98Articles
8Categories
2023-09-29Date
🚨 CISA KEV 2[−]
29 Sep KEVCISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in AttacksCISA has added CVE-2018-14667, an old critical JBoss RichFaces flaw to its known exploited vulnerabilities catalog. The post CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
29 Sep KEVCisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation AttemptsCisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as CVE-2023-20109, and has a…THEHACKERNEWS.COM
29 SepProgress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP ServerProgress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum sev…THEHACKERNEWS.COM
29 SepProgress Software Patches Critical Pre-Auth Flaws in WS_FTP Server ProductThe company identified eight flaws that could be exploited remotely, with two of them (CVE-2023-40044 and CVE-2023-42657) rated as critical due to the risk of pre-authenticated remote command execution attacks.SECURITYWEEK.COM
29 SepHackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to AttacksHackers have set their sights on CVE-2023-34468, an RCE vulnerability in Apache NiFi that impacts thousands of organizations. The post Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
29 SepChromium: CVE-2023-1999 Use after free in libwebpThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
29 SepChromium: CVE-2023-5217 Heap buffer overflow in vp8 encoding in libvpxThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information. Google is aware that an exploit for CVE-2023-5217 exists in…MSRC.MICROSOFT.COM
29 SepChromium: CVE-2023-5186 Use after free in PasswordsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
29 SepChromium: CVE-2023-5187 Use after free in ExtensionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 18[−]
29 Sep KEVCisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation AttemptsThe vulnerability is a result of insufficient validation of attributes in the GDOI and G-IKEv2 protocols, making it possible for an attacker to compromise a key server or modify the configuration of a group member.THEHACKERNEWS.COM
29 SepCyber Security Today, Sept. 29, 2023 - Protect your routers from this attacker, new open source malware packages found, and moreThis episode reports on a China-based group that specializes in hacking branch office routers of major companiesCYBERSECURITYTODAY.LIBSYN.COM
29 SepProgress Software Says Business Impact ‘Minimal’ From MOVEit Attack SpreeWhile the financial consequences for Progress have been minimal so far, potential litigation and class-action lawsuits related to the vulnerability could still have an impact in the future.CYBERSECURITYDIVE.COM
29 SepBudworm Strikes Again: Updated SysUpdate Targets Government and Telecom SectorsThe Budworm APT group is evolving its cyber arsenal. Budworm’s signature technique consists of executing SysUpdate on victims' networks by sideloading the DLL payload using the authentic INISafeWebSSO application - a tactic it has employed since at least 2018. Organizations shoul…CYWARE.COM
29 SepHackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks“The impact of this vulnerability is severe, as it grants attackers the ability to gain unauthorized access to systems, exfiltrate sensitive data, and execute malicious code remotely,” Cyfirma notes in an analysis of the bug and its exploitation.SECURITYWEEK.COM
29 SepNexusflow Raises $10.6m to Build Conversational Interface for Security ToolsBy synthesizing data from various security sources and utilizing natural language commands, Nexusflow aims to revolutionize cybersecurity operations by seamlessly interpreting human instructions and providing insights.TECHCRUNCH.COM
29 SepUK data regulator orders end to spreadsheet FOI requests after serious data breachesThe UK Information Commissioner's Office (ICO) has called for an immediate end to the use of Excel spreadsheets to publish Freedom of Information (FOI) data in the wake of serious data breaches. The data protection regulator issued an advisory notice to all public authorities abo…CSOONLINE.COM
