🚨 CISA KEV 1[−]
4 Oct KEVCISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVsCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation: CVE-2023-42793 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability CVE-2023-28229 Microsoft Windows CNG Key Isolation Service Privilege Escalation…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
4 OctArm, Qualcomm warn GPU drivers are likely being exploited by hackerssubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/arm-qualcomm-warn-gpu-drivers-exploited The British semiconductor designer Arm and U.S. chip manufacturer Qualcomm issued separate warnings Monday that hackers are likely exploiting multiple vulnerabili…THERECORD.MEDIA
4 OctHackers seen exploiting bugs in browsers and popular file transfer toolsubmitted by c0mmando to netsec 2 points | 0 comments https://therecord.media/libvpx-ws-ftp-vulnerabilities-browsers-file-transfer-tool A vulnerability affecting a widely used tool embedded in web browsers and a separate bug in a popular file transfer tool are being exploited by …THERECORD.MEDIA
4 OctQualcomm Releases Patch for Three New Zero-Days Under Active Exploitation"There are indications from Google Threat Analysis Group and Google Project Zero that CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063 may be under limited, targeted exploitation," the semiconductor company said in an advisory.THEHACKERNEWS.COM
4 OctLooney Tunables: New Linux Flaw Enables Privilege Escalation on Major DistributionsA new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges. Tracked as CVE-2023-4911 (CVSS s…THEHACKERNEWS.COM
4 OctNew critical AI vulnerabilities in TorchServe put thousands of AI models at riskA trio of critical security issues were identified in TorchServe, an open source package for serving and scaling PyTorch models in production, that could lead to an attacker executing arbitrary codes on the affected systems. Combinedly called ShellTorch, as coined by Oligo Securi…CSOONLINE.COM
4 OctSevere Glibc Privilege Escalation Vulnerability Impacts Major Linux DistributionsA local privilege escalation vulnerability (CVE-2023-4911) in the GNU C Library (glibc) can be exploited to gain full root privileges. The post Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions appeared first on SecurityWeek .SECURITYWEEK.COM
4 OctX.Org Hit By New Security Vulnerabilities - Two Date Back To 1988 With X11R2submitted by c0mmando to netsec 1 points | 1 comments https://www.phoronix.com/news/XOrg-Vulnerabilities-Since-1988 cross-posted from: lemmy.ndlug.org/post/250846 Made public today was CVE-2023-43785 as an out-of-bounds memory access within the libX11 code that has been around si…PHORONIX.COM
4 OctSeverity HIGH security problem to be announced with curl 8.4.0 on Oct 11 (CVE-2023-38545) · curl/curl · Discussion #12026submitted by c0mmando to netsec 1 points | 0 comments https://github.com/curl/curl/discussions/12026 cross-posted from: biglemmowski.win/post/224874 cross-posted from: biglemmowski.win/post/224873 Posted on twitter by Curl author Daniel Stenberg - nitter.cz/bagder/status/17091039…GITHUB.COM
4 OctPoC exploit for CVE-2023-4911 "Looney Tunables"submitted by L4s to secops 1 points | 0 comments https://github.com/leesh3288/CVE-2023-4911 PoC exploit for CVE-2023-4911 “Looney Tunables”::PoC for CVE-2023-4911. Contribute to leesh3288/CVE-2023-4911 development by creating an account on GitHub.GITHUB.COM
4 OctChromium: CVE-2023-5346 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 25[−]
4 OctExperts Discover Multiple Malicious npm PackagesResearchers at FortiGuard Labs uncovered nine sets of malicious NPM packages designed to steal sensitive data, including system information, user credentials, and source code. These malicious packages use install scripts to exfiltrate data to webhooks or file-sharing links. These…CYWARE.COM
4 OctNew ‘Looney Tunables’ Linux Bug Gives Root Privileges on Major DistrosThe flaw, introduced in glibc 2.34, highlights the severity and widespread nature of the vulnerability, emphasizing the need for immediate patching by system administrators.BLEEPINGCOMPUTER.COM
4 OctSafe, Secure, Anonymous, and Other Misleading ClaimsPresently sponsored by: NTT’s Samurai XDR offers affordable enterprise-grade security for businesses of any size. $40 /endpoint/year. Try it free for 30 days! Imagine you wanted to buy some shit on the internet. Not the metaphorical kind in terms of "I bought some random shi…TROYHUNT.COM
4 OctQualcomm Patches 3 Zero-Days Reported by GoogleQualcomm has patched more than two dozen vulnerabilities, including three zero-days that may have been exploited by spyware vendors. The post Qualcomm Patches 3 Zero-Days Reported by Google appeared first on SecurityWeek .SECURITYWEEK.COM
