107Articles
8Categories
2023-09-27Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
27 SepCritical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS ScoreGoogle has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 26[−]
27 SepNew ZeroFont Phishing Tricks Outlook Into Showing Fake AV-ScansThe ZeroFont phishing technique exploits flaws in AI and natural language processing systems to insert hidden words or characters in emails, evading security filters and tricking recipients.BLEEPINGCOMPUTER.COM
27 SepCritical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS ScoreThe vulnerability in libwebp, which stems from an issue in the Huffman coding algorithm, can result in out-of-bounds data writing to the heap when processing specially crafted WebP lossless files.THEHACKERNEWS.COM
27 SepTech Giants Launch Post-Quantum Cryptography CoalitionThe PQC Coalition features Microsoft, IBM Quantum, MITRE, PQShield, SandboxAQ, and the University of Waterloo among its founding members. The goal will be to improve the uptake of PQC in commercial and open-source technologies.INFOSECURITY-MAGAZINE.COM
27 SepWhat’s a cyber incident response retainer and why do you need one?With cyberattacks consistently on the rise, companies must be able to respond and act quickly on all threats to reduce the risks and minimize reputational damages and legal consequences. Damage often snowballs due to the delays and mistakes organizations make handling these cyber…CSOONLINE.COM
27 SepPension Firms Report 4000% Surge in BreachesPension providers reported a staggering quadruple-digit percentage increase in data breaches to the UK regulator last year, according to new data compiled by professional services firm RPC.INFOSECURITY-MAGAZINE.COM
27 SepPhilippines State Health Organization Struggling to Recover From Ransomware AttackThe Philippine Health Insurance Corporation (PhilHealth), which manages the country's universal healthcare system, has been hit by a ransomware attack. The incident forced the organization to shut down several websites and portals.THERECORD.MEDIA
27 SepSysdig unveils cloud attack graph based on real-time threat dataCloud security vendor Sysdig has added a new attack graph to its cloud-native application protection platform (CNAPP). The graph provides real-time cloud attack path analysis and live risk prioritization across assets, users, and activity, according to the firm. Sysdig has also r…CSOONLINE.COM
27 SepCritical Vulnerability in libwebp LibraryBoth Apple and Google have recently reported critical vulnerabilities in their systems—iOS and Chrome, respectively—that are ultimately the result of the same vulnerability in the libwebp library: On Thursday, researchers from security firm Rezillion published evidenc…SCHNEIER.COM
27 SepImmersive Labs adds custom ‘workforce exercising’ for each organizational roleA sudden influx of evolved threats in the last few years has organizations rethink their cyberresilience efforts, and risk-proofing human elements across the board has become ever so relatable. Adding to that viewpoint is the new "workforce exercising" capability Immersive Labs h…CSOONLINE.COM
27 SepGoogle Open Sources Binary File Comparison Tool BinDiffGoogle has released the source code of BinDiff, a binary file comparison tool popular within the security research community, on GitHub. The post Google Open Sources Binary File Comparison Tool BinDiff appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepVoting Equipment Giants Team Up For SecurityWhile certified election systems are regularly tested, this represents the first time that manufacturers have voluntarily opened their systems to third-party scrutiny as part of a vulnerability disclosure process.INFOSECURITY-MAGAZINE.COM
27 Sep KEVApple Security Fixes for iPhone, iPad, Safari, Watch & Sonoma14: Update Now!Apple previously reported three zero-day vulnerabilities exploited in the wild by threat actors, which Apple fixed as part of an Emergency patch update. However, a new security advisory has been released by Apple, which mentions all the security patches and vulnerabilities that A…GBHACKERS.COM
27 SepNSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber ActorsToday, the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA), along with the Japan National Police Agency (NPA) and the Japan National Center of Incident Readiness and Strategy for Cybersecurity…CISA.GOV