29 SepSplunk Acquisition and The Blob with Allie Mellen - ESW #333This week, we changed things up a bit for the news segment and Allie Mellen joins us as a surprise guest host! We discuss Cisco's Splunk acquisition and what it means for Splunk customers, and "The Blob" - Allie's term describing the negative forces responsible for much of the ov…YOUTUBE.COM
29 SepIronNet Ceases Operations, Terminates All Remaining StaffersEnd Comes Just 25 Months After Threat Detection Firm Went Public At $1.2B Valuation The firm founded by retired four-star Gen. Keith Alexander and once valued at $1.2 billion has officially turned off the lights. IronNet Friday ceased business operations and terminated remaining …DATABREACHTODAY.CO.UK
29 SepGenerative AI Startup Nexusflow Raises $10.6 MillionNexusflow scores funding to build an open-source LLM that can deliver high accuracy when retrieving data from multiple security sources. The post Generative AI Startup Nexusflow Raises $10.6 Million appeared first on SecurityWeek .SECURITYWEEK.COM
29 SepMozilla Releases Security Updates for Multiple ProductsMozilla has released security updates to address a vulnerability affecting Firefox, Firefox ESR, Firefox Focus for Android, and Firefox for Android. A cyber threat actor can exploit this vulnerability to take control of an affected system. CISA encourages users and administrators…CISA.GOV
29 SepExploit released for Microsoft SharePoint Server auth bypass flawProof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. [...]BLEEPINGCOMPUTER.COM
29 SepInside Look: FDA's Cyber Review Process for Medical DevicesMedical device makers in their premarket submissions to the Food and Drug Administration under the agency's new refuse to accept policy for cybersecurity should pay close attention to details such as a product's software bill of materials and vulnerability management, said Jessic…DATABREACHTODAY.CO.UK
29 SepMillions of Exim mail servers exposed to zero-day RCE attacksA critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers. [...]BLEEPINGCOMPUTER.COM
29 SepVulns Found In Another Progress Software File Transfer App'There's a 10-out-10 severity bug you need to patch right now!' Progress Software is again sending customers on a scramble to install emergency patches, this time for its secure FTP server software. The advisory comes months after hackers took advantage of a zero day in the compa…DATABREACHTODAY.CO.UK
29 SepThe Week in Ransomware - September 29th 2023 - Dark AngelsThis week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed. [...]BLEEPINGCOMPUTER.COM
29 SepCrowdStrike Boosts Israeli Startup Ties With AWS PartnershipAWS & CrowdStrike Cybersecurity Startup Accelerator Will Incubate Early-Stage Firms CrowdStrike has joined forces with Amazon Web Services to familiarize themselves with more Israeli cyber startups earlier in their development lifecycle. The Cybersecurity Startup Accelerator will…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 10[−]
29 SepBsides Leeds 2023 - 28 talkssubmitted by ashar to security_cpe 1 points | 0 comments https://administraitor.video/edition/BSides%20Leeds/2023 Bsides Leeds 2023 Schedule 28 recorded talksADMINISTRAITOR.VIDEO
29 SepZero Trust, Auditability and Identity GovernanceTwo years after President Biden's landmark cybersecurity Executive Order, the question remains: How are federal agencies adapting to the new focus on zero trust and identity governance? SailPoint's Frank Briguglio tackles this question with crucial insights into the state of cybe…DATABREACHTODAY.CO.UK
29 SepNIST Publishes Final Version of 800-82r3 OT Security GuideNIST has published the final version of the SP 800-82 Revision 3 guide to operational technology (OT) security. The post NIST Publishes Final Version of 800-82r3 OT Security Guide appeared first on SecurityWeek .SECURITYWEEK.COM
29 SepTech Industry Leaders and White House Clash Over Plan for Improved Cloud SecurityThe industry argues that KYC could cost billions of dollars in administrative costs and raise privacy concerns, while sophisticated hackers would easily work around these requirements.THERECORD.MEDIA
29 SepKuwait isolates some government systems following attack on its Finance Ministrysubmitted by throws_lemy to cybersecurity 1 points | 0 comments https://therecord.media/kuwait-isolates-systems-after-ransomware-attackTHERECORD.MEDIA