4 OctChatGPT “not a reliable” tool for detecting vulnerabilities in developed codeGenerative AI - specifically ChatGPT - should not be considered a reliable resource for detecting vulnerabilities in developed code without crucial expert human oversight. However, machine learning (ML) models show strong promise in assisting the detection of novel zero-day attac…CSOONLINE.COM
4 OctMicrosoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server InstanceMicrosoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through a SQL Server instance. "The attackers initially exploited a SQL injection vulnerability in an application within the target's environment," security …THEHACKERNEWS.COM
4 OctRogue npm Package Deploys Open-Source Rootkit in New Supply Chain AttackA new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit functionality. The package in question is node-hide-console-windows, which mimics the legiti…THEHACKERNEWS.COM
4 OctOkta launches Cybersecurity Workforce Development InitiativeIdentity and access management company Okta has announced the launch of a new initiative focused on finding and developing cybersecurity talent and providing equitable access to careers. Through philanthropic and educational grants, Okta aims to support global organizations provi…CSOONLINE.COM
4 OctDead Grandma Locket Request Tricks Bing Chat’s AI Into Solving Security PuzzleThis incident highlights a new type of vulnerability, similar to prompt injection, where users can bypass the constraints of the AI model. Microsoft is likely to address this issue in future versions of Bing Chat.ARSTECHNICA.COM
4 OctTyposquatting Campaign Delivers R77 Rootkit Through Malicious JavaScript PackageThe typosquatting attack involved a malicious package called node-hide-console-windows that downloaded a Discord bot, which then planted an open-source rootkit called r77.REVERSINGLABS.COM
4 OctOpen-Source Intelligence (OSINT): Learn the Methods Bad Actors Use to Hack Your OrganizationThey are out there, watching and waiting for an opportunity to strike; the bad actors who have carefully researched your organization in order to set the perfect trap using easily found public resources. Open-Source Intelligence (OSINT) can provide cybercriminals everything they …KNOWBE4.COM
4 OctSony Confirms Data Breach Impacting Thousands of US EmployeesThe breach, caused by the Clop ransomware gang, occurred in late June but was only publicly acknowledged by Sony recently, with the company taking immediate action to remediate the vulnerability and launch an investigation.BLEEPINGCOMPUTER.COM
4 OctResearchers Link DragonEgg Android Spyware to LightSpy iOS SurveillancewareNew findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy (aka AndroidControl), was first disclosed by Lookout in July 2023 as a strain of malware c…THEHACKERNEWS.COM
4 OctCisco fixes hard-coded root credentials in Emergency ResponderCisco released security updates to fix a Cisco Emergency Responder (CER) vulnerability that let attackers log into unpatched systems using hard-coded credentials. [...]BLEEPINGCOMPUTER.COM
4 OctAtlassian Ships Urgent Patch for Exploited Confluence Zero-DayAtlassian confirms that “a handful of customers” were hit by exploits targeting a remotely exploitable flaw in its Confluence Data Center and Server products. The post Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day appeared first on SecurityWeek .SECURITYWEEK.COM
4 OctAtlassian patches critical Confluence zero-day exploited in attacksAustralian software company Atlassian released emergency security updates to fix a maximum severity zero-day vulnerability in its Confluence Data Center and Server software, which has been exploited in attacks. [...]BLEEPINGCOMPUTER.COM
4 OctApple emergency update fixes new zero-day used to hack iPhonesApple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users. [...]BLEEPINGCOMPUTER.COM
4 OctApple Warns of Newly Exploited iOS 17 Kernel Zero-DayApple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down. The post Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day appeared first on SecurityWeek .SECURITYWEEK.COM
4 OctApple fixes vulnerabilities in iOS and iPadOS., (Wed, Oct 4th)Apple today released iOS/iPadOS 17.0.3. These updates fix two vulnerabilities. A WebRTC vulnerability that could be used to execute arbitrary code, establishing initial access to the device, and a Kernel vulnerability used to elevate privileges. The privilege escalation vulnerabi…ISC.SANS.EDU
4 OctMicrosoft won’t say if its products were exploited by spyware zero-daysMicrosoft has released patches to fix zero-day vulnerabilities in two popular open-source libraries that affect several Microsoft products, including Skype, Teams, and its Edge browser. But Microsoft won’t say if those zero-days were exploited to target its products, or if …TECHCRUNCH.COM
