🚨 CISA KEV 1[−]
19 Sep KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-28434 MinIO Security Feature Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pos…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
19 SepThousands of Juniper Devices Vulnerable to Unauthenticated RCE FlawToday, VulnCheck vulnerability researcher Jacob Baines released another PoC exploit that only utilizes CVE-2023-36845, bypassing the need to upload files while still achieving remote code execution.BLEEPINGCOMPUTER.COM
19 SepOver 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE VulnerabilityNew research has found that close to 12,000 internet-exposed Juniper firewall devices are vulnerable to a recently disclosed remote code execution flaw. VulnCheck, which discovered a new exploit for CVE-2023-36845, said it could be exploited by an "unauthenticated and remote atta…THEHACKERNEWS.COM
19 SepTrend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security ProductsTrend Micro has patched CVE-2023-41179, an Apex One zero-day code execution vulnerability that has been exploited in attacks. The post Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products appeared first on SecurityWeek .SECURITYWEEK.COM
⚠️ VULNERABILITY DISCLOSURE 22[−]
19 SepMicrosoft AI Researchers Accidentally Expose 38 Terabytes of Confidential DataMicrosoft on Monday said it took steps to correct a glaring security gaffe that led to the exposure of 38 terabytes of private data. The leak was discovered on the company's AI GitHub repository and is said to have been inadvertently made public when publishing a bucket of open-s…THEHACKERNEWS.COM
19 Sep6 notable API security initiatives launched in 2023Application programming interfaces (APIs) are increasingly central to modern enterprise computing key concepts in software development from simple programs to the most advanced design and architectural considerations that have become the connective tissue of the digital world. An…CSOONLINE.COM
19 SepCISA Says Owl Labs Vulnerabilities Requiring Close Physical Range Exploited in AttacksCISA says Owl Labs video conferencing device vulnerabilities that require the attacker to be in close range exploited in attacks The post CISA Says Owl Labs Vulnerabilities Requiring Close Physical Range Exploited in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
19 SepSources: CrowdStrike will announce its Bionic.ai acquisition for $350M todayEarlier this year, we broke the news that CrowdStrike was close to acquiring Bionic.ai — a security posture management platform for cloud services — for between $200 million and $300 million. Sources tell us that this deal has now closed and will be formally announced later…TECHCRUNCH.COM
19 SepThousands of Juniper Appliances Vulnerable to New ExploitVulnCheck details a new fileless exploit targeting a recent Junos OS vulnerability that thousands of devices have not been patched against. The post Thousands of Juniper Appliances Vulnerable to New Exploit appeared first on SecurityWeek .SECURITYWEEK.COM
19 SepPayment Card-Skimming Campaign Now Targeting Websites in North AmericaA Chinese-speaking threat actor known for skimming credit card numbers off e-commerce sites and point-of-sale service providers in the Asia/Pacific region for more than a year has begun aiming at similar targets in North and Latin America as well.DARKREADING.COM
19 SepA year into private ownership, SailPoint cracks the $600M ARR thresholdThe final earnings report that SailPoint disclosed before it was taken private detailed its Q2 2022 results, including revenue of $134.3M.TECHCRUNCH.COM
19 SepHow to avoid the Microsoft GitHub goof that exposed 38TB of sensitive employee dataMicrosoft's AI research team accidentally exposed 38 terabytes of private data through a Shared Access Signature (SAS) link it published on a GitHub repository, according to a report by Wiz research that highlighted how CISOs can minimize the chances of this happening to them in …CSOONLINE.COM
19 SepCISA Releases Four Industrial Control Systems AdvisoriesCISA released four Industrial Control Systems (ICS) advisories on September 19, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-262-01 Siemens SIMATIC PCS neo Administration Console ICSA-23-26…CISA.GOV
19 SepCrowdStrike to Buy AppSec Startup Bionic for Reported $350MDeal Will Offer Visibility Into Application Behavior, Vulnerability Prioritization CrowdStrike will buy an application security firm founded by two Israel Defense Forces veterans to deliver risk visibility and protection across the cloud. The deal will provide visibility into app…DATABREACHTODAY.CO.UK
