80Articles
8Categories
2023-09-22Date
🚨 CISA KEV 2[−]
22 Sep KEVCISA Adds Owl Labs, Samsung, Realtek Bugs to Exploited Vulnerability ListThe CISA added eight bugs on Monday and another on Tuesday to its list of known exploited vulnerabilities, giving FCEB agencies three weeks to patch the issues that affect products from MinIO, Samsung, Realtek, Zyxel, Laravel, and Owl Labs.THERECORD.MEDIA
22 Sep KEVFaster Patching Pace Validates CISA’s KEV Catalog InitiativeCISA says Known Exploited Vulnerabilities Catalog has helped federal agencies significantly accelerate their vulnerability remediation pace. The post Faster Patching Pace Validates CISA’s KEV Catalog Initiative appeared first on SecurityWeek .SECURITYWEEK.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
22 SepThe WebP 0daysubmitted by L4s to secops 1 points | 0 comments https://blog.isosceles.com/the-webp-0day/ The WebP 0day::Early last week, Google released a new stable update for Chrome. The update included a single security fix that was reported by Apple’s Security Engineering and Architecture …ISOSCELES.COM
22 Sep KEVApple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More VulnerableApple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities …THEHACKERNEWS.COM
22 SepAtlassian Security Updates Patch High-Severity VulnerabilitiesTracked as CVE-2023-22513 (CVSS score of 8.5), the most severe of these issues is described as a remote code execution (RCE) bug in Bitbucket that could impact confidentiality, integrity, and availability.SECURITYWEEK.COM
22 SepHigh-Severity Flaws Uncovered in Atlassian Products and ISC BIND ServerAtlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution. The Australian software services provider said that the four high-severity flaw…THEHACKERNEWS.COM
22 SepCVE-2022-35825 Visual Studio Remote Code Execution VulnerabilityAcknowledgement added. This is an informational change only.MSRC.MICROSOFT.COM
22 Sep0-days exploited by commercial surveillance vendor in Egyptsubmitted by c0mmando to netsec 1 points | 0 comments https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/ Last week Google’s Threat Analysis Group (TAG), in partnership with The Citizen Lab , discovered an in-the-wild 0-day explo…BLOG.GOOGLE
22 SepPREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions - The Citizen Labsubmitted by c0mmando to netsec 1 points | 0 comments https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/ Key Findings Between May and September 2023, former Egyptian MP Ahmed Eltantawy was ta…CITIZENLAB.CA
⚠️ VULNERABILITY DISCLOSURE 18[−]
22 SepGold Melody Attacking Organizations With Burp Extension, Mimikatz, and Other ToolsThe financially motivated GOLD MELODY threat group has been active at least since 2017, attacking organizations by taking advantage of flaws in unpatched internet-facing servers. A threat group serves as an initial access broker (IAB) by selling access to organizations that have …GBHACKERS.COM
22 SepApple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhonesApple has patched 3 zero-day vulnerabilities that have likely been exploited by a spyware vendor to hack iPhones. The post Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones appeared first on SecurityWeek .SECURITYWEEK.COM
22 SepHow to Interpret the 2023 MITRE ATT&CK Evaluation ResultsThorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluation. This testing i…THEHACKERNEWS.COM
22 SepApple Emergency Updates Fix Three New Zero-Days Exploited in AttacksApple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days fixed this year.BLEEPINGCOMPUTER.COM
22 SepBIND Updates Patch Two High-Severity DoS VulnerabilitiesThe latest BIND security updates include patches for two high-severity DoS vulnerabilities that can be exploited remotely. The post BIND Updates Patch Two High-Severity DoS Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
22 SepSandman APT Infiltrates Telecommunications Companies Using LuaDream BackdoorThe activities of Sandman suggest espionage motivations, with a focus on telecommunications providers and a potential connection to a private contractor or mercenary group.SENTINELONE.COM
22 SepAttacker Unleashes Stealthy Crypto Mining via Malicious Python PackageThe Python package "Culturestreak" is a malicious software that hijacks system resources for unauthorized cryptocurrency mining. The package utilizes obfuscated code and random filenames to evade detection, making it a persistent threat.CHECKMARX.COM
