98Articles
9Categories
2023-09-18Date
🚨 CISA KEV 3[−]
18 Sep KEVCISA Adds Eight Known Exploited Vulnerabilities to CatalogCISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2022-22265 Samsung Mobile Devices Use-After-Free Vulnerability CVE-2014-8361 Realtek SDK Improper Input Validation Vulnerability CVE-2017-6884 Z…CISA.GOV
18 Sep KEV#StopRansomware: Snatch RansomwareSUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically …CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
18 SepMicrosoft reveals memory corruption bugs in ‘ncurses’ libraryMicrosoft has discovered a set of memory corruption vulnerabilities in the ncurses library that provides a programming interface for writing text-based user interfaces (TUI) or console applications with a graphical appearance. Collectively identified as CVE-2023-29491 with a CVSS…CSOONLINE.COM
18 SepFortinet Patches High-Severity Vulnerabilities in FortiOS, FortiProxy, FortiWeb ProductsFortinet has released patches for a high-severity cross-site scripting (XSS) vulnerability impacting multiple FortiOS and FortiProxy versions. It is tracked as CVE-2023-29183 and has a CVSS score of 7.3.SECURITYWEEK.COM
⚠️ VULNERABILITY DISCLOSURE 16[−]
18 SepRetool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud ClientsSoftware development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced i…THEHACKERNEWS.COM
18 SepThe biggest data breach fines, penalties, and settlements so farSizable fines assessed for data breaches since 2019 suggest that regulators are getting more serious about organizations that don't properly protect consumer data. Marriott was hit with a $124 million fine, later reduced, while Equifax agreed to pay a minimum of $575 million for …CSOONLINE.COM
18 SepSeveral Colombian Government Ministries Hampered by Ransomware Attack at Technology ProviderThis week, the Ministry of Health and Social Protection, the country’s Judiciary Branch, and the Superintendency of Industry and Commerce announced that a cyberattack on technology provider IFX Networks Colombia had caused a range of problems.THERECORD.MEDIA
18 SepEarth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral MovementWhile monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementat…TRENDMICRO.COM
18 SepCyber-related False Claims actions are on the uptickEarlier this month, the US Department of Justice (DOJ) announced that Verizon Business Network Services agreed to pay $4,091,317, plus interest, to resolve False Claims Act (FCA) allegations. These allegations held that the company’s Managed Trusted Internet Protocol Service (MTI…CSOONLINE.COM
18 SepNew AMBERSQUID Cryptojacking Operation Targets Uncommon AWS ServicesA novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container…THEHACKERNEWS.COM
18 SepHook: New Android Banking Trojan That Expands on ERMAC's LegacyA new analysis of the Android banking trojan known as Hook has revealed that it's based on its predecessor called ERMAC. "The ERMAC source code was used as a base for Hook," NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last …THEHACKERNEWS.COM
18 SepMicrosoft AI researchers accidentally exposed terabytes of internal sensitive dataMicrosoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords, while publishing a storage bucket of open-source training data on GitHub. In research shared with TechCrunch, cloud security startup Wiz said it discovered a G…TECHCRUNCH.COM
18 SepMicrosoft mitigated exposure of internal information in a storage account due to overly-permissive SAS tokenSummary Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI…MSRC.MICROSOFT.COM
18 SepFortinet Patches High-Severity Vulnerabilities in FortiOS, FortiProxy, FortiWeb ProductsFortinet has released patches for a high-severity cross-site scripting vulnerability impacting its enterprise firewalls and switches. The post Fortinet Patches High-Severity Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products appeared first on SecurityWeek .SECURITYWEEK.COM