19 SepGitLab urges users to install security updates for critical pipeline flawGitLab has released security updates to address a critical severity vulnerability that allows attackers to run pipelines as other users via scheduled security scan policies. [...]BLEEPINGCOMPUTER.COM
19 SepChinese Spies Infected Dozens of Networks With Thumb Drive Malwaresubmitted by c0mmando to netsec 1 points | 0 comments https://web.archive.org/web/20230919170021/https://www.wired.com/story/china-usb-sogu-malware/ For much of the cybersecurity industry, malware spread via USB drives represents the quaint hacker threat of the past decade—or the…WEB.ARCHIVE.ORG
19 SepNew ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implantssubmitted by c0mmando to netsec 1 points | 0 comments https://blog.talosintelligence.com/introducing-shrouded-snooper/ Cisco Talos recently discovered a new malware family we’re calling “HTTPSnoop” being deployed against telecommunications providers in the Middle East. HTTPSnoop …TALOSINTELLIGENCE.COM
19 SepUnsung Hero in Cyber Risk ManagementBehind the scenes of the world of vulnerability intelligence and threat huntingTRENDMICRO.COM
19 SepChina's Cyber Offensive: FBI Director Reveals Unmatched Scale of Hacking OperationsWASHINGTON – In a startling revelation, FBI Director Chris Wray disclosed at a recent conference that China's cyber espionage capabilities are so extensive, they bigger than the efforts of all other major nations combined.KNOWBE4.COM
19 SepCrowdStrike announces major build-out of its Falcon product suiteCloud-native security firm CrowdStrike has announced a re-architected release of its Falcon platform, dubbed Falcon Raptor. The next-generation product adds generative AI-powered incident investigation capabilities and extended detection and response (XDR) features. The Raptor re…CSOONLINE.COM
19 SepNew server backdoors posing as security product target telecomsSecurity researchers have uncovered a new set of backdoor programs that have been used to compromise systems belonging to telecommunications providers in the Middle East. The programs are not yet linked to any known cyberattack group, but multiple nation-state threat actors have …CSOONLINE.COM
19 SepObfuscated Scans for Older Adobe Experience Manager Vulnerabilities, (Tue, Sep 19th)Adobe Experience Manager (AEM) is a complex enterprise-level content management system built around open-source products like Apache Sling, Jackrabbit/Oak, and Felix. Just last week, Adobe patched another XSS vulnerability in AEM. But the scans we see now target older vulnerabili…ISC.SANS.EDU
19 SepAzure's Eight XSS Vulns, CNCF's Two Security Audits, CISA's OSS Roadmap, Repojacking - ASW #255A slew of XSS in Azure's HDInsights, CNCF releases fuzzing and security audits on Kyverno and Dragonfly2, CISA shares a roadmap for security open source software, race conditions and repojacking in GitHub, and more! Visit https://www.securityweekly.com/asw for all the latest epis…YOUTUBE.COM
19 SepHackers breached International Criminal Court’s systems last weekThe International Criminal Court (ICC) disclosed a cyberattack on Tuesday after discovering last week that its systems had been breached. [...]BLEEPINGCOMPUTER.COM
19 Sep KEVTrend Micro fixes endpoint protection zero-day used in attacksTrend Micro fixed a remote code execution zero-day vulnerability in the Trend Micro's Apex One endpoint protection solution that was actively exploited in attacks. [...]BLEEPINGCOMPUTER.COM
19 SepHowtorotate.com - Open Source Guides on Key Rotations from the Most Popular Providerssubmitted by L4s to secops 1 points | 0 comments https://howtorotate.com/ Howtorotate.com - Open Source Guides on Key Rotations from the Most Popular Providers::undefinedHOWTOROTATE.COM
📢 SECURITY ADVISORIES 8[−]
19 SepWhy Entities Should Review Their Online Tracker Use ASAPAny healthcare organization that embeds tracking technologies in its website should carefully review whether it is inadvertently violating HIPAA or other federal regulations, said Nick Heesters, senior adviser for cybersecurity at the Department of Health and Human Services' Offi…DATABREACHTODAY.CO.UK
19 SepGenerative AI: Embrace It, But Put Up GuardrailsIn this episode of CyberEd.io's podcast series, "Cybersecurity Insights," Daniel DeSantis, director of CISO Advisory at Cisco, and Pam Lindemoen, CISO adviser at Cisco, discuss how generative AI will change and elevate the role of the CISO as well as what the future holds for net…DATABREACHTODAY.CO.UK
