🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
26 SepAnalysis of CVE-2023-38831 Zero-Day vulnerability in WinRARsubmitted by L4s to secops 1 points | 0 comments https://blog.securelayer7.net/analysis-of-cve-2023-38831-zero-day-vulnerability-in-winrar/ Analysis of CVE-2023-38831 Zero-Day vulnerability in WinRAR::A new WinRAR vulnerability, CVE-2023-38831 could allow attackers to take contro…SECURELAYER7.NET
26 SepCritical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to AttackersA critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as CVE-2023-42793, carries a CVSS …THEHACKERNEWS.COM
26 SepCritical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to AttackersThe flaw, tracked as CVE-2023-42793, carries a CVSS score of 9.8 and has been addressed in TeamCity version 2023.05.4 following responsible disclosure on September 6, 2023.THEHACKERNEWS.COM
26 SepHackers Actively Exploiting Openfire Flaw to Encrypt ServersThe flaw, CVE-2023-32315, allows attackers to bypass authentication and create new admin accounts, enabling them to install malicious Java plugins and execute arbitrary code on compromised servers.BLEEPINGCOMPUTER.COM
26 SepGoogle assigns new maximum rated CVE to libwebp bug exploited in attacksGoogle has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 31[−]
26 SepEvilBamboo Attacking Android & iOS Devices With Custom MalwareEvilBamboo, formerly known as “Evil Eye,” has been found to target Tibetan, Uyghur, and Taiwanese organizations and individuals. This threat actor was mentioned as conducting custom Android malware campaigns in September 2019. In April 2020, EvilBamboo was discovered to be attack…GBHACKERS.COM
26 SepWhat is WorldCoin’s proof-of-personhood system?In one of the strangest and most eye-catching projects to emerge in recent times, WorldCoin has set out to create a universal proof-of-personhood system. WorldCoin's World ID project combines blockchain, AI and custom hardware--a distinctive orb-shaped biometric device--into a sy…CSOONLINE.COM
26 SepPreparing for the post-quantum cryptography environment todayThe thought of quantum computing may elicit a shrug from many a CISO who has enough on their plate already and has decided that's an issue for the future. My take: get into the conversation, as it is your entity that will be affected sooner or later when post-quantum cryptography…CSOONLINE.COM
26 SepSickKids impacted by BORN Ontario data breach that hit 3.4 millionThe Hospital for Sick Children, more commonly known as SickKids, is among healthcare providers that were impacted by the recent breach at BORN Ontario. The top Canadian pediatric hospital disclosed that as a part of its operations, it shares personal health information with BORN …BLEEPINGCOMPUTER.COM
26 SepSignal Will Leave the UK Rather Than Add a BackdoorTotally expected, but still good to hear : Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country’s recently passed Online…SCHNEIER.COM
26 SepProduct Leasing Giant Warns That Sensitive Information was Stolen During CyberattackThe company has engaged cybersecurity experts and law enforcement to investigate the incident and is taking steps to notify affected individuals and regulatory authorities.THERECORD.MEDIA
26 SepBinDiff: Open-Source Comparison Tool for Binary FilesThe latest release includes various updates such as support for IDA Pro 8.3, improvements in handling functions without names, and faster Abseil maps in the differ engine. BinDiff is available for download on GitHub.HELPNETSECURITY.COM
26 SepA tale about a Red Team exercise and the Forcepoint Endpoint One DLP client - vsocietysubmitted by L4s to secops 1 points | 0 comments https://www.vicarius.io/vsociety/posts/a-tale-about-a-red-team-exercise-and-the-forcepoint-endpoint-one-dlp-client-1 A tale about a Red Team exercise and the Forcepoint Endpoint One DLP client - vsociety::Introduction I was prepari…VICARIUS.IO
26 SepChinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year CampaignSocial engineering attacks mounted by the adversary make use of Microsoft CHM file lures to drop a custom variant of an open-source Visual Basic Script backdoor called ReVBShell, which subsequently serves to deploy the Bisonal remote access trojan.THEHACKERNEWS.COM
26 SepEssential Guide to Cybersecurity ComplianceSOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert’s head spin. If you’re embarking on your compliance journey, read on to discover the differences between standards, which is best …THEHACKERNEWS.COM