29 SepEditors' Panel: What Impact Will Cisco's Splunk Acquisition Have on Industry?Also: OT Security Trends, Challenges; FDA Medical Device Guidance In our latest weekly update, ISMG editors discuss key takeaways from a forum on developing a strategy for OT security, guidance issued by the U.S. Food and Drug Administration on cybersecurity in medical devices, a…DATABREACHTODAY.CO.UK
29 SepCISA and UK NCSC Hold Inaugural Meeting of Strategic Dialogue on Cybersecurity of Civil Society Under Threat of Transnational RepressionThis week, CISA and the United Kingdom’s National Cyber Security Centre (UK-NCSC) held the Strategic Dialogue on Cybersecurity of Civil Society Under Threat of Transnational Repression.CISA.GOV
29 SepROUNDTABLE: CISA’s prominent role sharing threat intel could get choked off this weekendOnce again, politicians are playing political football, threatening a fourth partial government shutdown in a decade. Related: Biden’s cybersecurity strategy As this political theater runs its course one of the many things at risk is national security, particularly on the &…LASTWATCHDOG.COM
🔥 INCIDENT REPORTING 11[−]
29 SepMore than 3.8 billion records exposed in DarkBeam data leakIt has been suggested that the data leak that exposed over 239 million login credentials was caused by human errorCSHUB.COM
29 SepChinese hackers stole emails from US State Dept in Microsoft breach, Senate staffer sayssubmitted by throws_lemy to cybersecurity 2 points | 1 comments https://www.reuters.com/world/us/chinese-hackers-stole-60000-emails-us-state-department-microsoft-hack-senate-2023-09-27/REUTERS.COM
29 SepInfusion Firm Faces Lawsuit After Hackers Hit Parent CompanyThe incident highlights the growing trend of private health data breach lawsuits and the increasing role of the Federal Trade Commission in enforcing health privacy laws.BANKINFOSECURITY.COM
29 SepBooking.com Customers Hit by Phishing Campaign Delivered Via Compromised Hotels AccountsThe phishing attacks are highly convincing, using personalized messages and a meticulously crafted phishing page that mimics the Booking.com interface, leading victims to unknowingly provide their credit card or bank information.PERCEPTION-POINT.IO
29 SepFBI Warns Organizations of Dual Ransomware, Wiper AttacksThe FBI warns organizations of cyberattacks that employ multiple ransomware families or deploy dormant data wipers. The post FBI Warns Organizations of Dual Ransomware, Wiper Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
29 SepJohnson Controls Hit by RansomwareJohnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen 27Tb of information from the company. The post Johnson Controls Hit by Ransomware appeared first on SecurityWeek .SECURITYWEEK.COM
29 SepLazarus hackers breach aerospace firm with new LightlessCan malwareThe North Korean 'Lazarus' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown 'LightlessCan' backdoor. [...]BLEEPINGCOMPUTER.COM
29 SepFBI Warns Organizations of Dual Ransomware, Wiper AttacksAs part of this trend, which was observed in July 2023, the FBI notes in a new private industry notification, threat actors deploy two ransomware variants in close date proximity to one another.SECURITYWEEK.COM
29 SepJohnson Controls Hit By RansomwarePACKETSTORMSECURITY.COM
29 SepCity of Fort Lauderdale, Florida, Taken for $1.2m in Email ScamThe payment, intended for a new police headquarters building, was made to a scammer who posed as the legitimate contractor, Moss Construction. The incident underscores the need for increased cybersecurity measures against business email compromise.STATESCOOP.COM
29 SepCyber Security Today, Week in Review for the week ending Friday, Sept. 28 ,20023This episode features discussion on October Security Awareness Month, ransomware, teenage hackers and the start of hearings into proposed Canadian privacy and AI lawsCYBERSECURITYTODAY.LIBSYN.COM
🕵️ THREAT INTELLIGENCE 27[−]