27 SepResearchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive DataA novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. "This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data co…THEHACKERNEWS.COM
27 SepWeb app, API attacks surge as cybercriminals target financial servicesWeb application and application programming interface (API) attacks against the global financial services industry grew by 65% in Q2 2023 compared to Q2 2022, accounting for nine billion attacks in 18 months with banks bearing the brunt. That's according to the High Stakes of Inn…CSOONLINE.COM
27 SepNewly Discovered ZenRAT Malware Targets Windows UsersA new malware strain called ZenRAT has emerged in the wild to steal information from Windows systems. It was initially discovered on a website pretending to be associated with the open-source password manager Bitwarden. People should be wary of ads in search engine results as the…CYWARE.COM
27 SepRussian zero-day seller offers $20M for hacking Android and iPhonesA company that acquires and sells zero-day exploits — flaws in software that are unknown to the affected developer — is now offering to pay researchers $20 million for hacking tools that would allow its customers to hack iPhones and Android devices. On Wednesday, Operation Zero a…TECHCRUNCH.COM
27 SepSMS Security & Privacy Gaps Make It Clear Users Need a Messaging UpgradePosted by Eugene Liderman and Roger Piqueras Jover SMS texting is frozen in time. People still use and rely on trillions of SMS texts each year to exchange messages with friends, share family photos, and copy two-factor authentication codes to access sensitive data in their bank …SECURITY.GOOGLEBLOG.COM
27 SepMozilla Releases Security Advisories for Thunderbird and FirefoxMozilla has released security updates to address vulnerabilities for Thunderbird 115.3, Firefox ESR 115.3, and Firefox 118. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla s…CISA.GOV
27 Sep10 new vulnerabilities disclosed by Talos, including use-after-free issue in Google Chromesubmitted by c0mmando to netsec 1 points | 0 comments https://blog.talosintelligence.com/vulnerability-roundup-sept-27-23/ Cisco Talos disclosed 10 vulnerabilities over the past two weeks affecting a range of software, including the popular Google Chrome web browser. Attackers co…TALOSINTELLIGENCE.COM
27 SepChinese Hackers Target Routers in IP Theft CampaignBlackTech Exploits Trusted Relationship Between Outpost and Parent Firm A Chinese hacking group linked to state authorities has upgraded its capabilities to target companies with headquarters in the United States and East Asia, warns an alert from Japanese and American cyber agen…DATABREACHTODAY.CO.UK
27 SepTequila OS 2.0: The first forensic Linux distribution in Latin AmericaIncident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America. IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to w…SECURITYINTELLIGENCE.COM
27 SepMultiple Vulnerabilities in Cisco Catalyst SD-WAN Manager Could Allow for Unauthorized AccessMultiple vulnerabilities have been discovered in Cisco Catalyst SD-WAN Manager, the most severe of which could allow for unauthorized access on the targeted host. Cisco SD-WAN Manager is a centralized network management system. Successful exploitation of the most severe of these …CISECURITY.ORG
27 SepFake Bitwarden sites push new ZenRAT password-stealing malwareFake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security researchers call ZenRAT. [...]BLEEPINGCOMPUTER.COM
27 Sep KEVGoogle fixes fifth actively exploited Chrome zero-day of 2023Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today. [...]BLEEPINGCOMPUTER.COM
📋 SECURITY BULLETINS 1[−]
27 SepMicrosoft Brings Passkeys, Bad Code Protection to Windows 11Microsoft updated Windows 11 on Tuesday to simplify passwordless adoption, protect against malicious code, and have the ability to refresh configuration in the event of tampering.BANKINFOSECURITY.COM
📢 SECURITY ADVISORIES 6[−]
27 SepCISA Publishes Hardware Bill of Materials FrameworkThe US Cybersecurity and Infrastructure Security Agency (CISA) has published new guidance designed to improve the accuracy of risk assessments related to hardware products in the supply chain.INFOSECURITY-MAGAZINE.COM