26 SepCISOs are struggling to get cybersecurity budgets: ReportAfter years of rapid growth, cybersecurity spending is starting to taper among enterprises, with a 65% fall in budget growth in the 2022-2023 budget cycle as global instability and inflationary pressures start to pinch, according to a study by IANS Research. The study that survey…CSOONLINE.COM
26 SepBaffle releases encryption solution to secure data for generative AISecurity company Baffle has announced the release of a new solution for securing private data for use with generative AI. Baffle Data Protection for AI integrates with existing data pipelines and helps companies accelerate generative AI projects while ensuring their regulated dat…CSOONLINE.COM
26 SepMillions Of Newborn Registry Records Were Compromised In A MOVEit Data BreachThe Progress MOVEit software’s vulnerability resulted in a cybersecurity breach that affected BORN (the Better Outcomes Registry & Network), which gathers data on pregnancies, births, the postpartum period, and childhood. Unauthorized copies of files containing sen…GBHACKERS.COM
26 SepWhy the public sector is an easy target for ransomwareWe’re on track for 2023 to be a record breaking year for ransomware attacks targeting the U.S. public sector. These attacks, which includes both traditional encrypt-and-extort and newer data theft-only attacks, know the public sector is an easy target: It’s no secret that l…TECHCRUNCH.COM
26 SepHackers actively exploiting Openfire flaw to encrypt serversHackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers. [...]BLEEPINGCOMPUTER.COM
26 SepCan we fix the weaknesses in password-based authentication?There are inherent weaknesses to password-based authentication. Learn more from Specops Software on measures we can enforce to minimize these weaknesses and prevent corporate breaches. [...]BLEEPINGCOMPUTER.COM
26 SepStratascale Acquires VECTOR0 To Strengthen Its Cybersecurity ServicesThrough the acquisition, Stratascale professionals and their customers gain visibility of attack vectors and points of vulnerability, enhancing Stratascale’s ability to deliver proactive cybersecurity services.HELPNETSECURITY.COM
26 SepHow an integrated platform approach improves OT securityOT has become a ticking security time bomb. The majority of OT environments use outdated protocols and systems that are vulnerable to attack and have insufficient security. Industrial settings that were previously designed to run in siloed networks are now connected to the intern…CSOONLINE.COM
26 Sep KEVEquifax's Breach, CISA's 1,000 Vulns, Rust's TLS Library, Complexity vs. Design - ASW #256A stroll back through the Apache Struts breach of Equifax, CISA's list of Known Exploited Vulnerabilities, Rust's replacement for OpenSSL, Go no longer throws programmers for a loop, complexity vs. design (that leads to better security). Visit https://www.securityweekly.com/asw f…YOUTUBE.COM
26 SepSupply Chain Security Security with Containers and CI/CD Systems - Kirsten Newcomer - ASW #256Supply chain has been a hot topic for a few years now, but so many things we need to do for a secure supply chain aren't new at all. We'll cover SBOMs, vuln management, and putting together a secure pipeline. Segment resources: - https://www.solarwinds.com/assets/solarwinds/swres…YOUTUBE.COM
26 SepLondon Cybersecurity Summit Spotlights AI and RansomwareExperts Emphasize Proactive Security Measures and Resilience to Mitigate Threats Information Security Media Group recently concluded its Cybersecurity Summit: London, which brought together industry leaders for a day of informative sessions covering a diverse range of critical cy…DATABREACHTODAY.CO.UK
26 SepCISA Releases Six Industrial Control Systems AdvisoriesCISA released six Industrial Control Systems (ICS) advisories on September 26, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-269-01 Suprema BioStar 2 ICSA-23-269-02 Hitachi Energy Asset Suit…CISA.GOV
26 SepGoogle Chrome use-after-free Vulnerability Leads to Remote AttackGoogle Chrome has been recently discovered to be a Use-after-free vulnerability that threat actors can exploit to attack users. This vulnerability exists in the Google Chrome VideoEncoder, which can be triggered using a malicious web page. However, Google Chrome version 113.0.567…GBHACKERS.COM
26 SepCloud Threat Visibility: High-fidelity Forensics Plus Exposure ManagementWhy are we seeing a re-emergence of the demand for packet and flow-based forensic data in cloud environments? In this session, we’ll discuss three reasons why IT leaders still need the same if not even better visibility in the cloud than they have in their data centers. We’ll als…YOUTUBE.COM