18 SepOT/IoT and OpenTitan, an Open Source Silicon Root of TrustA silicon root of trust (S-RoT) is designed to provide security to those parts of a device that can be attacked by a third party. The question remains, however: can the S-RoT itself be attacked? The post OT/IoT and OpenTitan, an Open Source Silicon Root of Trust appeared first on…SECURITYWEEK.COM
18 SepMicrosoft leaks 38TB of private data via unsecured Azure storageThe Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data while contributing open-source AI learning models to a public GitHub repository. [...]BLEEPINGCOMPUTER.COM
18 SepEarth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral MovementEarth Lusca, a China-linked threat actor, has developed a Linux variant of the backdoor malware SprySOCKS, which originated from the open-source Windows backdoor Trochilus, indicating their continued active operations and expansion.TRENDMICRO.COM
18 SepAWS cryptojacking campaign abuses less-used services to hideTo remain undetected for longer in cloud environments, attackers have started to abuse less-common services that don’t get a high level of security scrutiny. This is the case of a recently discovered cryptojacking operation, called AMBERSQUID, that deploys cryptocurrency mining m…CSOONLINE.COM
18 SepThousands of Juniper devices vulnerable to unauthenticated RCE flawAn estimated 12,000 Juniper SRX firewalls and EX switches are vulnerable to a fileless remote code execution flaw that attackers can exploit without authentication. [...]BLEEPINGCOMPUTER.COM
18 Sep2023 AT&T Cybersecurity Insights Report: Edge Ecosystem - Theresa Lanowitz, Steve Wint... - BSW #320Organizations still struggle with DDoS, ransomware, and personal information exfiltration. In order the prevent these attacks, we first need to understand the ‘types’ of DDoS and emerging threat techniques used by the adversary. In this interview, we explore these attacks in the …YOUTUBE.COM
📋 SECURITY BULLETINS 1[−]
18 SepGoogle Extends Security Update Support for Chromebooks to 10 YearsGoogle says that starting in 2024, all Chromebooks released after 2021 will automatically qualify for ten years of security updates, delivered automatically to the device every four weeks.BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 11[−]
18 SepShelter from the storm – lessons learned from the Storm-0558 Microsoft email attacksUnless you've been living under a rock, you've probably read or heard about the targeted attacks on US government email that used an access token generated by Microsoft to spoof allowed access. Called Storm-0558 , it involved a China-based threat actor using an acquired Microsoft…CSOONLINE.COM
18 SepCISA Panel Pitches Idea of a National Cybersecurity Alert SystemThe Cybersecurity Advisory Committee (CSAC), led by former National Cyber Director Chris Inglis, created a subcommittee in March to investigate the prospect of a National Cybersecurity Alert System.THERECORD.MEDIA
18 SepCISA Releases New Identity and Access Management GuidanceCISA has released new guidance on how federal agencies can integrate identity and access management into their ICAM architecture. The post CISA Releases New Identity and Access Management Guidance appeared first on SecurityWeek .SECURITYWEEK.COM
18 SepHow NIST Cybersecurity Framework 2.0 Tackles Risk ManagementThe NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines…SECURITYINTELLIGENCE.COM
18 Sep2023 AT&T Cybersecurity Insights Report: Edge Ecosystem | Leadership & Communications - BSW #320This week, we start things off with an interview with Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business & Steve Winterfeld, Advisory CISO at Akamai, about 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem. Then we follow up with our Leadership and …YOUTUBE.COM
18 SepSprySocks | Lazarus | Fortinet | Juniper | CISA | AI Art | Jason Wood & more – SWN326This week, Doug Talks: SprySocks, Lazarus, Fortinet, Juniper, CISA, AI Art , Jason Wood, and more on the Security Weekly News. →Full Show Notes: https://securityweekly.com/swn326 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our website: https://www.…YOUTUBE.COM
🔥 INCIDENT REPORTING 26[−]
18 SepHow Equifax Was Breached in 2017submitted by vedard to cybersecurity 1 points | 0 comments https://blog.0x7d0.dev/history/how-equifax-was-breached-in-2017/0X7D0.DEV