27 SepCISA Unveils New HBOM Framework to Track Hardware ComponentsCISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products. The post CISA Unveils New HBOM Framework to Track Hardware Components appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepUS and Japan warn of Chinese hackers backdooring Cisco routersA joint cybersecurity advisory by the FBI, NSA, CISA, and the Japanese NISC (cybersecurity) and NPA (police) sheds light on the techniques the Chinese threat actors known as BlackTech use to attack Japanese and U.S. organizations. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 25[−]
27 SepCommonSpirit Details Financial Fallout of $160M CyberattackThe cyberattack on the entity on October 2, 2022, resulted in about $160 million in damages, including lost revenue, remediation costs, and related expenses, not counting insurance recoveries, according to CommonSpirit.BANKINFOSECURITY.COM
27 SepUpdate: Sony Investigating After Hackers Offer to Sell Stolen DataThe majority of the leaked files seem to originate from servers associated with Creators Cloud, and the hackers have not provided evidence that all Sony systems have been compromised.SECURITYWEEK.COM
27 SepCyber Security Today, Sept. 27, 2023 - Hackers are targeting luxury hotels, a Red Cross scam and moreThis episode reports on phishing campaigns against the hospitality sector, a new ransomware operator and moreCYBERSECURITYTODAY.LIBSYN.COM
27 SepHalf of Cyberattacks Go UnreportedA global survey by Keeper Security highlighted the shortcomings in reporting cyberattacks and breaches. It found that 40% of IT and security leaders had experienced a cyberattack, while 74% were concerned about future cybersecurity disasters.INFOSECURITY-MAGAZINE.COM
27 SepUK Logistics Firm Blames Ransomware Attack for Insolvency, 730 RedundanciesThe attack affected key systems and financial information, making it difficult for the company to secure investment and funding, ultimately leading to job losses for hundreds of employees.THERECORD.MEDIA
27 SepMultiple hackers claim responsibility for Sony hackBoth an extortion group and an independent malicious actor have claimed to have launched the cyber attack against SonyCSHUB.COM
27 SepUkraine Cyber Defenders Prepare for WinterUkrainian cyber defenders are girding for an onslaught of cyberattacks against energy and other critical infrastructure sectors as cold weather returns to the country, currently in its second year of fending off a Russian war of conquest.BANKINFOSECURITY.COM
27 SepNew Survey Uncovers How Companies Are Confronting Data Security Challenges Head-OnData security is in the headlines often, and it’s almost never for a positive reason. Major breaches, new ways to hack into an organization’s supposedly secure data, and other threats make the news because well, it’s scary — and expensive. Data breaches, ransomware and malware at…THEHACKERNEWS.COM
27 SepNorth Korean and Chinese Hackers Attacking Healthcare IndustriesHealthcare has been one of the primary industries targeted by threat actors as part of every malware or ransomware campaign. Many Advanced Persistent Threat (APT) actors are from China due to political reasons between China and the United States. These threat actors run their cyb…GBHACKERS.COM
27 Sep‘Snatch’ Ransom Group Exposes Visitor IP AddressesThe victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware g…KREBSONSECURITY.COM
27 SepDarkBeam Leaks Billions of Credentials via Unsecured Elasticsearch and Kibana InterfaceThe leaked data, including email and password pairs, provides cybercriminals with almost limitless attack capabilities, making affected users vulnerable to targeted phishing campaigns.SECURITYAFFAIRS.COM
27 SepUkrainian Military Targeted in Sophisticated Phishing Attack Using Drone ManualsSecuronix is tracking a phishing campaign that’s targeting the Ukrainian military with malware-laden attachments posing as drone instruction manuals. The threat actor is using Microsoft help files (.chm) to deliver the malware.KNOWBE4.COM
