100Articles
9Categories
2023-09-15Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 19[−]
15 SepMozilla, CISA urge users to patch Firefox security flawsubmitted by c0mmando to netsec 3 points | 0 comments https://therecord.media/mozilla-cisa-urge-users-to-patch-firefox-vulnerability Mozilla released an advisory this week warning users of a vulnerability affecting its popular web browser and email client. Exploitation of the bug…THERECORD.MEDIA
15 SepTrellix DLP Vulnerability Allows Attackers To Delete Unprivileged FilesTrellix Windows DLP endpoint for Windows has a privilege escalation vulnerability that allows unauthorized deletion of any file or folder. Trellix DLP Endpoint protects against all potential leak channels, including portable storage devices, the cloud, email, instant messaging, w…GBHACKERS.COM
15 SepN-Able's Take Control Agent Vulnerability Exposes Windows Systems to Privilege EscalationTracked as CVE-2023-27470 (CVSS score: 8.8), the issue relates to a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability, which, when successfully exploited, could be leveraged to delete arbitrary files on a Windows system.THEHACKERNEWS.COM
15 SepWindows 11 ‘ThemeBleed’ RCE Flaw Gets Proof-of-Concept ExploitProof-of-concept exploit code has been published for a Windows Themes vulnerability tracked as CVE-2023-38146 that allows remote attackers to execute code. The vulnerability has a high-severity score of 8.8.BLEEPINGCOMPUTER.COM
15 SepFortinet Releases Security Updates for Multiple ProductsFortinet has released security updates to address vulnerabilities (CVE-2023-29183 and CVE-2023-34984) affecting FortiOS, FortiProxy, and FortiWeb. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and admini…CISA.GOV
15 SepIranian cyberspies target thousands of organizations with password spray attacksAn Iranian state-operated cyberespionage group has launched password spray attacks against thousands of organizations this year in an attempt to establish persistence into their environments, move laterally, and collect useful intelligence. The targeted organizations were primari…CSOONLINE.COM
15 SepChromium: CVE-2023-4900 Inappropriate implementation in Custom TabsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
15 SepChromium: CVE-2023-4901 Inappropriate implementation in PromptsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
15 SepChromium: CVE-2023-4902 Inappropriate implementation in InputThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
15 SepChromium: CVE-2023-4903 Inappropriate implementation in Custom Mobile TabsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
15 SepChromium: CVE-2023-4904 Insufficient policy enforcement in DownloadsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
15 SepChromium: CVE-2023-4905 Inappropriate implementation in PromptsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
15 SepChromium: CVE-2023-4906 Insufficient policy enforcement in AutofillThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
15 SepChromium: CVE-2023-4907 Inappropriate implementation in IntentsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
15 SepChromium: CVE-2023-4908 Inappropriate implementation in Picture in PictureThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
15 SepChromium: CVE-2023-4909 Inappropriate implementation in InterstitialsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
15 SepCVE-2023-36727 Microsoft Edge (Chromium-based) Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 11[−]
15 SepWindows11 Themes vulnerability Let Attackers Execute Arbitrary CodeAn Arbitrary code execution vulnerability has been found in Windows 11. This vulnerability is a result of several factors, such as a Time-of-Check Time-of-Use (TOCTOU) race condition, malicious DLL, cab files, and the absence of Mark-of-the-Web validation. This particular vulnera…GBHACKERS.COM
15 SepMicrosoft Uncovers Flaws in ncurses Library Affecting Linux and macOS SystemsA set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems.THEHACKERNEWS.COM
15 SepHackers behind MGM cyberattack thrash the casino’s incident responseIn an interesting turn of events, ransomware group ALPHV (aka BlackCat) released a statement on their leak site, thrashing both MGM Resorts International and the cybersecurity firm VX undergrounds for mishandling the ongoing cyberattack on MGM . In a long message intended "to set…CSOONLINE.COM