29 SepUS State Department Says 60,000 Emails Taken in Alleged Chinese HackThe US State Department said that hackers took around 60,000 emails in an attack which Microsoft has blamed on China. The post US State Department Says 60,000 Emails Taken in Alleged Chinese Hack appeared first on SecurityWeek .SECURITYWEEK.COM
29 SepISC Stormcast For Friday, September 29th, 2023 https://isc.sans.edu/podcastdetail/8680, (Fri, Sep 29th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
29 SepBlackTech APT Breaks in Cisco Routers, Targets U.S. and Japanese CompaniesA Chinese state-sponsored APT called BlackTech has been found breaking into network routers to remain undetected and stealthily move across a variety of organizations. BlackTech actors often focus on branch routers (typically smaller appliances used at remote branch offices) and …CYWARE.COM
29 SepAPT34 Deploys Phishing Attack With New MalwareWe observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African gove…TRENDMICRO.COM
29 SepPodcast: How to detect software supply chain attacks with Honeytokens? - Cloud Native Security Series - 20 minutessubmitted by ashar to security_cpe 1 points | 0 comments https://www.cloudsecuritypodcast.tv/videos/how-to-detect-software-supply-chain-attacks-with-honeytokens Software Supply Chain Attacks with Mackenzie Jackson from GitGuardian : Can Honeytokens be used in your supply chain se…CLOUDSECURITYPODCAST.TV
29 SepWifi without internet on a Southwest flightsubmitted by L4s to secops 1 points | 0 comments https://jamesbvaughan.com/southwest-wifi/ Wifi without internet on a Southwest flight:: I spent a recent flight finding out what I could do with an connection to the flight’s wifi, but without access to the internet. I was on my…JAMESBVAUGHAN.COM
29 SepBudworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms OrganizationThe Budworm APT group continues to actively develop its toolset, as evidenced by its recent use of an updated version of its SysUpdate backdoor to target organizations in the Middle East and Asia.SYMANTEC-ENTERPRISE-BLOGS.SECURITY.COM
29 SepCloudflare Users Exposed to Attacks Launched From Within Cloudflare: ResearchersGaps in Cloudflare’s security controls allow users to bypass protections and target others from the platform itself. The post Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers appeared first on SecurityWeek .SECURITYWEEK.COM
29 SepA Key US Government Surveillance Tool Should Face New Limits, a Divided Privacy Oversight Board SaysA sharply divided privacy oversight board is recommending that the FBI and other agencies be required to get court approval before reviewing the communications of U.S. citizens collected through a secretive foreign surveillance program. The post A Key US Government Surveillance T…SECURITYWEEK.COM
29 Sep[Live Demo] Ridiculously Easy Security Awareness Training and PhishingOld-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.KNOWBE4.COM
29 SepLazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace FirmThe North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted company were contacted by…THEHACKERNEWS.COM
29 SepYour KnowBe4 Fresh Content Updates from September 2023Check out the 66 new pieces of training content added in September, alongside the always fresh content update highlights, events and new features.KNOWBE4.COM
29 SepZeroFont Phishing: Hackers Manipulating Font Size to Bypass Office 365 SecurityA new but ancient technique for Phishing emails has been recently identified called ZeroFont Phishing. Threat actors have followed several tactics for sending phishing emails, bypassing all the security mechanisms. However, using this technique, threat actors could bypass Microso…GBHACKERS.COM
29 SepNational Security Agency is Starting an Artificial Intelligence Security CenterThe NSA is starting an artificial intelligence security center — a crucial mission as AI capabilities are increasingly acquired, developed and integrated into U.S. defense and intelligence systems. The post National Security Agency is Starting an Artificial Intelligence Security …SECURITYWEEK.COM
29 SepLazarus APT Lures Employees of Spanish Aerospace Company with Trojanized Coding ChallengesThe attack involved the deployment of a sophisticated backdoor called LightlessCan, which mimics native Windows commands and implements techniques to avoid detection by security monitoring software.WELIVESECURITY.COM