27 SepCost of a data breach 2023: Geographical breakdownsData breaches can occur anywhere in the world, but they are historically more common in specific countries. Typically, countries with high internet usage and digital services are more prone to data breaches. To that end, IBM’s Cost of a Data Breach Report 2023 looked at 553…SECURITYINTELLIGENCE.COM
27 SepGitHub repos bombarded by info-stealing commits masked as DependabotHackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers. [...]BLEEPINGCOMPUTER.COM
27 SepCanadian Flair Airlines Leaked MySQL Database Credentials, SMTP Configs, and Other Sensitive DataThe leak consisted of publicly accessible environment files hosted on the airline's website. It included MySQL database credentials, SMTP configuration, and other sensitive information, potentially allowing unauthorized access and phishing attacks.SECURITYAFFAIRS.COM
27 SepThe CISO Carousel and its Effect on Enterprise CybersecurityCISOs often face being used as scapegoats for security incidents, leading to high turnover rates in the role. Lack of board support and prioritization of cybersecurity contributes to CISO churn.SECURITYWEEK.COM
27 SepGem Security Lands $23 Million Series A FundingIsraeli security startup Gem Security has raised a total of $34 million to tackle cloud threat detection and incident response. The post Gem Security Lands $23 Million Series A Funding appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepShadowSyndicate: New RaaS Connected to Multiple Ransomware FamiliesResearchers have discovered the infrastructure linked to a threat group called ShadowSyndicate, believed to have launched attacks using seven distinct ransomware families in the last year. ShadowSyndicate has been identified as using a consistent SSH fingerprint across 85 servers…CYWARE.COM
27 SepBritish charities warn supporters their personal data has been breachedUK charities including Shelter, the RSPCA, the Dogs Trust, Battersea Dogs and Cats Home, and Friends of the Earth have warned their supporters that hackers have stolen their data following a breach at a supplier.GRAHAMCLULEY.COM
27 SepBuilding automation giant Johnson Controls hit by ransomware attackJohnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company's and its subsidiaries' operations. [...]BLEEPINGCOMPUTER.COM
27 SepShadowSyndicate: A New Player in the RaaS LandscapeNew Group Has Connections to Name-Brand Ransomware-as-a-Service Groups An apparently new hacking group has connections to a number of name-brand ransomware-as-a-service groups including Conti spinoffs and possibly Clop, making it a notably versatile addition to the criminal under…DATABREACHTODAY.CO.UK
27 SepOntario perinatal and child registry BORN breachedsubmitted by throws_lemy to cybersecurity 2 points | 0 comments https://www.theregister.com/2023/09/26/ontario_born_moveit_breach/THEREGISTER.COM
27 SepSmashing Security podcast #341: Another T-Mobile breach, ThemeBleed, and farewell Naked SecurityMix TikTok with facial recognition, and you've got a doxxing nightmare, T-Mobile users report bizarre behaviour in their accounts, and a Windows flaw provides a new means of infecting users. All this and much much more is discussed in the latest edition of the "Smashing Security"…GRAHAMCLULEY.COM
27 SepSchool, Hospital Leaders on Front Lines of Ransomware AttackFrom Paying Ransoms to Rebuilding IT Systems, Here's What the Response Looked Like A medical center president and school district IT leader talked to lawmakers Wednesday about lessons learned from their experiences responding to harrowing ransomware attacks. 'The cyberattack was …DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 23[−]
27 SepHong Kong crypto firm hit by $200 million hacksubmitted by throws_lemy to cybersecurity 1 points | 1 comments https://www.reuters.com/technology/hong-kong-crypto-firm-hit-by-200-million-hack-2023-09-25/REUTERS.COM
27 SepISC Stormcast For Wednesday, September 27th, 2023 https://isc.sans.edu/podcastdetail/8676, (Wed, Sep 27th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
27 SepWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 2 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
27 SepNew AtlasCross APT Using Weaponized Word Documents to Deploy MalwareCybersecurity analysts at NSFOCUS Security Labs recently uncovered an unknown phishing-based attack process during threat-hunting.  Apart from this, during their further investigation, they identified two new Trojans and rare attack methods. NSFOCUS Security Labs suspects a …GBHACKERS.COM