15 SepHow Attackers Get In: Unpatched Vulnerabilities and Compromised CredentialsHow are bad actors getting access to organizations? In many cases, they simply log in. Sophos research finds that one of the most common root cause of attacks is compromised credentials. In fact, 30% of respondents to its 2023 Active Adversary Report for Business Leaders said cri…CSOONLINE.COM
15 SepNIST Publishes New Guidance for Access Control in Cloud-Native Applications in Multi-Location EnvironmentsThis scenario calls for establishing trust in all enterprise access entities, data sources, and computing services through secure communication and the validation of access policies.HELPNETSECURITY.COM
15 SepDeduce Raises $9 Million to Tackle AI-Generated Identity FraudThe funding will launch its GenAI Identity fraud solution out of stealth and help the company scale to prevent large-scale SuperSynthetic identity fraud across multiple verticals, including the financial service industry, fintech, and e-commerce.HELPNETSECURITY.COM
15 SepLLM Summary of My Book Beyond FearClaude (Anthropic’s LLM) was given this prompt: Please summarize the themes and arguments of Bruce Schneier’s book Beyond Fear . I’m particularly interested in a taxonomy of his ethical arguments—please expand on that. Then lay out the most salient critici…SCHNEIER.COM
15 SepCapslock: What is your code really capable of?Jess McClintock and John Dethridge, Google Open Source Security Team, and Damien Miller, Enterprise Infrastructure Protection Team When you import a third party library, do you review every line of code? Most software packages depend on external libraries, trusting that those pac…SECURITY.GOOGLEBLOG.COM
15 SepCISA Releases Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference ArchitectureToday, CISA released the Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture to help federal civilian departments and agencies integrate their identity and access management (IDAM) capabilities into their ICAM a…CISA.GOV
15 SepLessons to Learn From Clop's MOVEit Supply-Chain AttacksData Minimization and Encryption Mitigate Fallout, Says FS-ISAC's Teresa Walsh The Clop ransomware group's zero-day attack on MOVEit software was its fourth data theft campaign targeting secure file transfer users. Organizations can combat such attacks by using data minimization …DATABREACHTODAY.CO.UK
15 SepKonni has entered the game: A new, possibly North Korean group exploits WinRAR vulnerability for cyberattacks.submitted by L4s to secops 1 points | 0 comments https://deform.co/konni-has-entered-the-game-exploiting-winrar-vulnerability-for-cyber-attacks/ Konni has entered the game: A new, possibly North Korean group exploits WinRAR vulnerability for cyberattacks.::Groups of North Korean …DEFORM.CO
📋 SECURITY BULLETINS 1[−]
15 SepGoogle extends security update support for Chromebooks to 10 yearsGoogle has announced the Auto Update Expiration (AUE) date will be extended from 5 years to 10 for all Chromebooks, guaranteeing a decade of monthly security updates. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 4[−]
15 SepCalifornia Enacts First-of-its-Kind Bill Targeting Data BrokersCalifornia lawmakers enacted unprecedented legislation late Wednesday allowing state residents to compel data brokers to delete their personal information with the push of a button.THERECORD.MEDIA
15 SepDeepfakes More Common So Bolster Your DefensesThe United States FBI, NSA, and CISA have released a joint report outlining the various social engineering threats posed by deepfakes.KNOWBE4.COM
15 SepCISA Offers Free Security Scans for Public Water UtilitiesThe U.S. Cybersecurity & Infrastructure Security Agency (CISA) has announced it is offering free security scans for critical infrastructure facilities, such as water utilities, to help protect these crucial units from hacker attacks.BLEEPINGCOMPUTER.COM
15 SepISMG Editors: Are Frequently Used Usernames a Security Risk?Also; The 'Quantum Divide'; Global AI Regulatory Trends In the latest weekly update, four editors at ISMG discuss important cybersecurity and privacy issues, including how to keep assets secure in the quantum era, when common usernames pose a cybersecurity threat, and how to stri…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 23[−]