18 SepFinancially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware AttacksThe financially motivated threat actor known as UNC3944 is pivoting to ransomware deployment as part of an expansion to its monetization strategies, Mandiant has revealed. "UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purpose…THEHACKERNEWS.COM
18 SepUNC3944 is Now Deploying Ransomware VariantsA financially motivated criminal syndicate that mainly operates in Telegram and underground forums has expanded its criminal arsenals to deploy ransomware and other intrusion capabilities on various cloud applications, warn Mandiant researchers.BANKINFOSECURITY.COM
18 SepMore Russian Journalists Investigating Possible Spyware InfectionsMore Russian journalists have come forward this week expressing concern that they too may have been targeted with spyware, following the news that the prominent media figure Galina Timchenko was hacked with Pegasus.THERECORD.MEDIA
18 SepCyber Security Today, Sept. 18, 2023 - How a deepfake voice caused a company to be hackedThis episode reports on a sophisticated scam, and lessons that can be taught for security awareness trainingCYBERSECURITYTODAY.LIBSYN.COM
18 SepUpdate: Google Feature Blamed for Retool Breach That Led to Cryptocurrency Firm HacksA recently introduced Google account sync feature has been blamed by software development firm Retool after sophisticated hackers gained access to its systems and targeted over two dozen of its customers from the cryptocurrency sector.SECURITYWEEK.COM
18 SepBlackcat Ransomware Hits Azure Storage With Sphynx EncryptorThe BlackCat ransomware gang, suspected to be a rebrand of DarkSide/BlackMatter, has been using stolen Microsoft accounts and a new variant of the Sphynx encryptor to target Azure cloud storage.BLEEPINGCOMPUTER.COM
18 SepPentagon’s 2023 Cyber Strategy Focuses on Helping AlliesOne key focus of the 2023 Cyber Strategy is the commitment to boost the cyber capabilities of allies and partners, and to increase collective resilience against cyberattacks.SECURITYWEEK.COM
18 SepTikTok Is Hit With $368 Million Fine Under Europe’s Strict Data Privacy RulesEuropean regulators slapped TikTok with a $368 million fine for failing to protect children’s privacy, the first time that the popular short video-sharing app has been punished for breaching Europe’s strict data privacy rules. The post TikTok Is Hit With $368 Million Fine Under E…SECURITYWEEK.COM
18 SepUsing Hacked LastPass Keys to Steal CryptocurrencyRemember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users? Well, they’re now using that data break into crypto wallets and drain them: $…SCHNEIER.COM
18 SepORBCOMM Ransomware Attack Causes Trucking Fleet Management OutageTrucking and fleet management solutions provider ORBCOMM has confirmed that a ransomware attack is behind recent service outages preventing trucking companies from managing their fleets.BLEEPINGCOMPUTER.COM
18 SepCoinEx loses $70 million in cyber attackNorth Korean hackers are thought to be behind the cyber attack and theftCSHUB.COM
18 SepiOS 17 includes these new security and privacy featuresApple’s long-awaited iOS 17 update for iPhones lands today with a number of new and improved security features. Much of the new features are aimed at protecting iPhone owners who are at greater risk of cyberattacks and spyware, like journalists, activists and human rights defende…TECHCRUNCH.COM
18 SepTwo Vegas Casinos Fell Victim to Cyberattacks, Shattering the Image of Impenetrable Casino SecurityMGM Resorts and Caesars Entertainment hit by cyberattacks, shattering the image of impenetrable casino security. The post Two Vegas Casinos Fell Victim to Cyberattacks, Shattering the Image of Impenetrable Casino Security appeared first on SecurityWeek .SECURITYWEEK.COM
18 SepInternet Wide Multi VPN Search From Single /24 Network, (Mon, Sep 18th)Brute-forcing passwords for VPN access has become a standard technique for various actors to access corporate networks to exfiltrate data later or deploy ransomware. After identifying the VPN, an attacker may use simple brute forcing, credential stuffing, or social engineering in…ISC.SANS.EDU