4 OctCyber Mavens Slam Europe's Cyber Resilience ActExperts Warn Vulnerability Disclosure to Government Agencies Increases Hacking Risks More than four dozen cybersecurity mavens say a proposed European Union mandate for software publishers to inform the trading bloc's cybersecurity agency of zero day exploits within 24 hours of t…DATABREACHTODAY.CO.UK
4 OctHundreds of malicious Python packages found stealing sensitive dataA malicious campaign that researchers observed growing more complex over the past half year, has been planting on open-source platforms hundreds of info-stealing packages that counted about 75,000 downloads. [...]BLEEPINGCOMPUTER.COM
4 OctAmazon Web Services Warns of TorchServe FlawsOpen-Source Tool Used By of Global Enterprises Working With AI A clutch of vulnerabilities in an open source tool used by major corporations to scale up machine learning models could lead to remote takeover, says a cybersecurity firm in an warning downplayed by Meta, which co-man…DATABREACHTODAY.CO.UK
4 OctAttackers Exploit SQL Server to Penetrate Azure CloudMicrosoft Discloses Unusual Hacking Attempt Microsoft says it spotted an unusual hacking campaign in which hackers attempted to move laterally through the Azure cloud after compromising a virtual SQL server. It marks the first time that computing giant defenders have seen a later…DATABREACHTODAY.CO.UK
📋 SECURITY BULLETINS 1[−]
4 OctNew Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote AttacksSupermicro has released BMC IPMI firmware updates to address multiple vulnerabilities impacting select motherboard models. The post New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 9[−]
4 OctC-Suite Leaders to Boost Cybersecurity Compliance Amid SEC Disclosure Rule: DeloitteAlmost two-thirds of executives at publicly traded companies plan to strengthen their cybersecurity programs in response to a new rule by the SEC that requires companies to report material cybersecurity incidents within four business days.CYBERSECURITYDIVE.COM
4 OctNIST CSF (Cybersecurity Framework) 2.0 is just around the cornerSophos can help organizations in their efforts to align with the NIST CSF and other cybersecurity frameworks.SOPHOS.COM
4 OctCISA and NSA Release New Guidance on Identity and Access ManagementToday, CISA and the National Security Agency (NSA) published Identity and Access Management: Developer and Vendor Challenges , authored by the Enduring Security Framework (ESF), a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to…CISA.GOV
4 OctYesterday, Daniel J. Bernstein published a paper alleging that Kyber-512, an encryption algorithm selected as a NIST post-quantum contender, wasn't nearly as secure as its stewards say.submitted by glowie to cybersecurity 1 points | 0 comments Read the rest of it hereINFOSEC.PUB
🔥 INCIDENT REPORTING 18[−]
4 OctNATO 'actively addressing' alleged cyberattack affecting some websitessubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/nato-siegedsec-unclassified-websites-alleged-cyberattack The North Atlantic Treaty Organization (NATO) said it is investigating claims that data was stolen from unclassified websites under the military …THERECORD.MEDIA
4 OctLightSpy Spyware Evolves to Add New Plugins for Data ExfiltrationLightSpy, associated with the Chinese APT41 group, was found to contain a Core implant and 14 plugins for data exfiltration, supporting 24 different commands. LightSpy's Core supports 24 different commands, including self and plugin updates, indicating a sophisticated and ve…CYWARE.COM
4 OctPayment card details accessed in Motel One hackA ransomware attack has caused the hotel chain to suffer a data breachCSHUB.COM
4 OctRansomware Reinfections on the Rise From Improper RemediationRansomware attacks can have devastating financial and reputational consequences, with the potential to close down businesses, highlighting the importance of effective remediation and prevention strategies.MALWAREBYTES.COM
4 OctIndiana Attorney General Sues Provider Over Violation of Consumer Protection, Privacy LawsCarePointe, a medical provider in Indiana, is being sued by the state attorney general for allegedly being aware of security risks before a ransomware attack exposed the personal information of 45,000 patients.WVXU.ORG
4 OctWisconsin County Dealing With Ransomware Attack on Public Health DepartmentThe Cuba ransomware gang claimed responsibility for the attack, with concerns raised about potential connections to the Russian state due to their history of targeting government systems in Ukraine and Montenegro.THERECORD.MEDIA