22 Sep KEVApple issues emergency security updates for iPhone, iPad, and Apple Watchsubmitted by c0mmando to netsec 1 points | 0 comments https://www.zdnet.com/article/apple-issues-emergency-security-updates-for-iphone-ipad-and-apple-watch/ Apple has released emergency security patches for its core products just days after rolling out brand new versions of their…ZDNET.COM
22 Sep KEVYes, you have to update your Apple devices again, because spyware is badApple on Thursday released urgent security updates for iPhones, iPads, Macs, Apple Watch, and Safari users to patch against three vulnerabilities that Apple says are being actively exploited. The three vulnerabilities include a flaw in WebKit, the browser engine that powers Safar…TECHCRUNCH.COM
22 SepOpen Source Software Must Start with Secure CodeCISA highlights the importance of open source software and our efforts to help secure it.CISA.GOV
22 SepRecently patched Apple, Chrome zero-days exploited in spyware attacksSecurity researchers with The Citizen Lab and Google's Threat Analysis Group (TAG) revealed today that three zero-days patched by Apple on Thursday were abused as part of an exploit chain to install Cytrox's Predator spyware. [...]BLEEPINGCOMPUTER.COM
22 SepApple Releases Security Updates for Multiple ProductsApple has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the n…CISA.GOV
22 SepDallas says Royal ransomware breached its network using stolen accountThe City of Dallas, Texas, said this week that the Royal ransomware attack that forced it to shut down all IT systems in May started with a stolen account. [...]BLEEPINGCOMPUTER.COM
22 SepEgyptian opposition politician hacked with Predator spyware, researchers confirmsubmitted by c0mmando to netsec 2 points | 0 comments https://therecord.media/egyptian-opposition-politican-ahmed-altantawy-spyware-predator The phone of Egyptian opposition politician Ahmed Eltantawy was recently targeted with Predator spyware, in a campaign that researchers at …THERECORD.MEDIA
22 SepGoogle CISO Phil Venables on Building Strong CIO-CISO BondsCIO, CISO Must Join Forces to Upgrade Organization to More Defendable Architecture Increased engagement from boards on digital transformation initiatives around cloud and AI adoption has spurred greater investment in cybersecurity, said Google Cloud CISO Phil Venables. Systems bu…DATABREACHTODAY.CO.UK
22 Sep KEVApple Fixes Bugs That Infected Egyptian Politician's iPhoneCytrox's Predator Found on Device of Ahmed Eltantawy Apple released patches Thursday to close three actively exploited vulnerabilities that researchers say commercial spyware maker Cytrox used to infect the iPhone of Egyptian politician Ahmed Eltantawy with Predator malware. The …DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 1[−]
🔥 INCIDENT REPORTING 18[−]
22 SepMysterious 'Sandman' Threat Actor Targets Telecom Providers Across Three ContinentsA previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting telecommunic koation providers in the Middle East, Western Europe, and the South Asian subcontinent. Notably, the intrusions leverage a just-in-time (JIT) compiler for th…THEHACKERNEWS.COM
22 SepUpdate: MGM Resorts Computers Back Up After 10 Days as Analysts Eye Effects of Casino Cyberattacks“We are pleased that all of our hotels and casinos are operating normally,” the Las Vegas-based company posted on X, the platform formerly known as Twitter. It was reported last week that the attack was detected on September 10.SECURITYWEEK.COM
22 SepCyber Security Today, Sept. 23, 2023 - Nova Scotia details MOVEit victims, a new ransomware strain found and moreThis podcast reports on the latest number of MOVEit victims, new ransomware numbers and moreCYBERSECURITYTODAY.LIBSYN.COM
22 SepAir Canada Says Hackers Accessed Limited Employee Records During CyberattackCanada’s largest airline, Air Canada, announced a data breach this week that involved the information of employees, but said its operations and customer data were not impacted.THERECORD.MEDIA
22 SepHotel hackers redirect guest to fake Booking.com to steal cardsSecurity researchers discovered a multi-step information stealing campaign where hackers breach the systems of hotels, booking sites, and travel agencies and then use their access to go after financial data belonging to customers. [...]BLEEPINGCOMPUTER.COM