26 SepUkraine Cyber Defenders Prepare for WinterRussian Hackers Target Energy, Law Enforcement Sectors Ukrainian cyber defenders are girding for an onslaught of cyberattacks against the energy sector as cold weather returns. That warning comes as Kyiv has observed Russian state hackers also stepping up attacks against law enfo…DATABREACHTODAY.CO.UK
26 SepMicrosoft Brings Passkeys, Bad Code Protection to Windows 11Windows 11 Now Offers Passwordless Authentication, Config Refresh, Policy Control Microsoft updated Windows 11 on Tuesday to simplify passwordless adoption, protect against malicious code and have the ability to refresh configuration in the event of tampering. Updates to Windows …DATABREACHTODAY.CO.UK
26 SepSources: Palo Alto in advanced talks to buy Talon and Dig in a $1B security sweepPalo Alto Networks’ stock price has been on the rise on the back of strong earnings and growing demand for cybersecurity services, and now the company is using that momentum to do a little shopping. TechCrunch has confirmed with multiple sources that Palo Alto is in advance…TECHCRUNCH.COM
26 SepPeople's Republic of China-Linked Cyber Actors Hide in Router FirmwareExecutive Summary The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and St…CISA.GOV
26 SepCan open-source software be secure?Or, is mass public meddling just opening the door for problems? And how does open-source software compare to proprietary software in terms of security?WELIVESECURITY.COM
26 SepNew security features in Windows 11 protect users and empower ITWindows 11 is designed to simplify security with features from the chip to the cloud that are on by default. Since its launch, we’ve seen a 58 percent reduction in security. Learn more about the new features. The post New security features in Windows 11 protect users and empower …MICROSOFT.COM
📋 SECURITY BULLETINS 1[−]
26 SepCISA Urges Americans to Apply MFA, 'Think Before They Click'Director Jen Easterly: Password Managers, Automatic Software Updates Key to Defense CISA Director Jen Easterly urged citizens to boost their defenses by choosing strong passwords, opting for multi-factor authentication, reporting phishing and enabling automatic software updates. …DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 10[−]
26 SepKuwait Isolates Some Government Systems Following Attack on its Finance MinistryThe attack started on September 18, and officials immediately took steps to isolate and shut down affected systems. The Ministry of Finance assured that payment and payroll systems were on a separate network and that workers would be paid.THERECORD.MEDIA
🔥 INCIDENT REPORTING 22[−]
26 Sep‘All Of Sony Systems’ Allegedly Hacked by New Ransomware GroupA new gang on the dark web, known as Ransomed.vc, claims to have breached all of Sony's systems in a ransomware attack. The hackers allegedly uncovered screenshots, internal documents, and thousands of files, some of which are in Japanese.KOTAKU.COM
26 SepShadowSyndicate hackers linked to multiple ransomware ops, 85 serversSecurity researchers have identified infrastructure belonging to a threat actor now tracked as ShadowSyndicate, who likely deployed seven different ransomware families in attacks over the past year. [...]BLEEPINGCOMPUTER.COM
26 SepUpdate: Data Breach Toll Tied to Clop Group's MOVEit Attacks SurgesSecurity firm Emsisoft on Friday estimated that at least 2,054 organizations have been affected by the MOVEit software attacks. That's a sharp rise from one week ago when its count of affected organizations stood at about 1,190.HEALTHCAREINFOSECURITY.COM
26 SepUpdate: MGM Resorts Warns Customers of Fraud as It Faces Class Action LawsuitsMGM Resorts is facing class action litigation in two separate lawsuits filed in U.S. District Court in Nevada in connection with the cyberattack launched against the company earlier this month.CYBERSECURITYDIVE.COM
26 SepRANSOMEDVC Ransomware Group Claims Breach of Sony Corporationsubmitted by throws_lemy to cybersecurity 1 points | 0 comments https://www.hackread.com/ransomedvc-ransomware-group-sony-cyberattack/HACKREAD.COM
26 SepHands-on Threat Simulations: Empower Cybersecurity Teams to Confidently Combat ThreatsCybersecurity teams must prioritize developing their defense skills to effectively identify and stop potential cyberattacks, as automated technologies cannot detect every threat.HELPNETSECURITY.COM
26 SepThreat Actors Actively Using Remote Management Tools to Deploy RansomwareThe threat actors have been spotted increasingly depending on Remote Management and Monitoring (RMM) tools, which resulted in a relatively botched Hive ransomware distribution. The original payload consisted of an executable file disguised as a legitimate document. Accordin…GBHACKERS.COM