15 Sep3AM Ransomware Attack – Stop Services & Delete Shadow Copies Before EncryptingRansomware is a universal threat to enterprises, targeting anyone handling sensitive data when profit potential is high. A new ransomware named 3AM has surfaced and is used in a limited manner. Symantec’s Threat Hunter Team witnessed it in a single attack, replacing LockBit…GBHACKERS.COM
15 SepCybercriminals Combine Phishing and EV Certificates to Deliver Ransomware PayloadsThe threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. "This suggests that the threat actors are streamlining…THEHACKERNEWS.COM
15 SepWatch Out, This LastPass Email With “Important Information About Your Account” is a PhishLastPass users who were affected by the data breach last year are now being targeted by highly convincing phishing emails. The phishing emails ask users to verify their personal data or risk losing access to certain features on their accounts.MALWAREBYTES.COM
15 SepUpdate: MGM Resorts Disruption Linked to Recent Attacks Against Hospitality IndustryThe MGM Resorts cyber disruption may be part of a larger wave of malicious activity targeting the hospitality industry in recent weeks, including a late August ransomware attack against Caesars Entertainment, according to security researchers.CYBERSECURITYDIVE.COM
15 SepGoogle Feature Blamed for Retool Breach That Led to Cryptocurrency Firm HacksA recently introduced Google account sync feature has been blamed after sophisticated hackers attacked 27 cryptocurrency firms via Retool. The post Google Feature Blamed for Retool Breach That Led to Cryptocurrency Firm Hacks appeared first on SecurityWeek .SECURITYWEEK.COM
15 SepRedline and Vidar Stealers Abuse EV Certificates, Deploy RansomwareThreat actors behind RedLine and Vidar have streamlined their operations by adding well-established tactics to deceive victims. The victim initially receives an info stealer with Extended Validation (EV) code signing certificates, but later starts receiving ransomware payloads th…CYWARE.COM
15 SepCaesars Confirms Ransomware Payoff and Customer Data BreachMGM Resorts Continuing to Get Extorted by the Same Alphv/BlackCat Ransomware Group Casino and hotel giant Caesars Entertainment is warning customers that their personal details were stolen in a recent hack attack. After successfully shaking down Caesars for a ransom, the same att…DATABREACHTODAY.CO.UK
15 SepManchester Police Officers’ Data Stolen Following Ransomware Attack on SupplierA ransomware attack on a third-party supplier has compromised the personal details of thousands of police officers with Greater Manchester Police (GMP) in North West England.THERECORD.MEDIA
15 SepThe Interdependence between Automated Threat Intelligence Collection and HumansThe volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware att…THEHACKERNEWS.COM
15 SepDeveloper Platform Retool Breached in Vishing AttackA threat actor impersonating an IT staff member conducted SMS-based phishing and a successful vishing attack to obtain authentication logins that led to the total account takeover of one Retool employee.TECHTARGET.COM
15 SepMGM Hackers Broadening Targets, Monetization StrategiesThe financially motivated UNC3944 group that hacked MGM has hit at least 100 organizations, mainly in the US and Canada. The post MGM Hackers Broadening Targets, Monetization Strategies appeared first on SecurityWeek .SECURITYWEEK.COM
15 SepORBCOMM ransomware attack causes trucking fleet management outageTrucking and fleet management solutions provider ORBCOMM has confirmed that a ransomware attack is causing recent service outages that prevent trucking companies from managing their fleets. [...]BLEEPINGCOMPUTER.COM
15 SepLockbit Ransomware Gang Hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New YorkThe Lockbit ransomware group claims to have hacked two major hospitals, the Carthage Area Hospital and Claxton-Hepburn Medical Center. The two hospitals serve hundreds of thousands of people in upstate New York.SECURITYAFFAIRS.COM
15 SepRegional Transportation Authority in New Zealand Hit by Suspected Ransomware AttackThe company has announced today that it's experiencing issues with its HOP services (integrated ticketing and fares system) as a cyber incident has impacted parts of its network.STUFF.CO.NZ
