🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
9 OctSecurity Patch for Two New Flaws in Curl Library Arriving on October 11The maintainers of the Curl library have released an advisory warning of two forthcoming security vulnerabilities that are expected to be addressed as part of updates released on October 11, 2023. This includes a high severity and a low-severity flaw tracked under the identifiers…THEHACKERNEWS.COM
9 OctMoving beyond vulnerability scanning to strengthen your attack surfaceStaying one step ahead of potential breaches is a top priority for security teams within organizations of all sizes. Vulnerability scanning has long been a foundation of these efforts, allowing businesses to identify weaknesses in their security posture. However, as cyberattacks …SECURITYINTELLIGENCE.COM
9 OctCredential Harvesting Campaign Targets Unpatched NetScaler InstancesThreat actors are targeting Citrix NetScaler instances unpatched against CVE-2023-3519 to steal user credentials. The post Credential Harvesting Campaign Targets Unpatched NetScaler Instances appeared first on SecurityWeek .SECURITYWEEK.COM
9 OctHackers hijack Citrix NetScaler login pages to steal credentialsHackers are conducting a large-scale campaign to exploit the recent CVE-2023-3519 flaw in Citrix NetScaler Gateways to steal user credentials. [...]BLEEPINGCOMPUTER.COM
9 OctMaintainers of a Popular Open Source Tool Warns of Critical Curl VulnerabilityTwo new vulnerabilities have been discovered in the widely used Curl tool. These two vulnerabilities are identified as CVE-2023-38545 and CVE-2023-38546. One of these vulnerabilities has a high severity, while the other has a low severity. However, the Curl team has confirmed tha…GBHACKERS.COM
9 OctBare-metal Rust in AndroidPosted by Andrew Walbran, Android Rust Team Last year we wrote about how moving native code in Android from C++ to Rust has resulted in fewer security vulnerabilities . Most of the components we mentioned then were system services in userspace (running under Linux), but these are…SECURITY.GOOGLEBLOG.COM
9 OctCoordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641)submitted by L4s to secops 1 points | 0 comments https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/ Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641)::CVE-2023-43641 is a vulnerability in libcue, which can lead to code execution…GITHUB.BLOG
⚠️ VULNERABILITY DISCLOSURE 15[−]
9 OctUpdate: MGM Resorts’ Las Vegas Area Operations to Take $100M Hit From CyberattackMGM Resorts said the previously disclosed cyberattack in September will impact the company’s third-quarter financial results by about $100 million, mainly related to the impact on its Las Vegas operations, according to its SEC filing.CYBERSECURITYDIVE.COM
9 OctEstes Express Lines Reports Cyberattack Caused Ongoing Tech OutageThe cyberattack highlights the vulnerability of transportation firms to cyber threats, disrupting their visibility into operations and posing risks to employee and customer data.CYBERSECURITYDIVE.COM
9 Oct11 notable post-quantum cryptography initiatives launched in 2023The point at which quantum computers will be capable of breaking existing cryptographic algorithms -- known as "Q-Day" -- is approaching. It's a juncture that's been discussed for years, but with advancements in computing power, post-quantum threats are becoming very real. Some s…CSOONLINE.COM
9 OctSnap AI Chatbot Scrutinized by UK Watchdog Over How It Processes Kids’ DataThe British data privacy authority has issued a preliminary enforcement notice against Snap Inc. for potentially failing to adequately assess the privacy risks associated with its generative AI chatbot.THERECORD.MEDIA
9 OctHigh-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT SecurityMultiple high-severity security vulnerabilities have been disclosed in ConnectedIO's ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data. "An attacker could have leveraged thes…THEHACKERNEWS.COM
9 OctPatches Prepared for ‘Probably Worst’ cURL VulnerabilityA high-severity vulnerability in the data transfer project cURL will be addressed with libcurl and curl updates this week. The post Patches Prepared for ‘Probably Worst’ cURL Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