22 SepRising OT/ICS Cybersecurity Incidents Reveal Alarming TrendApproximately 60% of cyberattacks on the industrial sector are carried out by state-affiliated actors, often with the unintentional assistance of internal personnel (about 33% of the time), according to Rockwell Automation.HELPNETSECURITY.COM
22 SepHotel hackers redirect guests to fake Booking.com to steal cardsSecurity researchers discovered a multi-step information stealing campaign where hackers breach the systems of hotels, booking sites, and travel agencies and then use their access to go after financial data belonging to customers. [...]BLEEPINGCOMPUTER.COM
22 SepAir Canada Says Employee Information Accessed in CyberattackCanada’s largest airline says the personal information of some employees was accessed in a recent cyberattack. The post Air Canada Says Employee Information Accessed in Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
22 SepWeekly Update 366Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Well that's it, Europe is done! I've spent the week in Prague with highlights including catching up with Josef Prusa, keynoti…TROYHUNT.COM
22 SepOhio Community College Data Theft Breach Affects Nearly 300KIn a breach notification on Wednesday, Lakeland Community College didn't provide any details on the attack, which occurred between March 7 and March 31, but the Vice Society ransomware group had earlier listed the college on its data leak site.BANKINFOSECURITY.COM
22 SepT-Mobile denies new data breach rumors, points to authorized retailerT-Mobile has denied suffering another data breach following Thursday night reports that a threat actor leaked a large database allegedly containing T-Mobile employees' data. [...]BLEEPINGCOMPUTER.COM
22 SepMGM Resorts Says Hotels 'Operating Normally' After AttackBut Digital Room Keys Still Unavailable; Slot Machines Have 'Intermittent Issues' MGM Resorts International says its hotels and casinos are now operating "normally" after the company was hit by ransomware-wielding attackers. Even so, numerous systems remain offline - including di…DATABREACHTODAY.CO.UK
22 SepGoogle’s Parisa Tabriz on how the company stays ahead of hackersGoogle is constantly under attack. But while hackers have compromised gaming giants, casinos, and other technology giants in recent months, Google has so far remained largely unscathed. Parisa Tabriz, who is responsible for Chrome web browser security and Project Zero, credits mu…TECHCRUNCH.COM
22 SepCrypto firm Nansen asks users to reset passwords after vendor breachEthereum blockchain analytics firm Nansen asks a subset of its users to reset passwords following a recent data breach at its authentication provider. [...]BLEEPINGCOMPUTER.COM
22 SepGovernment of Bermuda links cyberattack to Russian hackersThe Government of British Overseas Territory Bermuda has linked a cyberattack affecting all its departments' IT systems since Thursday to hackers based out of Russia. [...]BLEEPINGCOMPUTER.COM
22 SepCyber Security Today, Week in Review for the week ending Friday, Sept. 22, 2023This episode features discussion about the MGM Resorts ransomware attack, and on recent DDoS attacks against Canadian websitesCYBERSECURITYTODAY.LIBSYN.COM
22 SepChinese, North Korean Nation-State Groups Target Health DataHHS Report Lists APT41, APT43 and Lazarus Among Top Threat Groups Chinese and North Korean nation-state groups continue to pose significant "unique threats" to the U.S. healthcare and public health sector, including data exfiltration attacks involving espionage and intellectual p…DATABREACHTODAY.CO.UK
22 SepLastPass: ‘Horse Gone Barn Bolted’ is Strong PasswordThe password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relation…KREBSONSECURITY.COM
🕵️ THREAT INTELLIGENCE 21[−]
22 SepISC Stormcast For Friday, September 22nd, 2023 https://isc.sans.edu/podcastdetail/8670, (Fri, Sep 22nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
22 SepSignal Adds Quantum-Resistant Encryption to its E2EE Messaging ProtocolSignal plans to continue adapting and upgrading its encryption mechanism to ensure quantum-resistant end-to-end encryption in the face of emerging challenges and ongoing research.BLEEPINGCOMPUTER.COM