27 SepBREAKING NEWS Q&A: What Cisco’s $28 billion buyout of Splunk foretells about cybersecurityThere’s a tiny bit more to Cisco’s acquisition of Splunk than just a lumbering hardware giant striving to secure a firmer foothold in the software business. Related: Why ‘observability’ is rising to the fo re Cisco CEO Chuck Robbins has … (more…)LASTWATCHDOG.COM
27 SepNew GPU Side-Channel Attack Allows Malicious Websites to Steal DataGPUs from AMD, Apple, Arm, Intel, Nvidia and Qualcomm are vulnerable to a new type of side-channel attack named GPU.zip. The post New GPU Side-Channel Attack Allows Malicious Websites to Steal Data appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepBSides St. John's 2023 Livestream (9 hours)submitted by ashar to security_cpe 1 points | 0 comments https://www.youtube.com/live/MyP6s_Vxs3w?si=JZUMQ2fnp7QOgZMx Security BSides St. John’s is a community-organized cybersecurity conference, held in St. John’s, Newfoundland and Labrador, Canada. We’re the longest consecutive…YOUTUBE.COM
27 SepThe Rise of Automotive Hacking: How to Secure Your Vehicles Against HackingThough we can’t see it, the world brims with more technology than ever. These days, devices with internet connectivity live within the ever-growing Internet of Things (IoT)—a worldwide “web” where wireless communication and information technology work together. Since the early 20…GBHACKERS.COM
27 SepmacOS 14 Sonoma Patches 60 VulnerabilitiesmacOS 14 Sonoma has been officially released by Apple and the latest version of the operating system patches over 60 vulnerabilities. The post macOS 14 Sonoma Patches 60 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepWhy BJ Fogg and Daniel Kahneman Are Must-Knows for Every Network Security ProYou're no stranger to the complexities of safeguarding your organization's digital assets. But have you considered the human element in your security equation? Behavioral economics, particularly the work of BJ Fogg and Daniel Kahneman , offers invaluable insights that can elevate…KNOWBE4.COM
27 SepMisconfigured TeslaMate Instances Put Tesla Car Owners at RiskAttackers can find tons of information on Tesla cars and their drivers by searching for misconfigured TeslaMate instances online. The post Misconfigured TeslaMate Instances Put Tesla Car Owners at Risk appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepFirefox 118 Patches High-Severity VulnerabilitiesFirefox 118 patches six high-severity vulnerabilities, including a memory leak potentially leading to sandbox escape. The post Firefox 118 Patches High-Severity Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepStolen GitHub Credentials Used to Push Fake Dependabot CommitsThreat actors have been using stolen GitHub personal access tokens to push malicious code posing as Dependabot contributions. The post Stolen GitHub Credentials Used to Push Fake Dependabot Commits appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepFIDO Alliance certifies security of edge node, IoT devicesThe FIDO Alliance has announced the launch of the FIDO Device Onboard (FDO) certification program to enable edge node and IoT device vendors to prove that their solutions adhere to security and interoperability specifications. Certification allows vendors to demonstrate that thei…CSOONLINE.COM
27 SepLu0Bot Node.js Malware Takes Complete Control Over Victim’s ComputerThrough strategies like polymorphic code, which continuously alters its appearance to prevent detection, as well as employing encryption and obfuscation to disguise its actions, malware is getting more complex and sneaky. Additionally, to infiltrate systems and avoid detection by…GBHACKERS.COM
27 SepRed Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent BackdoorsA new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS Security Labs described the adversary as having a "high technical level and cautious attack…THEHACKERNEWS.COM
27 SepChinese Gov Hackers Caught Hiding in Cisco Router FirmwareThe NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently hop around the corporate networks of U.S. and Japanese companies. The post Chinese Gov Hackers Caught Hiding in Cisco Router Firmw…SECURITYWEEK.COM