18 SepAre your end-users' passwords compromised? Here's how to check.Passwords have long been used as the primary gatekeepers of digital security, yet they can also be a weak link in the chain. Learn more from Specops Software on how to find and secure compromised passwords. [...]BLEEPINGCOMPUTER.COM
18 SepFBI Hacker USDoD Leaks highly Sensitive TransUnion DataA threat actor known as “USDoD” leaked highly sensitive data allegedly stolen from the credit reporting agency. The leaked database, over 3GB in size, contains sensitive PII of 58,505 people, all across the globe, including the Americas and Europe.SECURITYAFFAIRS.COM
18 SepThe International Joint Commission Falls Victim to Ransomware Attack; 80GB Of Data StolenThe International Joint Commission (ICJ), an organization that handles water issues along the Canada–United States border, was hit by a ransomware attack, the Register reports.KNOWBE4.COM
18 SepETH Founder Vitalik Buterin’s X (Twitter) Hacked, $700k StolenRegarding how the hacking was successful, it is reported that the hacker compromised Buterin’s account and shared a post on his behalf, celebrating the arrival of Proto-Danksharding to the Ethereum platform.HACKREAD.COM
18 SepUK police officers’ data stolen in cyberattack on ID supplierThe personal details of thousands of U.K. police officers have been stolen after a suspected ransomware attack on a third-party supplier. Greater Manchester Police, one of the largest police departments in the U.K., confirmed last week that the supplier, since confirmed as Stockp…TECHCRUNCH.COM
18 SepOne of the FBI’s most wanted hackers is trolling the U.S. governmentEarlier this year, the U.S. government indicted Russian hacker Mikhail Matveev, also known by his online monikers “Wazawaka” and “Boriselcin,” accusing him of being “a prolific ransomware affiliate” who carried out “significant attacks” against companies and critical infrastructu…TECHCRUNCH.COM
18 SepNuance Notifying 14 NC Healthcare Clients of MOVEit HacksEntities Are Among Growing Tally of Health Sector Victims in Clop Mass Attack The list of healthcare entities affected by MOVEit file transfer hacks continues to grow. Nuance Communications acknowledged that hackers had stolen data belonging to 14 of its clients, all North Caroli…DATABREACHTODAY.CO.UK
18 SepTransUnion Involved in Potential Hacking IncidentHacker 'USDoD' Claims Attack, Says He Has Data of More Than 50,000 Consumers Credit reporting agency TransUnion may be the subject of a hacking incident leading to a data breach after a hacker apparently stole information of 58,505 customers across North and South America and Eur…DATABREACHTODAY.CO.UK
18 SepAustralian Law Firm Hack Affected 65 Government AgenciesAustralian Federal Police, Department of Home Affairs Reportedly Among the Victims An April ransomware attack against one of Australia's largest law firms swept up the data of 65 Australian government agencies, the country's national cybersecurity coordinator said Monday. The Rus…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 24[−]
18 SepWatch out, this LastPass email with "Important information about your account" is a phishsubmitted by throws_lemy to cybersecurity 1 points | 0 comments https://www.malwarebytes.com/blog/news/2023/09/nasty-lastpass-phishMALWAREBYTES.COM
18 SepISC Stormcast For Monday, September 18th, 2023 https://isc.sans.edu/podcastdetail/8662, (Mon, Sep 18th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
18 SepDragos Raises $74M to Advance OT Protection in Europe, AsiaMoney Will Address Enhanced OT Security Rules From Regulators, Insurance Providers Dragos completed a Series D extension to help organizations address enhanced OT security requirements from regulators and cyber insurance providers. The money will allow Dragos to help EU businesse…DATABREACHTODAY.CO.UK
18 SepICS Security Firm Dragos Raises $74 Million in Series D ExtensionICS/OT security firm Dragos has raised $74 million in a Series D extension funding round that brings the total to $440 million. The post ICS Security Firm Dragos Raises $74 Million in Series D Extension appeared first on SecurityWeek .SECURITYWEEK.COM