19 SepSprySocks, Lazarus, Fortinet, Juniper, CISA, AI Art, More News, & Jason Wood - SWN #326SprySocks, Lazarus, Fortinet, Juniper, CISA, Transparent Tribe, AI Art, More News, and Jason Wood on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-326YOUTUBE.COM
19 SepCyber Experts Urge House Committee to Avoid Federal ShutdownAnnual Federal Funding Will Expire in 12 Days Cybersecurity experts urged Congress to avoid a government shutdown on Oct. 1 - the start of the new federal fiscal year - telling a House panel that a lapse would damage efforts to keep the nation secure. Congress has yet to approve …DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 15[−]
19 SepWho’s Behind the 8Base Ransomware Website?The victim shaming website operated by the cybercriminals behind 8Base -- currently one of the more active ransomware groups -- was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that…KREBSONSECURITY.COM
19 SepBumblebee Loader Resurfaces in New CampaignBumblebee, a loader used by ransomware threat actors, has recently resurfaced with new distribution techniques and updates to make it more resilient and harder to disrupt.INTEL471.COM
19 SepUpdate: Clorox Reports Production Issues After August CyberattackIn regulatory filings with the SEC, the company said the cyberattack “damaged portions of the Company’s IT infrastructure, which caused widescale disruption of Clorox’s operations.”THERECORD.MEDIA
19 SepUpdate: Australian Law Firm Hack Affected 65 Government AgenciesAn April ransomware attack against one of Australia's largest law firms swept up the data of 65 Australian government agencies, the country's newly appointed national cybersecurity coordinator said Monday.HEALTHCAREINFOSECURITY.COM
19 SepOperation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware CampaignTargets located in Azerbaijan have been singled out as part of a new campaign that's designed to deploy Rust-based malware on compromised systems. Cybersecurity firm Deep Instinct is tracking the operation under the name Operation Rusty Flag. It has not been associated with any k…THEHACKERNEWS.COM
19 SepGerman Spy Chief Warns of Cyberattacks Targeting Liquefied Natural Gas TerminalsBruno Kahl, the head of Germany’s foreign intelligence service, warned that liquefied natural gas (LNG) terminals in the country could be targeted by state-sponsored hackers.THERECORD.MEDIA
19 SepHow the FBI Fights Back Against Worldwide CyberattacksIn the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Jus…SECURITYINTELLIGENCE.COM
19 SepCyberheistNews Vol 13 #38 No Dice for MGM Vegas As It Battles Ransomware Attack DowntimeKNOWBE4.COM
19 SepClorox Blames Damaging Cyberattack for Product ShortageClorox says the recent cyberattack has been contained, but production is still not fully restored and there is a short supply of products. The post Clorox Blames Damaging Cyberattack for Product Shortage appeared first on SecurityWeek .SECURITYWEEK.COM
19 SepHackers backdoor telecom providers with new HTTPSnoop malwareNew malware named HTTPSnoop and PipeSnoop are used in cyberattacks on telecommunication service providers in the Middle East, allowing threat actors to remotely execute commands on infected devices. [...]BLEEPINGCOMPUTER.COM
19 Sep‘Cybersecurity Incident’ Hits ICCThe International Criminal Court was hit by what it called "anomalous activity" regarding its IT systems and that it was currently responding to this "cybersecurity incident." The post ‘Cybersecurity Incident’ Hits ICC appeared first on SecurityWeek .SECURITYWEEK.COM
19 SepOperation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware CampaignThe attack chain involves the use of LNK files and Dropbox to retrieve a second-stage payload, an MSI installer, that drops a Rust backdoor implant and other files on compromised systems.THEHACKERNEWS.COM
19 SepInternational Criminal Court says hackers accessed its systemsThe International Criminal Court (ICC) has said it experienced a cyberattack last week after hackers accessed its internal systems. The ICC, headquartered in The Hague, Netherlands, is the only permanent war crimes tribunal. Established in 2002, the court is currently investigati…TECHCRUNCH.COM
19 Sep'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom AttacksShroudedSnooper has targeted Middle East-based telecom firms using two stealthy backdoors, HTTPSnoop and PipeSnoop, which employ advanced anti-detection techniques and can give cyberattackers persistent access to networks.DARKREADING.COM
