14Articles
6Categories
2023-10-07Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
7 OctPython scanner for critical Atlassian Confluence vulnerability (CVE-2023-22515)submitted by L4s to secops 1 points | 0 comments https://github.com/ErikWynter/CVE-2023-22515-Scan Python scanner for critical Atlassian Confluence vulnerability (CVE-2023-22515)::Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence - GitHub - …GITHUB.COM
⚠️ VULNERABILITY DISCLOSURE 2[−]
7 OctCISA Reverses Course on Malicious Exploitation of Video Conferencing Device FlawsThe Meeting Owl vulnerabilities, discovered by researchers at Modzero, include encryption flaws, hardcoded credentials, and authentication issues, which could potentially allow attackers to take control of the device.SECURITYWEEK.COM
7 OctBalada Injector Targets Unpatched tagDiv Plugin, Themes on WordPress SitesThe Balada Injector gang is actively exploiting vulnerabilities in tagDiv premium themes, such as the recently disclosed Unauthenticated Stored XSS vulnerability, to inject malware into websites.SUCURI.NET
📢 SECURITY ADVISORIES 1[−]
7 OctBounty offered for secret NSA seeds behind NIST elliptic curves algoA bounty of $12,288 has been announced for the first person to crack the NIST elliptic curves seeds and discover the original phrases that were hashed to generate them. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 3[−]
7 OctHow Target Was Breached in 2013submitted by vedard to cybersecurity 1 points | 0 comments https://blog.0x7d0.dev/history/how-target-was-breached-in-2013/0X7D0.DEV
7 OctCybercrime Gangs Now Deploying Ransomware Within 24 Hours of Hacking VictimsThe median dwell time, or the time between initial access and deployment of ransomware, has significantly decreased from 4.5 days to as little as five hours, indicating cybercriminals' desire for lower detection risk, as per a Secureworks report.THERECORD.MEDIA
7 OctRhysida Ransomware Gang Claims Attacks on Governments in Portugal, Dominican RepublicThe city of Gondomar in Portugal and the Dominican Republic's Migration Agency have been targeted by the Rhysida ransomware gang, causing disruptions in services and potential data theft.THERECORD.MEDIA
🕵️ THREAT INTELLIGENCE 4[−]
7 OctBinary IPv6 Addresses, (Sat, Oct 7th)Jim was inspired by my diary entry " IPv4 Addresses in Little Endian Decimal Format " to make a new tool " New tool: le-hex-to-ip.py ". ISC.SANS.EDU
7 OctTaiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US SanctionsTaiwan authorities are investigating four Taiwan-based companies suspected of helping China’s Huawei Technologies to build semiconductor facilities. The post Taiwan Probes Firms Suspected of Selling Chip Equipment to China’s Huawei Despite US Sanctions appeared first on SecurityW…SECURITYWEEK.COM
7 OctThousands of Android (streaming) devices come with unkillable backdoor preinstalledsubmitted by androidtate to cybersecurity 2 points | 2 comments https://arstechnica.com/security/2023/10/thousands-of-android-devices-come-with-unkillable-backdoor-preinstalled/ cross-posted from: lemdro.id/post/2061992ARSTECHNICA.COM
7 OctChinese Criminals Backdoor Android Devices for Ad FraudBrand New Android Smartphones, Tablets and Connected TVs Harboring Trojan Backdoor Tens of thousands of knock-off Android products manufactured in China including TV streaming boxes reached consumers infected with malware, say cybersecurity researchers. Human Security says it als…DATABREACHTODAY.CO.UK
📡 INFOSEC NEWS 3[−]
7 OctD.C. Board of Elections Confirms Voter Data Stolen in Site HackThe stolen voter records include personal details such as names, registration IDs, partial Social Security numbers, driver's license numbers, and contact information, raising concerns about potential identity theft and privacy risks.BLEEPINGCOMPUTER.COM
7 OctWireshark releases 2 updates in one day. Mac users especially will want the latest., (Sat, Oct 7th)--------------- 
 Jim Clausing, GIAC GSE #26 
 jclausing --at-- isc [dot] sans (dot) edu 
ISC.SANS.EDU
7 OctWhy AI in Healthcare is Promising, But 'Not Magic'The use of generative AI is being "highly explored" in healthcare and has great promise for a variety of applications, but it needs to be scrutinized closely, said Erik Decker, vice president and CISO of Intermountain Health and a cybersecurity adviser to the federal government.DATABREACHTODAY.CO.UK