26 SepBalancing Cybersecurity With Convenience and ProgressOrganizations must find a balance between excessive cybersecurity measures that hinder progress and relaxed measures that can lead to serious incidents with potentially greater negative impacts.HELPNETSECURITY.COM
26 SepCurrent Ransomware Defensive Efforts are not WorkingAccording to SpyCloud, info-stealer malware, such as Raccoon, Vidar, and Redline, is a common precursor to ransomware attacks, with 76% of infections involving Raccoon info-stealer malware.HELPNETSECURITY.COM
26 SepUpdate: Royal Lurked in Dallas’ Systems Weeks Before Ransomware AttackThe Royal ransomware group infiltrated Dallas' systems, surveilled and exfiltrated data for a month before launching a ransomware attack, causing widespread disruption to critical city services.CYBERSECURITYDIVE.COM
26 SepSony Investigating After Hackers Offer to Sell Stolen DataSony has launched an investigation after a ransomware group claimed to have compromised all systems and offered to sell stolen data. The post Sony Investigating After Hackers Offer to Sell Stolen Data appeared first on SecurityWeek .SECURITYWEEK.COM
26 SepShadowSyndicate Hackers Linked to Multiple Ransomware Operations, 85 ServersShadowSyndicate is believed to be an initial access broker (IAB) or an affiliate working with multiple ransomware operations, including Quantum, Nokoyawa, BlackCat/ALPHV, Clop, Royal, Cactus, and Play, based on evidence found by researchers.BLEEPINGCOMPUTER.COM
26 SepUber CISO Trial Learnings for CISOs: In the CISO's Own Words - Joe Sullivan - CSP #141In the Fall, 2016, Uber experienced a data breach, and the CISO faced the possibility of prison time for felony obstruction and misprison for failure to report the 2016 breach. He was sentenced in May, 2023 to 3 years’ probation. Join the former CISO of Uber as we discuss the eve…YOUTUBE.COM
26 SepDecade Worth of Newborn Child Registry Data Stolen in MOVEit Hack at BORN OntarioThe stolen data includes names, addresses, health card numbers, and clinical information related to fertility, pregnancy, newborn, and child healthcare, with potential impacts on individuals from January 2010 to May 2023.TECHCRUNCH.COM
26 SepSmishing Triad Stretches its Tentacles into the United Arab Emirates"Smishing Triad" is leveraging compromised Apple iCloud accounts and illegally obtained databases containing personally identifiable information (PII) to carry out their attacks.SECURITYAFFAIRS.COM
26 SepShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware FamiliesCybersecurity experts have shed light on a new cybercrime group known as ShadowSyndicate (formerly Infra Storm) that may have leveraged as many as seven different ransomware families over the past year. "ShadowSyndicate is a threat actor that works with various ransomware groups …THEHACKERNEWS.COM
26 SepExiled Russian journalist claims “European state” hacked her iPhone with Pegasus spywareThe founder of a news outlet outlawed in Russia for its independent reporting and stance on the war in Ukraine, believes that a country in the European Union was behind the hacking of her iPhone with military-grade spyware. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
26 SepALPHV Ransomware Group Targets Clarion, Phil-Data Business Systems, and MNGI Digestive HealthThe ALPHV ransomware group, also known as the BlackCat hacker collective, has recently targeted three new victims in their cyberattacks. The group has demonstrated adaptability and employed advanced technical methods in their attacks.THECYBEREXPRESS.COM
26 SepSony investigates breach claims as hackers fight over who's responsibleSony says that it is investigating allegations of a cyberattack this week as different hackers have stepped up to claim responsibility for the purported hack. Thus far, over 3.14 GB of uncompressed data, allegedly belonging to Sony, has been dumped on hacker forums. [...]BLEEPINGCOMPUTER.COM
26 SepSony investigates cyberattack as hackers fight over who's responsibleSony says that it is investigating allegations of a cyberattack this week as different hackers have stepped up to claim responsibility for the purported hack. Thus far, over 3.14 GB of uncompressed data, allegedly belonging to Sony, has been dumped on hacker forums. [...]BLEEPINGCOMPUTER.COM