29 SepIn Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty PleaNoteworthy stories that might have slipped under the radar: new RSA encryption attack, Meta’s AI privacy safeguards, and ShinyHunters hackers’ guilty plea. The post In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea appeared first on SecurityWe…SECURITYWEEK.COM
29 SepResearchers Extract Sounds From Still Images on Smartphone CamerasA group of academic researchers devised a technique to extract sounds from still images captured using smartphone cameras with rolling shutter and movable lens structures. The post Researchers Extract Sounds From Still Images on Smartphone Cameras appeared first on SecurityWeek .SECURITYWEEK.COM
29 SepCybercriminals Using New ASMCrypt Malware Loader Flying Under the RadarThreat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the payload itse…THEHACKERNEWS.COM
29 SepNarcBots, Blacktech, ZenRat, Chrome, CISOs, Privacy, More News & Aaran Leyland - SWN #329This week Dr. Doug talks: NarcBots, Blacktech, ZenRat, Chrome, CISO Churn, lots of privacy issues, Aaran Leyland, will Dr. Doug drink the Y3K Special Edition Coke? And more on this edition of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest ep…YOUTUBE.COM
29 SepAWS Using MadPot Decoy System to Disrupt APTs, BotnetsAWS says an internal threat intel decoy system called MadPot has successfully trapped nation state-backed APTs like Volt Typhoon and Sandworm. The post AWS Using MadPot Decoy System to Disrupt APTs, Botnets appeared first on SecurityWeek .SECURITYWEEK.COM
29 SepCritical Progress Bug Infests WS_FTP Softwaresubmitted by IllNess to securitynews 1 points | 0 comments https://www.darkreading.com/cloud/moveit-progress-critical-bug-ws_ftp-softwareDARKREADING.COM
29 SepNSA Stands Up New Organization to Harness AIA US Advantage on AI Should 'Not Be Taken For Granted,' Says NSA Head Paul Nakasone The NSA has set up a new organization to oversee artificial intelligence in national security systems. Dubbed the AI Security Center, the unit will consolidate the agency's AI activities and suppo…DATABREACHTODAY.CO.UK
29 SepSecurity Awareness Is Dead. Long Live Security AwarenessOur actions determine outcomes, not our thoughts, our knowledge, or our intentions.KNOWBE4.COM
29 SepFriday Squid Blogging: Protecting Cephalopods in Medical ResearchFrom Nature : Cephalopods such as octopuses and squid could soon receive the same legal protection as mice and monkeys do when they are used in research. On 7 September, the US National Institutes of Health (NIH) asked for feedback on proposed guidelines that, for the first time …SCHNEIER.COM
29 SepBankrupt IronNet Shuts Down OperationsBankrupt and out of financing options, IronNet has terminated all employees and plan to file for Chapter 7 protection. The post Bankrupt IronNet Shuts Down Operations appeared first on SecurityWeek .SECURITYWEEK.COM
29 SepHow Lazarus impersonated Meta to attack a target in Spain – Week in security with Tony AnscombeDuring the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCanWELIVESECURITY.COM
29 SepLazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace companyWhile analyzing a Lazarus attack luring employees of an aerospace company, ESET researchers discovered a publicly undocumented backdoorWELIVESECURITY.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
29 SepAre You Still Storing Passwords In Plain Text Files?, (Fri, Sep 29th)"Infostealer" malware have&#;x26;#;xc2;&#;x26;#;xa0;been in the wild for a long time now. Once the computer&#;x26;#;39;s victim is infected, the goal is to steal "juicy" information like passwords…ISC.SANS.EDU
29 SepMicrosoft's AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing SitesMalicious ads served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools. The findings come from Malwarebytes, which revealed that unsuspecting users can be tricked into visiting booby-trapped sites an…THEHACKERNEWS.COM