🕵️ THREAT INTELLIGENCE 29[−]
19 SepISC Stormcast For Tuesday, September 19th, 2023 https://isc.sans.edu/podcastdetail/8664, (Tue, Sep 19th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
19 SepIranian Hackers Attack Thousands of Organizations Using Password SprayingPeach Sandstorm, an Iranian Hackers group that targets organizations globally, aligns with the following threat groups:- Besides this, in the following sectors, the Iranian group, Peach Sandstorm pursued its targets most in the past attacks:- The cybersecurity researchers at Micr…GBHACKERS.COM
19 SepTransparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT MalwareThe suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity. "CapraRAT is a highly invasive tool that gi…THEHACKERNEWS.COM
19 SepSEC-T 2023 Stockholm - 21 videossubmitted by ashar to security_cpe 1 points | 0 comments https://youtube.com/playlist?list=PLv84MTo7Io20Vdg0ExpfmiHnR-TZtybTR&si=JMAzG3PfkqAKxRhc SEC-T is an affordable, non-profit, English speaking, two days [ actiually 3 days. ed ] , single track information security/hackin…YOUTUBE.COM
19 SepMetaverse Poses Serious Privacy Risks for Users, Report WarnsThe immersive internet experience known as the metaverse will erode users’ privacy unless significant steps are taken to improve and regulate how the technology captures and stores personal data, a new report from New York University argues.THERECORD.MEDIA
19 SepCybersecurity M&A Roundup for First Half of September 2023A dozen cybersecurity-related M&A deals were announced in the first half of September 2023. The post Cybersecurity M&A Roundup for First Half of September 2023 appeared first on SecurityWeek .SECURITYWEEK.COM
19 SepSecurity startup Discern launches AI-powered policy management platformCybersecurity startup Discern Security has announced the launch of a new AI-powered security policy management platform. The California-based company operates as "policy intelligence hub" that leverages AI capabilities to monitor and optimize security controls across multiple cyb…CSOONLINE.COM
19 SepDetecting AI-Generated TextThere are no reliable ways to distinguish text written by a human from text written by an large language model. OpenAI writes : Do AI detectors work? In short, no. While some (including OpenAI) have released tools that purport to detect AI-generated content, none of these have pr…SCHNEIER.COM
19 SepHacker Conversations: Casey Ellis, Hacker and Ringmaster at BugcrowdSecurityWeek interviews Casey Ellis, founder, chairman and CTO at Bugcrowd, best known for operating bug bounty programs for organizations. The post Hacker Conversations: Casey Ellis, Hacker and Ringmaster at Bugcrowd appeared first on SecurityWeek .SECURITYWEEK.COM
19 SepChinese Hackers Target North American, APAC Firms in Web Skimmer CampaignA Chinese threat actor has been observed targeting organizations in multiple industries to deploy web skimmers on online payment pages. The post Chinese Hackers Target North American, APAC Firms in Web Skimmer Campaign appeared first on SecurityWeek .SECURITYWEEK.COM
19 SepDEF CON 31 Main Stage Talkssubmitted by L4s to secops 1 points | 0 comments https://www.youtube.com/playlist?list=PL9fPq3eQfaaDLMTtVZDqq4aoU97NhZFP9 DEF CON 31 Main Stage Talks::Share your videos with friends, family, and the worldYOUTUBE.COM
19 SepEarth Lusca's New SprySOCKS Linux Backdoor Targets Government EntitiesThe China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary's attacks against public and priv…THEHACKERNEWS.COM
19 SepAlcion Raises $21 Million for Backup-as-a-Service PlatformData management startup Alcion has raised $21 million in a Series A funding round led by Veeam to expand its market presence. The post Alcion Raises $21 Million for Backup-as-a-Service Platform appeared first on SecurityWeek .SECURITYWEEK.COM
19 SepPakistani APT Uses YouTube-Mimicking RAT to Spy on Android DevicesNew versions of Pakistan-linked APT Transparent Tribe’s CapraRAT Android trojan mimic the appearance of YouTube. The post Pakistani APT Uses YouTube-Mimicking RAT to Spy on Android Devices appeared first on SecurityWeek .SECURITYWEEK.COM
19 SepShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom CompaniesTelecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop. "HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP …THEHACKERNEWS.COM
19 SepRomance Scams That Run Your Crypto Wallet DryScammers are using dating sites to lure victims into phony cryptocurrency investment schemes, according to Sean Gallagher at Sophos.KNOWBE4.COM