26 SepSony Investigating Potential Data BreachTwo Online Threat Actors Claim Responsibility Sony is investigating an apparent leak of internal data posted onto the dark web and a criminal hacking board by separate criminal actors. Sony is saying little other than "we are currently investigating the situation, and we have no …DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 29[−]
26 SepAdvice about encrypting docker images before pushing to container registry?submitted by danhab99 to cybersecurity 1 points | 0 comments I’ve been thinking, private container registries are cool but I kind of don’t completely trust GitHub and their free container registries that almost let me store infinite data (can’t recall the TOS rn sry), and kuberne…INFOSEC.PUB
26 SepChinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year CampaignA "multi-year" Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations. Recorded Future's Insikt Group, which is tracking the activity under the moniker TAG-74, said the adversary has been linked …THEHACKERNEWS.COM
26 SepTraining Tuesday - Discussions for certs, training and learning-at-homesubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss industry certifications, trainings and other courses/learning. Ask questions, share your experiences and help others!INFOSEC.PUB
26 SepThreat Report: The High Tech Industry Targeted the Most with 46% of NLX-Tagged Attack TrafficHow To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization’s threat response Summary of Findings The Network Effect Threat Report offers…THEHACKERNEWS.COM
26 SepThe CISO Carousel and its Effect on Enterprise CybersecurityCISO churn is a hidden cybersecurity threat. Major security initiatives or implementations can take longer than the residency of a single CISO, and constant churn can leave cracks or gaps in security. The post The CISO Carousel and its Effect on Enterprise Cybersecurity appeared …SECURITYWEEK.COM
26 SepXenomorph Android Banking Trojan Targeting Users in US, CanadaThe Xenomorph Android banking trojan can now mimic financial institutions in the US and Canada and is also targeting crypto wallets. The post Xenomorph Android Banking Trojan Targeting Users in US, Canada appeared first on SecurityWeek .SECURITYWEEK.COM
26 Sep$200 Million in Cryptocurrency Stolen in Mixin Network HackMixin Network suspends deposits and withdrawals after hackers steal $200 million in digital assets from its centralized database. The post $200 Million in Cryptocurrency Stolen in Mixin Network Hack appeared first on SecurityWeek .SECURITYWEEK.COM
26 SepISC Stormcast For Tuesday, September 26th, 2023 https://isc.sans.edu/podcastdetail/8674, (Tue, Sep 26th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
26 SepSandman APT Brings LuaDream, Targets Telcos in Middle EastSentinelOne found the Sandman APT group targeting telecommunications companies in the Middle East, Western Europe, and South Asia using a novel backdoor called LuaDream. The researchers noted that the campaign began in August and demonstrates advanced tactics. With this, the…CYWARE.COM
26 SepThe Growing Risks of Shadow IT and SaaS SprawlIn today’s fast-paced digital landscape, there is no shortage of apps and Software-as-a-Service (SaaS) solutions tailored to meet the diverse needs of businesses across different industries. This incredible array of options has revolutionized how we work, providing cost-eff…SECURITYINTELLIGENCE.COM
26 SepCyberheistNews Vol 13 #39 How Chinese Bad Actors Infected Networks With Thumb Stick MalwareKNOWBE4.COM
26 SepPractical Insights To Improve Security Awareness in Higher EducationI am a strong believer that understanding cybersecurity as part of an organization-wide process is of the utmost importance.KNOWBE4.COM
26 SepDeepfakes: The Threat to Reality and How To Defend Against ItDeepfakes have emerged as a serious concern in the digital landscape, presenting a significant threat to truth and trust.KNOWBE4.COM
26 SepUAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ BackdoorUAE-linked APT group Stealth Falcon has used the new Deadglyph backdoor in an attack targeting a governmental entity in the Middle East. The post UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor appeared first on SecurityWeek .SECURITYWEEK.COM
26 SepNew AtlasCross hackers use American Red Cross as phishing lureA new APT hacking group named 'AtlasCross' targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware. [...]BLEEPINGCOMPUTER.COM
26 SepMicrosoft Adding New Security Features to Windows 11Microsoft announced that the latest Windows 11 update (23H2) will bring more support for passkeys and several new security features. The post Microsoft Adding New Security Features to Windows 11 appeared first on SecurityWeek .SECURITYWEEK.COM
