16Articles
5Categories
2023-09-30Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
30 SepNew Critical Security Flaws Expose Exim Mail Servers to Remote AttacksMultiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2…THEHACKERNEWS.COM
30 Sep KEVCISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in AttacksThe flaw, tracked as CVE-2018-14667, was added by CISA on Thursday to its Known Exploited Vulnerabilities (KEV) Catalog, with federal agencies being instructed to apply mitigations or discontinue the use of the product by October 19.SECURITYWEEK.COM
⚠️ VULNERABILITY DISCLOSURE 1[−]
30 SepNew Critical Security Flaws Expose Exim Mail Servers to Remote AttacksThe Exim maintainers and the Zero Day Initiative (ZDI) have experienced delays and communication issues in addressing these vulnerabilities, raising concerns about the handling of security flaws in widely used software.THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 3[−]
30 SepLarge Michigan Healthcare Provider Confirms Ransomware AttackMcLaren HealthCare, one of the largest healthcare systems in Michigan, has confirmed a ransomware attack, potentially impacting patient data and causing disruptions in their computer network.THERECORD.MEDIA
30 SepFBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. CompaniesThe U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the follow…THEHACKERNEWS.COM
30 SepA Closer Look at the Snatch Data Ransom GroupEarlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang's internal operations. Today, we'll take a closer look at the history of Snatch, its alleged founder, and their claims that eve…KREBSONSECURITY.COM
🕵️ THREAT INTELLIGENCE 8[−]
30 SepYou Can't Control Your Data in the Cloudsubmitted by L4s to secops 1 points | 0 comments https://karl-voit.at/cloud/ You Can’t Control Your Data in the Cloud::undefinedKARL-VOIT.AT
30 SepWeekly Update 367Presently sponsored by: EPAS by Detack. No EPAS protected password has ever been cracked and won't be found in any leaks. Give it a try, millions of users use it. Ah, home 😊 It's been more than a month since I've been able to sit at this desk and stream a weekly…TROYHUNT.COM
30 SepAPT34 Deploys Phishing Attack With New Menorah MalwareThe Menorah malware is designed for cyberespionage and possesses capabilities such as machine identification, file reading and uploading, shell command execution, and file downloading.TRENDMICRO.COM
30 SepFBI Warns Energy Sector of Likely Increase in Targeting by Chinese, Russian HackersThe FBI warns that changes in the global energy supply, including US exports of liquefied natural gas and shifts in the crude oil supply chain, are likely to boost the targeting of critical energy infrastructure by Chinese and Russian hackers.THERECORD.MEDIA
30 SepResearchers Extract Sounds From Still Images on Smartphone CamerasA group of academic researchers has devised a technique to extract sounds from still images captured using smartphone cameras with rolling shutters and movable lens structures.SECURITYWEEK.COM
30 SepSimple Netcat Backdoor in Python Script, (Sat, Sep 30th)Why reinvent the wheel&#;x26;#;x3f; We are all lazy and, if we have a tool that offers some interesting capabilities, why not use it&#;x26;#;x3f; I spotted a simple maliciouis Python script targeting Windows hosts. The file …ISC.SANS.EDU
30 SepIranian APT Group OilRig Using New Menorah Malware for Covert OperationsSophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files …THEHACKERNEWS.COM
30 SepRouters have been rooted by Chinese spies US and Japan warnsubmitted by throws_lemy to cybersecurity 2 points | 0 comments https://www.theregister.com/2023/09/27/us_japan_routers/THEREGISTER.COM
📡 INFOSEC NEWS 2[−]
30 SepCloudflare DDoS protections ironically bypassed using CloudflareCloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls. [...]BLEEPINGCOMPUTER.COM
30 SepMicrosoft fixes Outlook prompts to reopen closed windowsMicrosoft has resolved a known issue that caused Outlook Desktop to unexpectedly prompt users to reopen previously closed windows. [...]BLEEPINGCOMPUTER.COM