4 OctMake these 5 changes to avoid becoming the next cybersecurity headlineRecent incidents, such as the breach at MGM Resorts, serve as stark reminders of the potential consequences of inadequate security measures.TECHCRUNCH.COM
4 OctSony confirms data breach impacting thousands in the U.S.Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information. [...]BLEEPINGCOMPUTER.COM
4 OctNATO Investigates Alleged Cyberattack Affecting Some Unclassified WebsitesNATO is currently investigating claims that data was stolen from its unclassified websites by the hacking group SiegedSec. The group allegedly stole 9 GB of data, including documents from various NATO portals.THERECORD.MEDIA
4 OctLyca Mobile Services Significantly Disrupted by CyberattackInternational mobile network operator Lyca Mobile says a cyberattack has significantly disrupted its services in many countries. The post Lyca Mobile Services Significantly Disrupted by Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
4 OctMozilla Warns of Fake Thunderbird Downloads Delivering RansomwareMozilla issues warning over fake Thunderbird downloads after a ransomware group was caught using this technique to deliver malware. The post Mozilla Warns of Fake Thunderbird Downloads Delivering Ransomware appeared first on SecurityWeek .SECURITYWEEK.COM
4 OctMicrosoft: Hackers target Azure cloud VMs via breached SQL serversHackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection. [...]BLEEPINGCOMPUTER.COM
4 OctLyca Mobile Suffers Disruptive Cyberattack; Investigates Ransomware PossibilityThe cyberattack caused disruptions to national and international calling, as well as customers' and retailers' access to top-ups, indicating a potential ransomware attack.HACKREAD.COM
4 OctArietis Health Announces MOVEit Data Breach Impacting Patients of NorthStar Anesthesia FacilitiesThe breach was discovered on May 31, 2023, and unauthorized actors were able to access Arietis Health's MOVEit server, potentially acquiring confidential files belonging to patients at NorthStar Anesthesia.JDSUPRA.COM
4 OctResearchers warn of 100,000 industrial control systems exposed onlineAbout 100,000 industrial control systems (ICS) were found on the public web, exposed to attackers probing them for vulnerabilities and at risk of unauthorized access. Among them are power grids, traffic light systems, security and water systems. [...]BLEEPINGCOMPUTER.COM
4 OctMozilla Warns of Fake Thunderbird Downloads Delivering RansomwareThe Snatch cybercrime group has been using paid Google ads to distribute their malware, posing as trusted software like Adobe Reader, Discord, Microsoft Teams, and Mozilla Thunderbird.SECURITYWEEK.COM
4 OctLyca Mobile blames cyberattack for network disruptionU.K.-based mobile virtual network provider giant Lyca Mobile has confirmed a cyberattack that caused service disruption for millions of its customers. Lyca Mobile claims to be the world’s largest international mobile virtual network operator, or MVNO, which piggybacks off network…TECHCRUNCH.COM
4 OctFirm Notifies Patients of 55 Health Practices Hit by MOVEit HackAnesthesiology, Pain Management, Gastro Practices Affected Across Several States Arietis Health, a revenue cycle management firm, is notifying the patients of 55 healthcare practices across several states that their sensitive information has been potentially compromised in a hack…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 17[−]
4 OctISC Stormcast For Wednesday, October 4th, 2023 https://isc.sans.edu/podcastdetail/8686, (Wed, Oct 4th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
4 OctSecurity at high speed - How Vipps secures their APIs - BSides Oslo 2023 - 45 minutessubmitted by ashar to security_cpe 2 points | 0 comments https://infosec.pub/pictrs/image/39d3491f-e0d5-44f1-89fa-505629997f5d.png ** Security at high speed - How Vipps secures their APIs** Nora Tomas & Kenneth Wang Pedersen From an outside perspective, login systems can seem…INFOSEC.PUB
4 OctWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 0 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
4 OctEvilProxy Phishing Attack Targets IndeedMenlo Labs discovered a July to August phishing campaign targeting executives in banking, insurance, real estate, and manufacturing, using the complex EvilProxy phishing kit. The campaign highlights the escalating threats that organizations face from threat actors due to the use …CYWARE.COM
4 OctChinese APT41 Actors Target WeChat Users via Trojanized App VersionAPT41, previously associated with web application attacks, has shifted its tactics to develop mobile-specific malware, including the DragonEgg and LightSpy surveillance malware, which share similar configuration patterns and runtime structures.BANKINFOSECURITY.COM