26 SepY3000, Sandman, ShadowSyndicate, MoveIt, Apple, Predator, More News, and Jason Wood - SWN #328The Year 3000, Sandman, ShadowSyndicate, National Student Clearing House, Apple, Predator, Xenomorph, Mixin, More News, and Jason Wood on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-328YOUTUBE.COM
26 SepCoding the Future: A DevOps Odyssey – Pioneering Automation, Innovation, and CollaborationDATABREACHTODAY.CO.UK
26 Sep KEVSecure Ideas: A conversation with Kevin Johnson - Kevin Johnson - ISW23 #2In this ISW interview, CRA's Bill Brenner catches up with Kevin Johnson of Secure Ideas for a chat about application security. Show Notes: https://securityweekly.com/isw23-2YOUTUBE.COM
26 SepUK's AI Safety Summit to Focus on Risk and GovernanceTopics at First-Ever Summit to Include AI Cybersecurity and Nation-State Threats The British government's first-ever global summit on artificial intelligence will focus on mitigating cybersecurity and safety risks tied to the emerging technology. The AI Safety Summit planned for …DATABREACHTODAY.CO.UK
26 SepUS Federal Shutdown 'Dangerous and Irresponsible'A Shutdown 'Will Impact Our Ability to Do Our Job,' Says Deputy AG Lisa Monaco A U.S. federal government shutdown would have "immeasurable" damaging effects on the federal government's ability to fight cyberthreats, a top official said Tuesday amid forewarnings that the country s…DATABREACHTODAY.CO.UK
26 SepGetting Real with AI: Ways to get real efficiencies and benefits from AIThere's a lot of talk about AI, especially with the rise of apps like ChatGPT. Despite there being a huge amount of hype, there are legitimately practical applications for leveraging AI concepts in meaningful ways to improve the efficiency and effectiveness of your cybersecurity …YOUTUBE.COM
26 SepEnding Point Solutions - Why Consolidation is the Winning Mindset for Security→Subscribe to our podcasts: https://securityweekly.com/subscribe →Join our community Discord: https://securityweekly.com/discord #SecurityWeekly #Cybersecurity #InformationSecurityYOUTUBE.COM
26 SepUS, South Korea Pledge Strengthened Tech CollaborationOfficials Discuss Governance for AI, 5G, Cloud Computing The United States and South Korea reaffirmed a commitment to mitigate the risks in technologies including AI, 5G networks and cloud computing, while developing an "inclusive approach" to govern their use. The two countries …DATABREACHTODAY.CO.UK
26 SepXenomorph Android Malware Campaign Targets US BanksEnhanced Malware Exerts Even More Control Over Mobile Devices Android banking Trojan Xenomorph has resurfaced in a new campaign targeting cryptocurrency wallets and various financial institutions. The malware has been actively targeting users in Europe for more and is now focused…DATABREACHTODAY.CO.UK
26 SepArtificial Intelligence — Beyond the AlgorithmsYoni Allon, VP Research, to discuss how Palo Alto Networks leverages artificial intelligence (AI) to enhance cybersecurity in our SOC. The post Artificial Intelligence — Beyond the Algorithms appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
26 SepNews Alert: i2Coalition launches ‘VPN Trust Initiative’ to promote VPN operators’ best practicesWashington, DC, Sept.26, 2023 — The Internet Infrastructure Coalition (i2Coalition) launched the VPN Trust Initiative (VTI) in 2020 to establish a baseline for how virtual private network (VPN) providers should operate. The goal is to help avoid oversights, misunderstanding…LASTWATCHDOG.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
26 SepZenRAT Malware Brings More Chaos Than CalmZenRAT is a new malware targeting Windows users and being distributed via fake Bitwarden installation packages. The malware redirects non-Windows users to a benign webpage while stealing information from Windows users.PROOFPOINT.COM
26 SepXenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial InstitutionsAn updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric, leverages phishing web pages that are designed to entice victims into installing mal…THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
26 SepFound: Live from TechCrunch Disrupt with cybersecurity trailblazer Window Snyder from Thistle TechnologiesWelcome back to Found, the podcast where we get the stories behind the startups.TECHCRUNCH.COM
📡 INFOSEC NEWS 20[−]
26 SepA new spin on the ZeroFont phishing technique, (Tue, Sep 26th)Last week, I came across an interesting phishing e-mail, in which a text written in a font with zero-pixel size was used in quite a novel way.
