChina Cites Apple Security Flaws in Warning to Foreign Mobile Device Manufacturers China hasn't ordered any restrictions on the use of Apple iPhones by government agencies, according to a Chinese government spokesperson, but the official cited recent security flaws in the iPhone …DATABREACHTODAY.CO.UK
14 SepMDR and Self Sabotage - Jason Lassourreille - ESW #331Discussing ways to ensure client success with MDR and discuss the ways organizations hurt MDR efficacy with overly broad global exclusions, poor deployment practices, and poor policy hygiene. This segment is sponsored by Sophos. Visit https://securityweekly.com/sophos to learn mo…YOUTUBE.COM
14 SepHow the U.S. Government Views the Bright, Dark Sides of AIWhite House, DOD, DHS Leaders Reveal How their Agencies Use Artificial Intelligence AI allows U.S. agencies to address hard problems like quickly writing secure code but comes with risks around nation-states generating attacks more efficiently. "The cybersecurity element is a gre…DATABREACHTODAY.CO.UK
14 SepUncursing the ncurses: Memory corruption vulnerabilities found in libraryA set of memory corruption vulnerabilities in the ncurses library could have allowed attackers to chain the vulnerabilities to elevate privileges and run code in the targeted program's context or perform other malicious actions. The post Uncursing the ncurses: Memory corruption v…MICROSOFT.COM
14 Sep2023 Unit 42 Attack Surface Threat Report Highlights the Need for ASMThe 2023 Unit 42 Attack Surface Threat Report highlights the need for attack surface management capabilities. The post 2023 Unit 42 Attack Surface Threat Report Highlights the Need for ASM appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
14 SepBallistic Bobcat's Sponsor backdoor – Week in security with Tony AnscombeBallistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United StatesWELIVESECURITY.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
14 Sep3 Strategic Insights from Cybersecurity Leader StudyExplore the results of a Sapio Research survey commissioned by Trend Micro about how CISOs and other technology leaders are overcoming today’s biggest challenges.TRENDMICRO.COM
📰 CYBERSECURITY BRIEFINGS 1[−]
14 SepLIVE Webinar | Executive Briefing: Safeguarding Microsoft 365 in the Cyber AgeDATABREACHTODAY.CO.UK
🎙️ PODCASTS 1[−]
14 SepTransatlantic Cable podcast, episode 315 | Kaspersky official blogIn episode 315 the team discuss UK government U-turns, MGM hit by cyber-attack & Microsoft popupsKASPERSKY.COM
📡 INFOSEC NEWS 14[−]
14 SepFBI Hacker Dropped Stolen Airbus Data on 9/11In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle "USDoD" had infiltrated the FBI's vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying all InfraGard me…KREBSONSECURITY.COM
14 SepCourt Convicts Portuguese Hacker in Football Leaks Trial and Gives Four-Year Suspended SentenceA Portuguese hacker whose bombshell revelations on the “Football Leaks” website rocked European soccer was convicted Monday by a Lisbon court of nine crimes and given a suspended prison sentence of four years.SECURITYWEEK.COM
14 SepMicrosoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages"The actor's email chains are highly evasive, making use of traffic distribution systems (TDS) like BlackTDS and Keitaro, which provide identification and filtering capabilities to tailor user traffic," Microsoft said.THEHACKERNEWS.COM
14 SepSophos UK Team’s Summer of VolunteeringTeams from across the UK have been using their Sophos volunteering hours to support a range of great causes over the summer.SOPHOS.COM
14 SepAvoid These 5 IT Offboarding PitfallsEmployee offboarding is no one’s favorite task, yet it is a critical IT process that needs to be executed diligently and efficiently. That’s easier said than done, especially considering that IT organizations have less visibility and control over employees’ IT use than ever. Toda…THEHACKERNEWS.COM
14 SepPatronus AI conjures up an LLM evaluation tool for regulated industriesIt turns out that when you put together two AI experts, both of whom formerly worked at Meta researching responsible AI, magic happens. The founders of Patronus AI came together last March to build a solution to evaluate and test large language models with an eye towards regulate…TECHCRUNCH.COM
14 SepAzure HDInsight Flaws Allow Data Access, Session Hijacking, Payload DeliveryPACKETSTORMSECURITY.COM
14 SepIntel Capital Bets on Zenity for Low-Code/No-Code SecurityZenity said the Series A financing was led by Intel Capital and included new investors from Gefen Capital and B5. Existing backers Vertex Ventures and Upwest also expanded equity stakes.SECURITYWEEK.COM
14 SepCar companies are collecting data on your sex life, and apparently you’re fine with thatIt seems modern cars are gobbling up all kinds of data about their drivers including - astonishingly - details of their sex lives.GRAHAMCLULEY.COM
14 SepOngoing Cisco Webex Malvertising Campaign Drops BatLoaderA new malvertising campaign is targeting corporate users who download the Webex web conferencing software. The campaign impersonates Cisco's brand and displays a malicious ad when users search for Webex on Google.MALWAREBYTES.COM
14 SepWindows 11 Snipping Tool gets OCR support to copy text from imagesMicrosoft has added text recognition support to the latest Snipping Tool build, allowing users to select and copy text from screenshots. [...]BLEEPINGCOMPUTER.COM
14 SepAre Electron-based desktop applications secure? | Kaspersky official blogMany popular desktop applications are based on the Electron framework. We explain why this can pose a security problem.KASPERSKY.COM
14 SepPrivacy Concerns Cast a Shadow on AI's Potential for Software DevelopmentOrganizations prioritize privacy and protection of intellectual property when adopting AI tools, with concerns about AI-generated code introducing security vulnerabilities and lacking copyright protection, according to GitLab.HELPNETSECURITY.COM