22 SepExamining the Activities of the Turla APT GroupWe examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.TRENDMICRO.COM
22 SepIranian Nation-State Actor OilRig Targets Israeli OrganizationsIsraeli organizations were targeted as part of two different campaigns orchestrated by the Iranian nation-state actor known as OilRig in 2021 and 2022. The campaigns, dubbed Outer Space and Juicy Mix, entailed the use of two previously documented first-stage backdoors called Sola…THEHACKERNEWS.COM
22 SepSANS Survey Shows Drop in 2023 ICS/OT Security BudgetsICS/OT security budgets have decreased in 2023 compared to last year, according to a survey conducted by SANS. The post SANS Survey Shows Drop in 2023 ICS/OT Security Budgets appeared first on SecurityWeek .SECURITYWEEK.COM
22 SepChina’s Offensive Cyber Operations in Africa Support Soft Power EffortsChinese state-sponsored threat groups have targeted telecoms, financial and government organizations in Africa as part of soft power efforts. The post China’s Offensive Cyber Operations in Africa Support Soft Power Efforts appeared first on SecurityWeek .SECURITYWEEK.COM
22 SepCryptojacking Campaign Infected Online Thesaurus With Over 5 Million VisitorsStudents, authors, and anybody else wishing to improve their vocabulary and language abilities frequently utilize Thesaurus, one of the well-known platforms with 5 million monthly visitors. Cybersecurity analysts at Group-IB recently found a cryptojacking scheme on a popular Thes…GBHACKERS.COM
22 SepIn Other News: New Analysis of Snowden Files, Yubico Goes Public, Election HackingNoteworthy stories that might have slipped under the radar: Snowden file analysis, Yubico starts trading, election hacking event. The post In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking appeared first on SecurityWeek .SECURITYWEEK.COM
22 SepCryptomining malware detected on a Russian thesaurus with 5 Million+ monthly visitssubmitted by L4s to secops 1 points | 0 comments https://www.group-ib.com/blog/mxdr-cryptominer/ Cryptomining malware detected on a Russian thesaurus with 5 Million+ monthly visits::Leading provider of cybersecurity solutions: Threat Intelligence, antifraud, anti-APT. Protect bet…GROUP-IB.COM
22 SepIranian Nation-State Actor OilRig Targets Israeli OrganizationsThe campaigns, dubbed Outer Space and Juicy Mix, entailed the use of two previously documented first-stage backdoors called Solar and Mango, which were deployed to collect sensitive information from major browsers and the Windows Credential Manager.THEHACKERNEWS.COM
22 SepPasskeys, bots, hotels, conning the con, TrendMicro, Pizza & Aaran Leyland - SWN #327This week on the Security Weekly News: Passkeys, bots, hotels, conning the con, TrendMicro, Pizza, Aaran Leyland, & more! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-327YOUTUBE.COM
22 SepUK Approves Commercial Data Transfer Deal With USAgreement Says Organizations Don't Need to Assess Risk Before Transferring Data The British government on Thursday signed onto a European deal easing trans-Atlantic commercial data flows with the United States, telling Parliament that the United Kingdom will accede to a Brussels-…DATABREACHTODAY.CO.UK
22 SepNation-State Actors Unleash Stealthy, LuaJIT-Based MalwareUnknown Hackers Target Telecoms in Middle East, Europe, Asia With Novel Backdoor SentinelOne observed suspected cyberespionage actors of unknown origin using modular backdoors and highly stealthy tactics in August to target telecommunication companies in the Middle East, Western …DATABREACHTODAY.CO.UK
22 SepFriday Squid Blogging: New Squid SpeciesAn ancient squid : New research on fossils has revealed that a vampire-like ancient squid haunted Earth’s oceans 165 million years ago. The study, published in June edition of the journal Papers in Palaeontology , says the creature had a bullet-shaped body with luminous org…SCHNEIER.COM
22 SepCato Networks Raises $238M on $3B Valuation to Move UpmarketEquity Investment Will Allow Cato Networks to Tightly Integrate CASB, DLP With SASE A late-stage SASE startup led by a serial entrepreneur hauled in a massive equity investment to address the feature and capability needs of large enterprises. The $238 million in funding will allo…DATABREACHTODAY.CO.UK