18 SepExtradited Russian Hacker Behind ‘NLBrute’ Malware Pleads GuiltyRussian hacker Dariy Pankov has pleaded guilty to computer fraud and now faces a maximum penalty of five years in federal prison, according to an announcement from the U.S. Attorney’s Office.SECURITYWEEK.COM
18 SepCanadian Government Targeted With DDoS Attacks by Pro-Russia GroupThe pro-Russian cybercrime group tracked as NoName057(16) is launching DDoS attacks against Canadian organizations. The post Canadian Government Targeted With DDoS Attacks by Pro-Russia Group appeared first on SecurityWeek .SECURITYWEEK.COM
18 SepMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
18 SepNew SprySOCKS Linux malware used in cyber espionage attacksA Chinese espionage-focused hacker tracked as 'Earth Lusca' was observed targeting government agencies in multiple countries, using a new Linux backdoor dubbed 'SprySOCKS.' [...]BLEEPINGCOMPUTER.COM
18 Sep[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 BlocklistNow there's a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!KNOWBE4.COM
18 SepGoogle Extends Chromebook Lifespan, Promises 10 Years of Automatic UpdatesGoogle Chromebooks released from 2021 and onwards will receive automatic updates, including security patches, for 10 years. The post Google Extends Chromebook Lifespan, Promises 10 Years of Automatic Updates appeared first on SecurityWeek .SECURITYWEEK.COM
18 Sep38TB of data accidentally exposed by Microsoft AI researcherssubmitted by BrikoX to cybersecurity 3 points | 0 comments https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchersWIZ.IO
18 SepLazarus APT Stole Almost $240 Million in Crypto Assets Since JuneAccording to a report by Elliptic, the North Korea-linked APT group Lazarus has stolen most of $240 million in crypto assets from multiple businesses, including Atomic Wallet ($100m), CoinsPaid ($37.3M), Alphapo ($60M), and Stake.com ($41M).SECURITYAFFAIRS.COM
18 SepMicrosoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal MessagesExposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. The post Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages appeared first on SecurityWeek .SECURITYWEEK.COM
18 SepHow Can FedNow Recruit More US Banks? Lessons From BrazilWith Only 90 Early Adopters, Federal Real-Time Payments Program Faces Challenges With only 90 early adopters, Federal Reserve's FedNow program faces the challenge of persuading U.S. banks to sign on to the real-time payments initiative launched in July. Experts say the Fed could …DATABREACHTODAY.CO.UK
18 SepRevealed: Israeli cyber firms developed an 'insane' new spyware tool. No defense existssubmitted by throws_lemy to cybersecurity 2 points | 1 comments https://www.haaretz.com/israel-news/2023-09-14/ty-article-magazine/.highlight/revealed-israeli-cyber-firms-developed-an-insane-new-spyware-tool-no-defense-exists/0000018a-93cb-de77-a98f-ffdf2fb60000HAARETZ.COM
18 SepUS DHS Announces New AI GuardrailsCIO Eric Hysen to Take on Additional Role as Agency's First Chief AI Officer DHS says it will eschew biased artificial intelligence decision-making and facial recognition systems as part of an ongoing federal effort to promote "trustworthy AI." "Artificial intelligence is a power…DATABREACHTODAY.CO.UK
18 SepBoard Members Struggling while Cybersecurity Goals Conflict with Business - BSW #320In the leadership and communications section, Board Members Struggling to Understand Cyber Risks, Cybersecurity Goals Conflict With Business Aims, Navigating Change: The Essence of Agile Leadership, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! S…YOUTUBE.COM
18 SepSift, LexisNexis Top Digital Fraud Management Forrester WaveNewcomer, Established Vendor Lead Efforts to Stop Fraudulent Payment Transactions Established provider LexisNexis Risk Solutions remains atop Forrester's digital fraud management rankings, while upstart Sift broke into the leaders category for the first time. Many providers in th…DATABREACHTODAY.CO.UK
18 SepAPT36 state hackers infect Android devices using YouTube app clonesThe APT36 hacking group, aka 'Transparent Tribe,' has been observed using at least three Android apps that mimic YouTube to infect devices with their signature remote access trojan (RAT), 'CapraRAT.' [...]BLEEPINGCOMPUTER.COM