4 OctWhat to know about new generative AI tools for criminalsLarge language model (LLM)-based generative AI chatbots like OpenAI’s ChatGPT took the world by storm this year. ChatGPT became mainstream by making the power of artificial intelligence accessible to millions. The move inspired other companies (which had been working on com…SECURITYINTELLIGENCE.COM
4 OctGoogle, Yahoo Boosting Email Spam ProtectionsGoogle and Yahoo are introducing new requirements for bulk senders, to improve phishing and spam protections. The post Google, Yahoo Boosting Email Spam Protections appeared first on SecurityWeek .SECURITYWEEK.COM
4 Oct[Cybersecurity Awareness Month] Spoofy Steve's Business Email Compromise Scams You Need to Watch Out ForLike a ghost, most business email compromise (BEC) scams are able to sneak through most technical defenses and end up in end-user inboxes.KNOWBE4.COM
4 OctAI and ML: The Keys to Better Security OutcomesAI and ML are key to analyzing data and recognizing attack patterns. This requires large amounts of data from across your infrastructure. The post AI and ML: The Keys to Better Security Outcomes appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
4 OctOkta Buys Personal Password Manager Uno to Service ConsumersUno's Design Wisdom Will Accelerate Rollout of Okta's First-Ever Consumer Product Okta bought a password manager founded by a former Google engineer and backed by Andreessen Horowitz to get a foothold in the consumer identity market. Okta was impressed by Uno's experience in buil…DATABREACHTODAY.CO.UK
4 OctUS FTC Keeping 'Close Watch' on Artificial IntelligenceConsumers Complain of Bias, Fraud, Privacy, Copyright, Data Use Concerns The U.S. FTC says it is keeping a "close watch" on artificial intelligence, writing Tuesday that it has received a swath of complaints objecting to bias, collection of biometric data such as voice prints and…DATABREACHTODAY.CO.UK
4 OctNorth Korean Hackers Target South Korean Naval ShipyardsNation-State Attacks on Defense Manufacturers Rising Since November 2022 South Korean national intelligence has sounded alarms about North Korean hackers targeting the country's shipbuilding industry to steal naval military secrets. The agency said the hacks are part of North Kor…DATABREACHTODAY.CO.UK
4 OctSTEPS FORWARD Q&A: Will ‘proactive security’ engender a shift to risk-based network protection?Something simply must be done to slow, and ultimately reverse, attack surface expansion. Related: What Cisco’s buyout of Splunk really signals We’re in the midst of driving towards a dramatically scaled-up and increasingly connected digital ecosystem. Companies are obsessed…LASTWATCHDOG.COM
4 OctProtecting The Federal Supply Chain - John Loucaides - BTS #14John Loucaides, SVP Strategy at Eclypsium, joins us on the show to discuss protecting the federal supply chain! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-14YOUTUBE.COM
4 OctAtos Taps Senior Accenture Exec to Run Eviden Security GroupCurrent Atos Security Leader to Leave as Company Gets 3rd CEO In Less Than 2 Years Atos snagged the longtime European CEO of Accenture Technology to lead its soon-to-be-independent $5.76 billion cybersecurity, big data and digital unit. Yves Bernaert, 55, will split Atos' infrast…DATABREACHTODAY.CO.UK
4 OctX.Org Hit By New Security Vulnerabilities - Two Date Back To 1988 With X11R2 - Hack Libertysubmitted by Thekeksociety_on_X to cybersecurity 1 points | 0 comments https://links.hackliberty.org/post/134157LINKS.HACKLIBERTY.ORG
🌐 CYBER THREAT LANDSCAPE 3[−]
4 OctCyber Security Today, Oct. 4, 2023 - Critical vulnerabilities found in Linux and TorchServeThis episode reports on phishing email messages leveraging a hold in the Indeed job platform, warnings on poor firmware patching and on internet-connected ICS systemsCYBERSECURITYTODAY.LIBSYN.COM
4 OctEU Parliament Wants Journalists to Have Better Protections From SpywareThere are differing views between the European Parliament and the European Council regarding the level of protections for journalists from spyware, which will be subject to negotiations.THERECORD.MEDIA
4 OctPredator Spyware Linked to Madagascar Government Ahead of ElectionThe Madagascar government likely used the Cytrox-developed Predator spyware to conduct political domestic surveillance ahead of the country’s presidential election, according to research by Sekoia.INFOSECURITY-MAGAZINE.COM
📡 INFOSEC NEWS 19[−]
4 OctShellTorch Vulnerabilities Put Organizations at Risk of Server TakeoverThe vulnerabilities, collectively known as "ShellTorch," have been patched in the latest version of TorchServe (0.8.2), hence, developers are encouraged to update to ensure their systems are secure.THEREGISTER.COM