27 SepProtecting The Federal Supply Chain - BTS #14In this edition of Below The Surface, we discuss Protecting The Federal Supply Chain with John Loucaides, SVP Strategy at Eclypsium. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! →Full Show Notes: https://securityweek…YOUTUBE.COM
27 SepHow to get persistent reverse shell from Android app without visible permissions to DoS devicesubmitted by L4s to secops 1 points | 0 comments https://www.mobile-hacker.com/2023/09/27/get-persistent-reverse-shell-from-android-app-without-visible-permissions-to-make-device-unusable/ How to get persistent reverse shell from Android app without visible permissions to DoS dev…MOBILE-HACKER.COM
27 SepFDA Finalizes Guidance Just as New Device Cyber Regs Kick InStarting Oct. 1, Agency to Require Secure Dev Framework, Threat Modeling, SBOMs The FDA has issued final guidance on how medical device makers should approach cybersecurity in their products to meet new requirements for including cyber details in their premarket product submissio…DATABREACHTODAY.CO.UK
27 SepNews alert: ACM TechBrief lays out risks, policy implications of generative AI technologiesNew York, NY, Sept. 27, 2023 – ACM, the Association for Computing Machinery has released “ TechBrief: Generative Artificial Intelligence .” It is the latest in the quarterly ACM TechBriefs series of short technical bulletins that present scientifically grounded perspectives ̷…LASTWATCHDOG.COM
27 SepNews alert: DigitalAPICraft and Google partner to simplify development, integration of new appsLondon, UK and Austin, Tex., Sept. 27, 2023 — Organisations around the world are rushing to build API (application programming interface) marketplaces to foster greater connectivity between them and their partners and users. Global spend on API marketplaces is set … (…LASTWATCHDOG.COM
27 SepNews alert: Wisner Baum lawsuit alleges joint spyware scheme by Google, Meta, H&R BlockLos Angeles, Calif., Sept. 27, 2023 — Citing organized crime statutes, attorneys with Wisner Baum have filed the first RICO class action alleging that H&R Block, Meta, and Google jointly schemed to install spyware on the H&R Block site, scraping … (more…)LASTWATCHDOG.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
27 SepXenomorph Android Malware Reappears in a New Campaign Targeting U.S. BanksA new Xenomorph malware campaign was detected in August 2023. It appears to have widened its target scope, including financial institutions and crypto-wallet apps, with each sample aiming at over 100 different targets. This Android malware leverages its Automated Transfer System …CYWARE.COM
27 SepNew ZenRAT Malware Targeting Windows Users via Fake Password Manager SoftwareA new malware strain called ZenRAT has emerged in the wild that's distributed via bogus installation packages of the Bitwarden password manager. "The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web page," enterprise secur…THEHACKERNEWS.COM
27 SepNew AtlasCross Hackers Use American Red Cross as Phishing LureThe group's malware includes trojans named DangerAds and AtlasAgent, with AtlasAgent being a custom C++ trojan that can execute various commands and evade detection by security tools.BLEEPINGCOMPUTER.COM
27 SepModern GPUs vulnerable to new GPU.zip side-channel attackResearchers from four American universities have developed a new GPU side-channel attack that leverages data compression to leak sensitive visual data from modern graphics cards when visiting web pages. [...]BLEEPINGCOMPUTER.COM
27 SepGithub Repositories Bombarded by Info-Stealing Commits Masked as DependabotThe attack involves creating fake commit messages titled "fix" to introduce malware that extracts secrets from targeted repositories and steals passwords from web-form submissions.BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 20[−]
27 SepPolish Privacy Regulator Probes OpenAI's ChatGPTThe complainant alleges that ChatGPT generated false information about them and that OpenAI failed to address their concerns regarding the processing of their personal data, violating GDPR requirements.BANKINFOSECURITY.COM