18 SepAI Attacks and LLM Security Matters | News - PSW7996:00pm ET - Nathan Hamiel 7:00pm ET - Security News This week, we start things off with an interview with Nathan Hamiel, Senior Director of Research at Kudelski Security, about AI Attacks and LLM Security Matters. Then we follow up with our security news for the week! →Full Show …YOUTUBE.COM
18 Sep2024 Security Planning | Making tabletop exercises better! | Enterprise News - ESW332This week, we kick things off with and interview with Merritt Maxim, VP & Research Director at Forrester Inc., about 2024 Security Planning with Forrester. Then we discuss Making tabletop exercises better!, with Ryan Fried, Senior Consultant at Mandiant. Finally we finish off wit…YOUTUBE.COM
18 SepPasskeys | bots | hotels | conning the con | TrendMicro | Pizza | Aaran Leyland & more – SWN327This week, Doug Talks: Passkeys, bots, hotels, conning the con, TrendMicro, Pizza, Aaran Leyland, and more on the Security Weekly News. →Full Show Notes: https://securityweekly.com/swn327 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our website: htt…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
18 SepBumblebee malware returns in new attacks abusing WebDAV foldersThe malware loader 'Bumblebee' has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 14[−]
18 SepLatest evolution of ‘pig butchering’ scam lures victim into fake mining schemeLiquidity mining scam puts cruel new spin on Chinese cryptocurrency fraud, with a dash of AI chatSOPHOS.COM
18 SepCalifornia Settles With Google Over Location Privacy Practices for $93 MillionThe states’ investigation was sparked by a 2018 Associated Press story, which found that Google continued to track people’s location data even after they opted out of such tracking by disabling a feature the company called “location history.”SECURITYWEEK.COM
18 SepTikTok Flooded by 'Elon Musk' Cryptocurrency Giveaway ScamsTikTok is flooded by a surge of fake cryptocurrency giveaways posted to the video-sharing platform, with almost all of the videos pretending to be themes based on Elon Musk, Tesla, or SpaceX.BLEEPINGCOMPUTER.COM
18 SepThink Your MFA and PAM Solutions Protect You? Think AgainWhen you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA (Multi-Factor Authentication) and PAM (Privi…THEHACKERNEWS.COM
18 SepHow to boost the performance of the whole infosec team | Kaspersky official blogWhat tasks routinely create unnecessary work for infosec experts, and how to get them done in the shortest time.KASPERSKY.COM
18 SepClop Gang Stole Data From Major North Carolina HospitalsThe Microsoft-owned healthcare technology firm Nuance revealed that the Clop extortion gang has stolen personal data on major North Carolina hospitals as part of the Progress MOVEit Transfer campaign.SECURITYAFFAIRS.COM
18 SepCardX Issues Data Leak Notification Impacting Their Customers in ThailandThailand-based digital financial platform, CardX, experienced a data leak exposing personal information of customers, including names, addresses, phone numbers, and emails.SECURITYAFFAIRS.COM
18 SepAs Building Blocks for the Digital World, Coding Must be Memory Safe and SecureIn recognition of National Coding Week, Director Jen Easterly stresses the importance of safe and responsible coding.CISA.GOV
18 SepMicrosoft Paint finally gets support for layers and transparency​Microsoft is finally rolling out support for layers and image transparency to the Paint image editor application 38 years after its launch. [...]BLEEPINGCOMPUTER.COM
18 SepWindows Subsystem for Linux gets new 'mirrored' network modeMicrosoft has released Windows Subsystem for Linux (WSL) 2.0.0 with a set of new opt-in experimental features, including a new network mode and automated memory and disk size cleanup. [...]BLEEPINGCOMPUTER.COM
18 Sep10 tips to ace your cybersecurity job interviewOnce you’ve made it past the initial screening process and secured that all-important interview, it’s time to seal the deal. These 10 tips will put you on the right track.WELIVESECURITY.COM