15 Sep91% of Cybersecurity Professionals Have Experienced Cyber Attacks that Use AIA new report takes an exhaustive look at how cybersecurity professionals see the current and future state of attacks, and how well vendors are keeping up.KNOWBE4.COM
15 SepBoard Members' Lack of Security Awareness Puts Businesses at Risk of Cyber Attacks, Finds Savanti ReportA report from cybersecurity consultancy Savanti reveals that board members are facing challenges in understanding cyber risks , and this has important implications for businesses.KNOWBE4.COM
15 SepIn Other News: China Blames NSA for Hack, AI Jailbreaks, Netography Spin-OffNoteworthy stories that might have slipped under the radar: China blames NSA for a cyberattack, AI jailbreaks, and Netography spin-off. The post In Other News: China Blames NSA for Hack, AI Jailbreaks, Netography Spin-Off appeared first on SecurityWeek .SECURITYWEEK.COM
15 SepCuba Ransomware Gang Continues to Evolve With Dangerous BackdoorResearchers have uncovered fresh malware samples attributed to ransomware group Cuba, representing new versions of BurntCigar malware, which offers next-level stealth to the group.DARKREADING.COM
15 SepMore Russian journalists investigating possible spyware infectionssubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/more-russians-investigating-spyware More Russian journalists have come forward this week expressing concern that they too may have been targeted with spyware, following the news that the prominent media…THERECORD.MEDIA
15 SepCyber Security Today, Week in Review for the week ending Friday, Sept. 15, 2023This episode features discussion on Microsoft's explanation of how the hack of one of its software developers led to one of the most amazing breaches of email security, a ransomware report from the U.K., a Business Council of Canada report on security and why the .US domain is be…CYBERSECURITYTODAY.LIBSYN.COM
15 SepRetool blames breach on Google Authenticator MFA cloud sync featureSoftware company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack. [...]BLEEPINGCOMPUTER.COM
15 SepThe Week in Ransomware - September 15th 2023 - Russian RouletteThis week's big news is the extortion attacks on the Caesars and MGM Las Vegas casino chains, with one having already paid the ransom and the other still facing operational disruptions. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 20[−]
15 SepISC Stormcast For Friday, September 15th, 2023 https://isc.sans.edu/podcastdetail/8660, (Fri, Sep 15th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
15 SepIranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple SectorsIranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal. The tech giant, which is tracking the activity under the name Peach Sandstorm (formerly Holmium)…THEHACKERNEWS.COM
15 SepMemory Corruption Flaw in ncurses API Library Exposes Linux and macOS SystemsMultiple memory corruption vulnerabilities have been discovered in the ncurses library, which various programs use on multiple operating systems like Portable Operating System Interface (POSIX) OS, Linux OS, macOS, and FreeBSD. Threat actors can chain these vulnerabilities with e…GBHACKERS.COM
15 SepOn Technologies for Automatic Facial RecognitionInteresting article on technologies that will automatically identify people: With technology like that on Mr. Leyvand’s head, Facebook could prevent users from ever forgetting a colleague’s name, give a reminder at a cocktail party that an acquaintance had kids to ask…SCHNEIER.COM
15 SepTikTok Fined 345 Million Euros by Irish Privacy WatchdogByteDance-Owned App Fined for Violating Children's Privacy TikTok will pay Irish data privacy regulators 345 million euros to settle allegations it violated the privacy of underage users. A TikTok spokesperson said the company disagreed with Irish Data Protection Commission, call…DATABREACHTODAY.CO.UK
15 SepDeduce Raises $9 Million to Fight AI-Generated Identity FraudDeduce has raised $9 million in a new funding round led by Freestyle Capital, to launch its AI-generated identity fraud prevention platform. The post Deduce Raises $9 Million to Fight AI-Generated Identity Fraud appeared first on SecurityWeek .SECURITYWEEK.COM
15 SepIranian APT Group Hits Thousands of Organizations With Password Spraying AttacksThe group used AzureHound and Roadtools to conduct reconnaissance in Microsoft Entra ID (formerly Azure Active Directory) environments and deployed multiple persistence mechanisms including the use of Azure Arc.INFOSECURITY-MAGAZINE.COM