29 SepMalicious Ads Served Inside Bing's AI Chatbot to Infect Victims with MalwareAds are now being inserted into Bing Chat conversations, which poses a risk for users searching for software downloads. Malicious actors can trick users into visiting malicious sites and installing malware.MALWAREBYTES.COM
29 SepZeroFont trick makes users think that message has been scanned for threatsAttackers are using the "ZeroFont" technique to manipulate the preview of a message to suggest it had already been scanned for threats. Read more in my article in the Tripwire State of Security blog.TRIPWIRE.COM
📡 INFOSEC NEWS 18[−]
29 SepNord Security Raises $100M on $3B Valuation to Go After M&AWarburg Pincus, the lead investor in this funding round, sees Nord Security's business model and strategy as well-aligned with the cybersecurity sector, positioning the company for further momentum in the complex market environment.BANKINFOSECURITY.COM
29 SepSecurity Researcher Stopped at US Border for Investigating Crypto ScamThe researcher's role in investigating the scam led to a grand jury subpoena, highlighting the potential legal risks faced by ethical hackers and defenders involved in similar work.BLEEPINGCOMPUTER.COM
29 SepStealing Credentials Through Legitimate Dropbox PagesCybercriminals are using Dropbox to launch phishing attacks. They create a free Dropbox account, share a document with someone, and the recipient receives a legitimate-looking email from Dropbox with a link.AVANAN.COM
29 SepAsian Banks are a Favorite Target of Cybercooks, and Malicious Bots Their Preferred ToolAsia-Pacific is the second-most targeted region for malicious bot requests against financial services, with global hubs Singapore, Australia, and Japan the region's top three most targeted, accounting for the bulk of web application and API attacks.ZDNET.COM
29 SepNSA is Creating a Hub for AI Security, Nakasone SaysThe center will focus on leveraging foreign intelligence insights, developing best practices, and creating risk frameworks to protect against digital attacks and prevent the theft of innovative AI capabilities.THERECORD.MEDIA
29 SepPost-Quantum Cryptography: Finally Real in Consumer Apps?Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping them up tonight. Today, many rely on encryption in their daily lives to protect thei…THEHACKERNEWS.COM
29 SepDiscord is investigating cause of ‘You have been blocked’ errorsMany Discord users attempting to access the popular instant messaging and VoIP social platform today have been met with a scary "Sorry, you have been blocked" message. [...]BLEEPINGCOMPUTER.COM
29 SepRussian Flight Booking System Leonardo Suffers Massive DDoS AttackThe attack caused delays at airports and affected several Russian air carriers, including Aeroflot. The Ukrainian hacktivist group IT Army claimed responsibility for the attack.THERECORD.MEDIA
29 SepBeware of scammers! Dangerous apps in the App Store | Kaspersky official blogDangerous investment-apps in the App Store take users’ personal data and hand it to phone scammers.KASPERSKY.COM
29 SepMisconfigured AWS Storage Bucket of WSBC Leaks 4,600 PassportsThe World Baseball Softball Confederation (WBSC) left a data repository exposed, including sensitive files such as copies of 4,600 national passports, putting individuals at risk of identity theft and other fraudulent activities.SECURITYAFFAIRS.COM
29 SepShinyHunters member pleads guilty to $6 million in data theft damagesSebastien Raoult, a 22-year-old from France, has pleaded guilty in the U.S. District Court of Seattle to conspiracy to commit wire fraud and aggravated identity theft as part of his activities in the ShinyHunters hacking group. [...]BLEEPINGCOMPUTER.COM
29 SepThree men found guilty of laundering $2.5 million in Target gift card tech support scamThree Californian residents have been convicted of laundering millions of dollars tricked out of older adults who had fallen victim to government-imposter and tech support scams. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
29 SepWhat Happens to Government Devices During a Shutdown?Government-issued devices face heightened security risks during a federal shutdown, as furloughed employees are typically restricted from using them, leaving networks and devices vulnerable.NEXTGOV.COM