ISC.SANS.EDU
26 SepUpdate on Naked SecurityTo consolidate all of our security intelligence and news in one location, we have migrated Naked Security to the Sophos News platform.NAKEDSECURITY.SOPHOS.COM
26 SepUpdate on Naked SecurityTo consolidate all of our security intelligence and news in one location, we have migrated Naked Security to the Sophos News platform.SOPHOS.COM
26 SepDespite Rising Insider Risk Costs, Budgets are Being Wasted in the Wrong PlacesThe cost of insider risks for organizations is at an all-time high, with the average annual cost reaching $16.2 million, a 40% increase in four years, according to DTEX Systems.HELPNETSECURITY.COM
26 SepHunter Biden Sues Rudy Giuliani And Former Attorney, Alleging They Tried To Hack His DevicesPACKETSTORMSECURITY.COM
26 SepPanel Discussion | Proactive vs Reactive: Why Using GenAI Needs to be Part of A Proactive Security StrategyDATABREACHTODAY.CO.UK
26 SepContext-sensitive defenses in Sophos EndpointSophos continues to deliver innovative new protection to guard customers from attack.SOPHOS.COM
26 SepSophos Firewall v20 Early AccessSophos Firewall v20 EAP1 is a fully supported upgrade from any previous supported firmware version.SOPHOS.COM
26 SepHow to properly store your user passwords | Kaspersky official blogHow to store your user passwords to prevent their leakage and subsequent use by attackers — even in the event of a successful hack.KASPERSKY.COM
26 SepCybersecurity Awareness Month 2023: 4 Actionable TipsMake Cybersecurity Awareness Month a year-long initiative with these three actionable security tips to reduce cyber risk across the attack surface.TRENDMICRO.COM
26 SepWindows 11 22H2 adds a built-in passkey manager for Windows HelloToday's Windows 11 update includes several security improvements, including a new passkeys management dashboard designed to help users go passwordless more easily and tools to reduce the attack surface. [...]BLEEPINGCOMPUTER.COM
26 SepWindows 11 ‘Moment 4’ update released, here are the many new featuresMicrosoft has released the Windows 11 22H2 'Moment 4' update, bringing 150 new features, including new AI-powered versions of Paint, ClipChamp, Snipping tool, and the new Microsoft Copilot. [...]BLEEPINGCOMPUTER.COM
26 SepMicrosoft is Rolling out Support for Passkeys in Windows 11Microsoft is officially rolling out support for passkeys in Windows 11 today as part of a major update to the desktop operating system. The feature allows users to login to websites and applications without having to provide a username and password, instead relying on their devic…THEHACKERNEWS.COM
26 SepWindows 11 KB5030310 preview update released with 26 fixesMicrosoft has released the September 2023 preview update for Windows 11, version 22H2, which adds frequently visited websites to the Start menu and addresses 24 issues. [...]BLEEPINGCOMPUTER.COM
26 SepWindows 11 23H2 now rolling out to Release Preview InsidersMicrosoft has started rolling out the next major version of its operating system, Windows 11 23H2, to Insiders enrolled in the Release Preview Channel for enterprise testing before the general release later this year. [...]BLEEPINGCOMPUTER.COM
26 SepWindows 11 KB5030310 update adds recommended websites, fixes 24 issuesMicrosoft has released the September 2023 preview update for Windows 11, version 22H2, which adds frequently visited websites to the Start menu and addresses 24 issues. [...]BLEEPINGCOMPUTER.COM
26 SepWindows 11's new ‘Never Combine’ icons feature is almost usableAfter almost three years, Microsoft has finally added the 'Never combine taskbar button' back to Windows, and it still doesn't work correctly. [...]BLEEPINGCOMPUTER.COM
26 SepNew ZeroFont phishing tricks Outlook into showing fake AV-scansHackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned by security tools in Microsoft Outlook. [...]BLEEPINGCOMPUTER.COM
26 SepApple Releases MacOS Sonoma Including Numerous Security Patches, (Tue, Sep 26th)As expected, Apple today released macOS Sonoma (14.0). This update, in addition to new features, provides patches for about 60 different vulnerabilities. Older MacOS versions received updates addressing these vulnerabilities last week with the MacOS 13.6. When these updates were …ISC.SANS.EDU
26 SepISW 2023: Taking on the talent gap, InfoSec burnoutDeidre Diamond, founder & CEO of CyberSN, talks about her efforts to address InfoSec burnout and the skills shortage impacting the industry.YOUTUBE.COM