9 OctHacking GTA V RP Servers Using Web Exploitation Techniquessubmitted by L4s to secops 1 points | 0 comments https://www.nullpt.rs/hacking-gta-servers-using-web-exploitation Hacking GTA V RP Servers Using Web Exploitation Techniques::A technical blogNULLPT.RS
9 OctHelloKitty ransomware source code leaked on hacking forumA threat actor has leaked the complete source code for the first version of the HelloKitty ransomware on a Russian-speaking hacking forum, claiming to be developing a new, more powerful encryptor. [...]BLEEPINGCOMPUTER.COM
9 OctHigh-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT SecurityThe flaws in 3G/4G routers could expose internal networks to severe threats, enabling attackers to intercept traffic, seize control, and infiltrate Extended Internet of Things (XIoT) devices.THEHACKERNEWS.COM
9 OctCritical Video Surveillance Camera Vulnerability Allows Attackers to Change Passwords & Disable AlarmsPablo Martínez, a member of the Red Team at cybersecurity firm Entelgy Innotec Security, has uncovered significant vulnerabilities in low-cost video surveillance cameras available for purchase on popular online platforms. His findings shed light on serious security concerns surro…GBHACKERS.COM
9 OctRecently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress SitesRecently patched TagDiv Composer plugin vulnerability exploited to hack thousands of WordPress sites as part of the Balada Injector campaign. The post Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites appeared first on SecurityWeek .SECURITYWEEK.COM
9 OctLatest Balada Injector Campaign Targets Unpatched tagDiv PluginA group of experts noted a rapid evolution in Balada Injector's infrastructure and attack methods, which resulted in a significant number of compromised WordPress sites. Balada malware injection attacks have been found exploiting a vulnerable tagDiv premium theme plugin to target…CYWARE.COM
9 OctGNOME Linux systems exposed to RCE attacks via file downloadsA memory corruption vulnerability in the open-source libcue library can let attackers execute arbitrary code on GNOME Linux systems. [...]BLEEPINGCOMPUTER.COM
9 OctcURL Maintainers Fixing 'Worst Curl Security Flaw'Updates Expected Wednesday for Open-Source Command-Line Tool, Library Maintainers of the widely used open-source command-line tool cURL and libcurl library that supports key network protocols said two upcoming vulnerabilities are set to be disclosed this week. One flaw is probabl…DATABREACHTODAY.CO.UK
9 OctD-Link WiFi range extender vulnerable to command injection attacksThe popular D-Link DAP-X1860 WiFi 6 range extender is susceptible to a vulnerability allowing DoS (denial of service) attacks and remote command injection. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 2[−]
9 OctNew CISA, NSA Guidance Highlights Pain Points in Identity and Security ManagementThe Enduring Security Framework, a public-private working panel led by CISA and the NSA, identified developer and vendor issues that hinder the implementation of MFA and SSO, such as confusing definitions, unclear policies, and technical gaps.NEXTGOV.COM
9 OctNSA and CISA Red and Blue Teams Share Top Ten Cybersecurity MisconfigurationsThe National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) have released a joint cybersecurity advisory highlighting the most common misconfigurations in large organizations.CISA.GOV
🔥 INCIDENT REPORTING 25[−]
9 OctGaza-Linked Cyber Threat Actor Targets Israeli Energy and Defense SectorsA Gaza-based threat actor has been linked to a series of cyber attacks aimed at Israeli private-sector energy, defense, and telecommunications organizations. Microsoft, which revealed details of the activity in its fourth annual Digital Defense Report, is tracking the campaign un…THEHACKERNEWS.COM
9 OctQakbot Threat Actors Deliver Knight Ransomware and Remcos through Weaponized LNK FilesQakbot’s infrastructure and cryptocurrency assets were seized by government authorities in an operation in August 2023 with the assistance of international allies, raising concerns about the affiliates of Qakbot. Talos researchers moderately believe Qakbot threat actors rem…GBHACKERS.COM