19 SepManaging CyberRisk in a Mid-Cap Company - Walter Lefmann - CSP 140MidCap enterprise security is challenge – SMB’s have all the needs of a large enterprise, but not the same large budget or army of defenders. We are also a "sweet spot" target for cybercriminals -- you have enough money to be worth some real effort, but again not a large army of …YOUTUBE.COM
19 SepCakePHP Application Cybersecurity Research - White box penetration testing in actionsubmitted by throws_lemy to cybersecurity 1 points | 0 comments https://zigrin.com/cakephp-application-cybersecurity-research-white-box-penetration-testing-in-action/ZIGRIN.COM
19 SepVenafi Leverages Generative AI to Manage Machine IdentitiesVenafi launched a proprietary generative AI model to help with the mammoth, complex, and expanding problem of managing machine identities. The post Venafi Leverages Generative AI to Manage Machine Identities appeared first on SecurityWeek .SECURITYWEEK.COM
19 SepPro-Russian Actors Initiated A DDoS Attack Against Canadian OrganizationsThe Canadian government, banking, and transportation industries have recently been the targets of many distributed denial of service (DDoS) attacks. This criminal activity is linked to state-sponsored cyber threat actors from Russia. Since March 2022, NoName057(16), a pro-Russian…GBHACKERS.COM
19 SepHiddenLayer Raises Hefty $50M Round for AI Security TechTexas startup attracts major investor interest to build an MLMDR (machine learning detection and response) technology. The post HiddenLayer Raises Hefty $50M Round for AI Security Tech appeared first on SecurityWeek .SECURITYWEEK.COM
19 SepCrowdStrike to Acquire Application Intelligence Startup BionicThe cash-and-stock transaction provides capabilities for CrowdStrike to beef up its enterprise cloud security portfolio. The post CrowdStrike to Acquire Application Intelligence Startup Bionic appeared first on SecurityWeek .SECURITYWEEK.COM
19 SepStopping Business Logic Attacks: Why a WAF is no Longer Enough - Karl Triebes - ASW #255The majority of attacks are now automated, with a growing number of attacks targeting business logic via APIs, which is unique to every organization. This shift makes traditional signature-based defenses insufficient to stop targeted business logic attacks on their own. In this d…YOUTUBE.COM
19 SepMicrosoft AI Group Accidentally Exposes 38TB of Internal Datasubmitted by throws_lemy to cybersecurity 1 points | 0 comments https://returnbyte.com/microsoft-ai-group-accidentally-exposes-38tb-internal-data/RETURNBYTE.COM
19 SepThe Expel Quarterly Threat Report distills the threats and trends the Expel SOC saw in Q2. Download it now.Graham Cluley Security News is sponsored this week by the folks at Expel. Thanks to the great team there for their support! Every quarter, the Expel security operations centre (SOC) publishes its Quarterly Threat Report (QTR) to distill all the trends, notable new behaviours, and…GRAHAMCLULEY.COM
19 SepExpert: Keep Calm, Avoid Overhyping China's AI CapabilitiesChina's Ability to Diffuse AI Across Economy Lags Ability to Make Big Breakthroughs A researcher advised lawmakers to "keep calm and avoid overhyping China's AI capabilities" since the authoritarian regime struggles to drive widespread adoption of new technology. He urged Congres…DATABREACHTODAY.CO.UK
19 SepForrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ reportMicrosoft is proud to be recognized as a Leader in The Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report. The post Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report appeared first on Microsoft Security Blog .MICROSOFT.COM
19 SepJust Released and Ready for Download — Software Firewalls for Dummiesbetter understand the extensive need and numerous use cases for virtual firewalls, container firewalls and managed cloud firewalls with our essential guide, “Software Firewalls for Dummies.” The post Just Released and Ready for Download — Software Firewalls for Dummies appeared f…PALOALTONETWORKS.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
19 SepTransparent Tribe’s CapraRAT Mimics YouTube to Hijack Android PhonesThe CapraRAT mobile RAT hidden within these YouTube-themed apps gives the attacker control over various data on infected Android devices, including recording audio and video, collecting messages and call logs, and modifying files.SENTINELONE.COM