4 OctDon’t Let Zombie Zoom Links Drag You DownMany organizations, including Fortune 500 firms, have exposed Zoom links that allow unauthorized individuals to initiate video conference meetings, posing a risk of phishing and social engineering attacks.KREBSONSECURITY.COM
4 OctEmergency alert on US phones and TVs today — Don’t worry, it’s just a testThe U.S. Federal Emergency Management Agency (FEMA) and the Federal Communications Commission (FCC) will run an emergency alert test today to check Emergency Alert System (EAS) and Wireless Emergency Alerts (WEA) capabilities nationwide. [...]BLEEPINGCOMPUTER.COM
4 OctThe Hacker Perspective on Generative AI and CybersecurityUnveiling the Risks and Insights: A Hacker's Take on Generative AI and Cybersecurity Discover the crucial insights and predictions from experienced hackers about the intersection of Generative AI and cybersecurity, including emerging risks, vulnerabilities, and innovative approac…DATABREACHTODAY.CO.UK
4 OctSan Francisco Metropolitan Transportation Commission Leaves 26,000 Files Publicly AccessibleA misconfiguration in the Metropolitan Transportation Commission (MTC) systems resulted in the exposure of over 26,000 files, including clients' home addresses and vehicle plate numbers.SECURITYAFFAIRS.COM
4 OctWing Disrupts the Market by Introducing Affordable SaaS SecurityToday, mid-sized companies and their CISOs are struggling to handle the growing threat of SaaS security with limited manpower and tight budgets. Now, this may be changing. By focusing on the critical SaaS security needs of these companies, a new approach has emerged that can be l…THEHACKERNEWS.COM
4 OctOkta acquires a16z-backed password manager Uno to develop a personal tierOkta, the U.S.-based identity mangement giant, announced today that it has acquired a password mangement app, Uno. The company said that Uno’s team will help speed up the public launch of the Okta Personal tier, a password manager for consumers. Uno, founded by former Googl…TECHCRUNCH.COM
4 OctOkta plans to weave AI across its entire identity platform using multiple modelsOne thing is clear this year: generative AI is having a tremendous impact on the software industry, and a week doesn’t pass without software companies announcing their plans to incorporate the seemingly game changing technology into their platforms. This week, it’s Okta’s turn. T…TECHCRUNCH.COM
4 OctYubico can now ship pre-registered security keys to its enterprise usersPhysical security keys remain one of the best ways to secure user accounts, but the fact that new users have to register them before they can use them often adds quite a bit of friction. Yubico, the company behind the ubiquitous FIDO-certified YubiKeys, is now making this signifi…TECHCRUNCH.COM
4 OctDark Web Sale of FBI LEEP Classified Data Sparks Concerns Over National SecurityThe sale of these credentials puts sensitive information at risk of being misused by cybercriminals. It is unclear how many credentials are being sold or if they are genuine.THECYBEREXPRESS.COM
4 OctEnhancing your application security program with continuous monitoringPen Testing as a Service and Traditional web application pen testing offers two different approaches to securing your applications. Learn more from Outpost24 on which approach may be best for your business. [...]BLEEPINGCOMPUTER.COM
4 OctNew Supermicro BMC Vulnerabilities Could Expose Many Servers To Remote AttacksPACKETSTORMSECURITY.COM
4 OctNorthern Ireland Police Issue “Quishing” Email WarningOriginally published by the Police Service of Northern Ireland (PSNI) Cyber Crime Centre, the notice urges all local businesses to ensure staff cybersecurity awareness training is updated so employees can spot the threat.INFOSECURITY-MAGAZINE.COM
4 OctWhat is SD-WAN? | Kaspersky official blogWhat is SD-WAN (software-defined wide area network) in simple terms, and should you implement it?KASPERSKY.COM
4 OctRed Cross Tells Hacktivists: Stop Targeting HospitalsOf Course, KillNet and Its Ilk Don't Care - They're Likely Proxies for Moscow Hacktivists who hit healthcare or otherwise target civilians are violating international humanitarian law, warns the International Committee of the Red Cross. As many self-proclaimed hacktivists appear …DATABREACHTODAY.CO.UK
4 OctWhat's Normal? Connection Sizes, (Wed, Oct 4th)Following up on the "What&#;x26;#;39;s Normal" diary from a couple of weeks ago, I have a new one: The size of connections. I am going to focus on the number of bytes being transmitted.
ISC.SANS.EDU
4 OctSophos Firewall v20: VPN EnhancementsStart taking advantage of all the great new features in SFOS v20 today.SOPHOS.COM