9 OctBureau van Dijk - 27,917,714 breached accountsIn approximately August 2021, hundreds of gigabytes of data produced by Bureau van Dijk (BVD) was obtained and later published to a popular hacking forum . BVD claims to "capture and treat private company information for better decision making and increased efficiency",…HAVEIBEENPWNED.COM
9 OctCyber Security Today, Oct. 9, 2023 - US bank notifies over 800,000 of a MOVEit hack, data stolen from a DNA test service, and moreThis episode reports on more MOVEit hack news, a US settlement in the Blackbaud ransomware attack and moreCYBERSECURITYTODAY.LIBSYN.COM
9 OctStay a Step Ahead of your #1 Downtime Threat - Business Email CompromiseA new report from Secureworks has found that business email compromise (BEC) remains “one of the most financially damaging online crimes overall for orgs” in 2023. The security firm’s 2023 State of the Threat report says BEC “exceeds even ransomware in aggregate, mainly because i…KNOWBE4.COM
9 OctHackers Join In on Israel-Hamas War With Disruptive CyberattacksSeveral hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack. The post Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks appeared first on SecurityWeek .SECURITYWEEK.COM
9 OctUkraine, Israel, South Korea Top List of Most-Targeted Countries for CyberattacksNation-state hackers, particularly Russia and China, have shifted their focus towards espionage campaigns aimed at stealing information and manipulating communications, according to a new Microsoft report.THERECORD.MEDIA
9 OctChinese Android-based Devices It Comes Pre-installed With a Firmware BackdoorThe Trojan War’s famous horse trick inspired the term for cyberattacks, where a user unwittingly downloads a file that causes harm when opened. HUMAN’s Satori Team unveils BADBOX, a cryptic and intricate network of fraud schemes, mirroring the Trojan Horse’s hid…GBHACKERS.COM
9 Oct23andMe suffers credential stuffing cyber attack targeting Ashkenazi JewsA credential stuffing attack has led to the personal information of a million users being available on the dark webCSHUB.COM
9 OctQakbot Persists, Deploys Ransom KnightAs per Cisco Talos, Qakbot malware actors have continued their campaign, distributing Ransom Knight ransomware and the Remcos backdoor, despite the FBI-led takedown of their infrastructure. Besides, the study asserts that the Ransom Knight payload is an updated variant of the Cyc…CYWARE.COM
9 OctFlagstar Bank Suffers Data Breach Due to Cyber Intrusion at Third-Party Service ProviderOver 800,000 customers of Flagstar Bank have had their personal information exposed due to a data breach suffered by a third-party service provider Fiserv, that offers payment processing and mobile banking services to Flagstar Bank.SECURITYAFFAIRS.COM
9 OctFacebook’s Official Page Hacked; Demand Release of Pakistani PM Imran KhanThe official Facebook page was hacked, with bizarre posts demanding the release of ex-Pakistani PM Imran Khan, raising concerns about the security of Facebook accounts and pages.HACKREAD.COM
9 OctDC Board of Elections Discloses Data BreachThe District of Columbia Board of Elections says voter records were compromised in a data breach at hosting provider DataNet. The post DC Board of Elections Discloses Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
9 OctEnergy Sector Experiences Three Times More Operational Technology Cybersecurity Incidents Than Any Other IndustryWhile industries like financial services and healthcare tend to dominate in IT attacks, the tables are turned when looking at Operational Technology (OT) cyber attacks – and the energy sector is the clear “winner.”KNOWBE4.COM
9 OctRansomware Attack Dwell Time Drops by 77% to Under 24 HoursAs attackers evolve their toolsets and processes, the significant drop in dwell time signifies a much higher risk to organizations that now have less time to detect and respond to initial attacks.KNOWBE4.COM
9 OctLockBit Says CDW Data Will be Leaked After Talks Break DownCDW, one of the largest global resellers, is set to have its data leaked by the LockBit cybercrime gang after negotiations over the ransom fee broke down. LockBit claims that CDW offered a very low sum of money.THEREGISTER.COM
9 Oct23andMe suffers credential stuffing cyber attackA credential stuffing attack has led to the personal information of a million users with Ashkenazi Jewish heritage being available on the dark webCSHUB.COM