19 SepAn Assessment of Russian Threat Group Turla (aka Pensive Ursa)The top 10 most recently active types of malware used by Pensive Ursa include Capibar, Kazuar, Snake, QUIETCANARY, Kopiluwak, Crutch, ComRAT, Carbon, HyperStack, and TinyTurla, with each having distinct functionalities and attack techniques.UNIT42.PALOALTONETWORKS.COM
19 SepNew Hook Android Banking Trojan Expands on ERMAC's Legacy"All commands (30 in total) that the malware operator can send to a device infected with ERMAC malware, also exist in Hook. The code implementation for these commands is nearly identical," NCC Group security researchers said.THEHACKERNEWS.COM
19 SepInside the Code of a New XWorm VariantXWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe. Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significant…THEHACKERNEWS.COM
19 SepInside the Code of a New XWorm VariantThe configuration of the latest XWorm variant reveals key details such as the host, port, AES key, and Telegram information, providing insights into the malware's operations.THEHACKERNEWS.COM
📡 INFOSEC NEWS 14[−]
19 SepFraudsters Steal Over $1 Million in Three Weeks in ‘Pig Butchering’ ScamThe attackers utilized fake trading pools of cryptocurrency from decentralized finance (DeFi) trading applications to defraud their victims, with one individual losing $22,000 in a single week.INFOSECURITY-MAGAZINE.COM
19 SepLive Webinar: Overcoming Generative AI Data Leakage RisksAs the adoption of generative AI tools, like ChatGPT, continues to surge, so does the risk of data exposure. According to Gartner’s "Emerging Tech: Top 4 Security Risks of GenAI" report, privacy and data security is one of the four major emerging risks within generative AI. A new…THEHACKERNEWS.COM
19 SepMicrosoft AI Research Division Leak 38TB of Private DataCloud security firm Wiz discovered the privacy snafu when it found the GitHub repository “robust-models-transfer,” which belonged to Microsoft’s AI research division, leaking sensitive internal information.INFOSECURITY-MAGAZINE.COM
19 SepCato Networks, valued at $3B, lands $238M ahead of its anticipated IPOCato Networks, the Tel Aviv-based startup that packages software-defined networking, managed cybersecurity and global backbone services into a single offering, today announced that it raised $238 million in an equity investment that values the company at over $3 billion. LightSpe…TECHCRUNCH.COM
19 SepHR phishing: self-evaluation questionnaire | Kaspersky official blogAttackers posing as HR send invitations to complete a self-evaluation to steal corporate credentials.KASPERSKY.COM
19 SepMisconfigured SAS Token By Microsoft's AI Team Exposes 38TB Of GitHub DataPACKETSTORMSECURITY.COM
19 SepMicrosoft to start retiring Exchange Web Services in October 2026Microsoft said today that the Exchange Web Services (EWS) API for Exchange Online and Office 365 will be retired in approximately three years. [...]BLEEPINGCOMPUTER.COM
19 SepProtect CNC Machines in Networked IT/OT EnvironmentsNetworking IT/OT environments is a bit like walking a tightrope, balancing the pursuit of intelligence and efficiency against the risks of exposing OT systems to the wider world. Trend Micro recently teamed up with global machine tool company Celada to identify specific risks ass…TRENDMICRO.COM
19 SepNew AMBERSQUID Cryptojacking Operation Targets Uncommon AWS ServicesA novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency.THEHACKERNEWS.COM
19 SepJourney to the Cloud: Navigating the Transformation - Part 2Nikko Asset Management's Marcus Rameke on the Advantages of HCI On-Premises In Part 2 of this three-part blog post, Nikko Asset Management's Marcus Rameke discusses why he prefers HCI over traditional three-tier architecture data centers and IaaS and why the vision to move the wo…DATABREACHTODAY.CO.UK
19 SepPhalanx protects company data by automatically securing and tracking sensitive documentsData loss prevention (DLP) has emerged as a foundational strategy for businesses looking to prevent workers from inadvertently (or advertently) sharing sensitive data outside the confines of the company network. At its core, DLP is about solving the “people problem” &…TECHCRUNCH.COM
19 SepYikes! My sex video has been uploaded to YouPorn, apparentlyApparently YouPorn's AI algorithm has detected me in an uploaded sex video. All I have to do is pay hundreds of dollars worth of Bitcoin to prevent it from being published.GRAHAMCLULEY.COM
19 SepClaimants in Celsius crypto bankruptcy targeted in phishing attackScammers are impersonating the bankruptcy claim agent for crypto lender Celsius in phishing attacks that attempt to steal funds from cryptocurrency wallets. [...]BLEEPINGCOMPUTER.COM