22 SepESET's cutting-edge threat research at LABScon – Week in security with Tony AnscombeTwo ESET malware researchers took to the LABScon stage this year to deconstruct sophisticated attacks conducted by two well-known APT groupsWELIVESECURITY.COM
22 SepStealth Falcon preying over Middle Eastern skies with DeadglyphESET researchers have discovered Deadglyph, a sophisticated backdoor used by the infamous Stealth Falcon group for espionage in the Middle EastWELIVESECURITY.COM
22 SepUnlocking Your Data: How to Convert OST to PST Files SuccessfullyThis article explores the conversion of Microsoft Outlook’s OST file to PST format and highlights the necessity of this conversion for tasks. Learn the manual process within Outlook to conver an OST file to PST format. It also suggests using third-party software like Stella…GBHACKERS.COM
22 SepInfoSec World 2023 - Day 2→Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/secweekly #InfoSecNews #InformationSecurity #CybersecurityYOUTUBE.COM
22 SepNews alert: SSH announces another US financial institution selects PrivX as its PAM solutionHelsinki, Finland, Sept. 22, 2023 – A leading global financial institution has selected PrivX as its privileged access management (PAM) solution. The customer is one of the largest and most important financial institutions in the world. This is third major … (more…)LASTWATCHDOG.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
22 SepBBTok Banking Trojan Impersonates Over 40 Banks to Hijack Victim AccountsThe campaign uses advanced obfuscation techniques, phishing links, and geofencing to ensure victims are located only in Brazil and Mexico, demonstrating an evolution in the attackers' tactics.DARKREADING.COM
22 SepNew Variant of Banking Trojan BBTok Targets Over 40 Latin American BanksAn active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. "The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, an…THEHACKERNEWS.COM
📡 INFOSEC NEWS 11[−]
22 SepSpace and Defense Tech Maker Exail Technologies Exposes Database AccessThe exposure of the company's web server version and operating system flavor poses a risk as attackers could target specific vulnerabilities associated with the operating system.SECURITYAFFAIRS.COM
22 SepHigh-Severity Flaws Uncovered in ISC BIND ServerISC has released fixes for two high-severity bugs affecting the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could pave the way for a DoS condition.THEHACKERNEWS.COM
22 SepLegit Security Lands $40M to Lock Down Apps and Dev EnvironmentsLegit Security, a cybersecurity company developing a platform to identify app vulnerabilities from code, has raised $40 million in a Series B funding round led by CRV with participation from Cyberstarts, Bessemer Venture Partners, and TCV.TECHCRUNCH.COM
22 SepChinese-speaking Users Targeted with ValleyRAT and Sainbox RATProofpoint has identified a notable rise in cybercrime activity aimed at Chinese-speaking individuals. It noted that ValleyRAT and a Gh0stRAt variant named Sainbox RAT targeted global organizations with Chinese operations. These are being distributed via Excel and PDF attachments…CYWARE.COM
22 SepSecurity Concerns and Outages Elevate Observability From IT Niche to Business EssentialA new report from SolarWinds highlights the benefits of observability for enterprises. The report states that companies that implement observability experience increased operational efficiency, faster innovation, and better business outcomes.HELPNETSECURITY.COM
22 SepHotel Hackers Redirect Guests to Fake booking.com to Steal CardsDespite the sophisticated techniques used, users can still protect themselves by being cautious of unsolicited links, suspicious messages, and checking URLs for deception, as well as contacting the company directly for clarification.BLEEPINGCOMPUTER.COM
22 SepHow to deal with your brand's doppelgangers | Kaspersky official blogA cybersecurity service that can detect and fight phishing sites, social media accounts, and apps in stores that use your brand name.KASPERSKY.COM
22 SepNigerian man pleads guilty to attempted $6 million BEC email heistKosi Goodness Simon-Ebo, a 29-year-old Nigerian national extradited from Canada to the United States last April, pleaded guilty to wire fraud and money laundering through business email compromise (BEC). [...]BLEEPINGCOMPUTER.COM