27 SepNew GPU Side-Channel Attack Allows Malicious Websites to Steal DataThe new attack method, named GPU.zip, was discovered and detailed by representatives of the University of Texas at Austin, Carnegie Mellon University, University of Washington, and University of Illinois Urbana-Champaign.SECURITYWEEK.COM
27 SepCybersecurity firm Lumu raises $30M to detect network intrusionsLumu, a startup that helps enterprises identify and isolate security compromises, today announced that it raised $30 million in a Series B round led by Forgepoint Capital, $6 million of which is debt. Ricardo Villadiego, Lumu’s founder and CEO, says that the new cash will b…TECHCRUNCH.COM
27 SepGem Security raises $23M for its cloud security platformCloud detection and response company Gem Security today announced that it has raised a $23 million Series A round led by GGV Capital, with participation from IBM Ventures, Cisco and Silicon Valley CISO Investments. It was only in February that Gem announced its $11 million seed r…TECHCRUNCH.COM
27 SepWhere Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blogAlmost every home has several gadgets that use the Linux OS. They’re often targeted by attackers. What security measures can you take?KASPERSKY.COM
27 SepAttacks on EMEA Financial Services Double in a YearA new report from Akamai revealed that financial services organizations in the EMEA region suffered around one billion web app and API attacks during the period, with insurance the most attacked sub-sector, accounting for 55% of all web attacks.INFOSECURITY-MAGAZINE.COM
27 SepWhy Palo Alto Is Eyeing Data Defense Firm Dig for $300-$400MDig Security Is Set for a 9-Figure Deal Just 16 Months After Emerging From Stealth A data security startup led by a Microsoft and Google veteran and backed by Samsung and CrowdStrike could soon be acquired by Palo Alto Networks. The company is in advanced talks to buy data securi…DATABREACHTODAY.CO.UK
27 SepMicrosoft now rolling out AI-powered Paint Cocreator to InsidersMicrosoft's new AI image generation Paint tool powered by OpenAI's DALL-E text-to-image model is now rolling out to Windows Insiders in Dev and Canary channels. [...]BLEEPINGCOMPUTER.COM
27 SepISW 2023: A conversation with Dakota State's Stacy KooistraIn this segment from ISW, Dakota State COO and General Counsel Stacy Kooistra talks to Bill Brenner about the university's effort create more cyber warriors.YOUTUBE.COM
27 SepThis startup wants to verify your ID without storing your personal dataAs government and banking services move away from verifying identities in the real world, moving toward online ID verification, several companies have entered the market to solve this problem. A new startup from France is entering the market with a solution that, in theory, shoul…TECHCRUNCH.COM
27 SepSecurity researcher warns of chilling effect after feds search phone at airportA U.S. security researcher is warning of a chilling effect after he was detained on arrival at a U.S. airport, his phone was searched, and was ordered to testify to a grand jury, only to have prosecutors reverse course and drop the investigation later. On Wednesday, Sam Curry, a …TECHCRUNCH.COM
27 SepWhy OT Security Keeps Some Healthcare Leaders Up at NightIt's not just medical device cybersecurity that's keeping some healthcare security leaders up at night - it's also the risks posed by other critical connected gear that patients and clinicians depend upon, said Ali Youssef, director of medical device and emerging tech security at…DATABREACHTODAY.CO.UK
27 SepWhy Palo Alto Is Eyeing Data Defense Firm Dig at $300M-$400MDig Security Is Set for a 9-Figure Deal Just 16 Months After Emerging From Stealth A data security startup led by a Microsoft and Google veteran and backed by Samsung and CrowdStrike could soon be acquired by Palo Alto Networks. The company is in advanced talks to buy data securi…DATABREACHTODAY.CO.UK
27 SepSSH keys stolen by stream of malicious PyPI and npm packagesA stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software developers on the platforms. [...]BLEEPINGCOMPUTER.COM
27 Sep5 of the top programming languages for cybersecurityWhile far from all roles in security explicitly demand coding skills, it’s challenging to envision a career in this field that wouldn’t derive substantial advantages from at least a basic understanding of fundamental coding principlesWELIVESECURITY.COM