15 Sep8 XSS Vulnerabilities in Azure HDInsight Allow Attackers to Deliver Malicious PayloadsAzure HDInsight has been identified with multiple Cross-Site Scripting – XSS vulnerabilities related to Stored XSS and Reflected XSS. The severity for these vulnerabilities ranges between 4.5 (Medium) and 4.6 (Medium). These vulnerabilities have affected multiple products, …GBHACKERS.COM
15 SepThe BISO Secret Weapon: Enhancing Collaboration for Cybersecurity and Business Growth with Nicole DoveDo you want to bridge the gap between IT, cybersecurity, and the business to enhance collaboration and integration? Are you seeking a solution to align cybersecurity efforts with business goals?KNOWBE4.COM
15 SepNew Phishing Attack Uses Social Engineering to Impersonate the National Danish PoliceA malwareless and linkless phishing attack uses sextortion and the threat of legal action to get the attention of potential victims and get them to respond.KNOWBE4.COM
15 SepNew Scam Impersonates QuickBooks to Steal Credentials, Extract MoneyEstablishing urgency through a false need to “upgrade” or lose services, this new attack takes advantage of the widespread use of the popular accounting app to attract victims.KNOWBE4.COM
15 SepMicrosoft (Once Again) Tops the List of Most Impersonated Brands in 2023Out of the over 350 brands regularly impersonated in phishing attacks, Microsoft continues to stand out because they provide attackers with one unique advantage over other brands.KNOWBE4.COM
15 SepCalifornia Settles With Google Over Location Privacy Practices for $93 MillionSearch giant Google has agreed to a $93 million settlement with the state of California over its location-privacy practices. The post California Settles With Google Over Location Privacy Practices for $93 Million appeared first on SecurityWeek .SECURITYWEEK.COM
15 SepPentagon’s 2023 Cyber Strategy Focuses on Helping AlliesThe Pentagon has published an unclassified summary of its 2023 Cyber Strategy, outlining both offensive and defensive plans. The post Pentagon’s 2023 Cyber Strategy Focuses on Helping Allies appeared first on SecurityWeek .SECURITYWEEK.COM
15 SepCyberdog, Pegasus, Webex, Peach Sandstorm, SAP, Caesar, Penn, Aaran Leyland, and More - SWN #325Cyberdog, Pegasus, Webex, Peach Sandstorm, SAP, Caesar, Penn State, Aaran Leyland, and More News on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-325YOUTUBE.COM
15 SepExtradited Russian Hacker Behind ‘NLBrute’ Malware Pleads GuiltyRussian hacker Dariy Pankov has pleaded guilty to computer fraud and now faces a maximum penalty of five years in federal prison. The post Extradited Russian Hacker Behind ‘NLBrute’ Malware Pleads Guilty appeared first on SecurityWeek .SECURITYWEEK.COM
15 SepEvidence points to North Korea in CoinEx cryptocurrency hack, analysts saysubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/coinex-cryptocurrency-heist-north-korea Experts at the cryptocurrency-tracking company Elliptic say North Korean hackers are the prime suspects in the theft of $31 million in cryptocurrency from the Coi…THERECORD.MEDIA
15 SepIranian Hackers Gain Sophistication, Microsoft WarnsNoisy 'Peach Sandstorm' Password Spraying Campaign Is Followed by Stealth Iranian state threat actor "Peach Sandstorm" is growing in sophistication, warns Microsoft in an alert about a campaign of password hacking targeting the satellite, defense and pharmaceutical sectors. The g…DATABREACHTODAY.CO.UK
15 SepFriday Squid Blogging: Cleaning SquidTwo links on how to properly clean squid. I learned a few years ago, in Spain, and got pretty good at it. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here .SCHNEIER.COM
15 SepBiden National Cybersecurity Strategy Key TakeawaysMajor changes are underway, with new rules for federal agencies and updated requirements for public-private partnerships. We discuss the implementation plans for the strategy's first two pillars: defend critical infrastructure and disrupt and dismantle threat actors.TRENDMICRO.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
15 SepNodeStealer Malware Now Targets Facebook Business Accounts on Multiple BrowsersAn ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities. "The attacks are reaching victims mainly in…THEHACKERNEWS.COM
15 SepDDoS 2.0: IoT Sparks New DDoS AlertThe Internet of Things (IoT) is transforming efficiency in various sectors like healthcare and logistics but has also introduced new security risks, particularly IoT-driven DDoS attacks. This article explores how these attacks work, why they’re uniquely problematic, and how to mi…THEHACKERNEWS.COM
15 SepBing Chat AI is down, affecting Windows Copilot and moreBing Chat, the famous ChatGPT-powered chatbot that allows users to converse with various personalities and topics has connectivity issues worldwide. [...]BLEEPINGCOMPUTER.COM
15 SepLokiBot Information Stealer Packs Fresh Infection StrategiesThe malware targets Microsoft users and steals various types of data, including email credentials, payment card information, and cryptocurrency passwords. It is particularly appealing to less technically skilled individuals due to its ease of use.BANKINFOSECURITY.COM
🎙️ PODCASTS 1[−]
15 SepCyber Security Today, Sept. 15, 2023 podcast - Warning: This group specializes in SMS texting scamsAn alert about a group that focuses on tricking IT support staff by claiming to be an employee who needs to reset their password, and moreCYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 17[−]
15 SepX launches account verification based on government IDX, formerly Twitter, has launched government ID-based account verification for paid users to prevent impersonation and give them benefits such as “prioritized support.” The social network has partnered with Israel-based Au10tix for identity verification solutions. The…TECHCRUNCH.COM
15 SepMobile Verification Toolkit Enables Forensic analysis of Android and iOS Devices to Identify CompromiseMVT offers features like decrypting encrypted iOS backups, extracting installed applications from Android devices, and generating unified chronological timelines of extracted records.HELPNETSECURITY.COM
15 SepGoogle Agrees to $93 Million Settlement in California's Location-Privacy LawsuitGoogle has agreed to pay $93 million to settle a lawsuit filed by the U.S. state of California over allegations that the company's location-privacy practices misled consumers and violated consumer protection laws. "Our investigation revealed that Google was telling its users one …THEHACKERNEWS.COM
15 SepTop apps for encrypted, private videocalls | Kaspersky official blogHow to host group calls and videoconferences with maximum security and end-to-end encryptionKASPERSKY.COM
15 SepTikTok slapped with $368 million fine over child privacy violationsThe Irish Data Protection Commission (DPC) has fined TikTok €345 million ($368 million) for violating the privacy of children between the ages of 13 and 17 while processing their data. [...]BLEEPINGCOMPUTER.COM
15 SepGoogle pays $93M to settle Android tracking lawsuit in CaliforniaCalifornia's Attorney General announced today that Google will pay $93 million to settle a privacy lawsuit alleging it violated the U.S. state's consumer protection laws. [...]BLEEPINGCOMPUTER.COM
15 SepArtificial Intelligence - ITSAP.00.040Artificial Intelligence (AI) is a developing technology that uses intelligent computer programs (i.e. learning algorithms) to find complex patterns in data to make predictions or classifications.CYBER.GC.CA
15 SepNew Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login CredentialsThe campaign uses batch files distributed via Facebook messages, utilizing images of defective products as bait, and stealing credentials and cookies from multiple browsers, not just Facebook, increasing the risk of targeted attacks.NETSKOPE.COM
15 SepEnhancing Cloud Security on AWSWhy You Should Consider a Cloud-Native Firewall Service How does an organization achieve peace of mind with security while overcoming the challenges of complex hybrid and multi-cloud networks? Here are the top reasons why your organization should consider implementing a cloud-nat…DATABREACHTODAY.CO.UK
15 SepCritical Considerations for Generative AI Use in HealthcareGenerative AI holds great potential for many amazing applications in healthcare, but it's critical to establish a strong framework before deploying it, said Barbee Mooneyhan, vice president of security, IT and privacy of Woebot Health, a provider of AI-driven online mental health…DATABREACHTODAY.CO.UK