9 OctMultiple Hacker Groups Join in on Israel-Hamas War With Disruptive CyberattacksVarious hacker groups from around the world, including Ghosts of Palestine and Garuna, have joined the cyber conflict, targeting private and public infrastructure in Israel and the Palestinian territories.SECURITYWEEK.COM
9 OctPEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOSAn ad fraud botnet dubbed PEACHPIT leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme. The botnet is part of a larger China-based operation codenamed BADBOX, which also entails selling off-bran…THEHACKERNEWS.COM
9 OctOver 17,000 WordPress sites hacked in Balada Injector attacks last monthMultiple Balada Injector campaigns have compromised and infected over 17,000 WordPress sites using known flaws in premium theme plugins. [...]BLEEPINGCOMPUTER.COM
9 OctALPHV ransomware gang claims attack on Florida circuit courtThe ALPHV (BlackCat) ransomware gang has claimed an attack that affected state courts across Northwest Florida (part of the First Judicial Circuit) last week. [...]BLEEPINGCOMPUTER.COM
9 Oct23andMe Investigating Apparent Credential Stuffing HackHackers Claim to Have 20 Million Pieces of Code; Ancestry Data Leaked on Dark Web Genetics testing firm 23andMe is investigating a data leak of ancestry DNA information for certain customers whose usernames and passwords were previously hacked on other websites. The company suspe…DATABREACHTODAY.CO.UK
9 OctYour family, home and small business need a cyber-resilience strategy, too!Your preparedness to deal with cyberattacks is key for lessening the impact of a successful incident – even in home and small business environmentsWELIVESECURITY.COM
🕵️ THREAT INTELLIGENCE 26[−]
9 OctISC Stormcast For Monday, October 9th, 2023 https://isc.sans.edu/podcastdetail/8692, (Mon, Oct 9th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
9 OctWatchGuard Firewall Clientless SSO sends out its password hashes to random devices on the network.submitted by L4s to secops 1 points | 0 comments https://projectblack.io/blog/turn-off-this-watchguard-feature-guardlapse/ WatchGuard Firewall Clientless SSO sends out its password hashes to random devices on the network.::Picture this: a feature from a security appliance that wi…PROJECTBLACK.IO
9 OctChinese Hackers Attacking Semiconductor Industries using Cobalt Strike beaconA cyber espionage campaign has been discovered in which threat actors use a variant of the HyperBro loader along with a Taiwan Semiconductor Manufacturing (TSMC) lure in order to target semiconductor industries in regions like Taiwan, Hong Kong, and Singapore. The tactics, techni…GBHACKERS.COM
9 OctBlack Hat Fireside Chat: Why using ‘Clean Code’ is paramount in speedy software developmentClean Code’ is a simple concept rooted in common sense. This software writing principle cropped up some 50 years ago and might seem quaint in today’s era of speedy software development. Related: Setting IoT security standards At Black Hat 2023 … (more…)LASTWATCHDOG.COM
9 OctExposing Infection Techniques Across Supply Chains and CodebasesThreat actors use sophisticated attack techniques like exec smuggling to implant malicious code within seemingly legitimate applications, compromising the security of systems.TRENDMICRO.COM
9 OctMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
9 OctGoogle Expands Bug Bounty Program With Chrome, Cloud CTF EventsGoogle is hosting capture the flag (CTF) events focused on Chrome’s V8 engine and on Kernel-based Virtual Machine (KVM). The post Google Expands Bug Bounty Program With Chrome, Cloud CTF Events appeared first on SecurityWeek .SECURITYWEEK.COM
9 OctOne Out of Five Organizations Must Improve Their Security Posture to be Eligible for Cyber InsuranceAs insurers become more educated on what a “secure organization” looks like, they are tightening their requirements that puts the onus on organizations to be more secure.KNOWBE4.COM
9 OctHealthcare Industry Witnesses 279% Increase in Business Email Compromise Attacks in 2023The massive uptick in business email compromise (BEC) is considered one of the costliest attack types, requiring organizations to put employees on notice to stay vigilant.KNOWBE4.COM
9 OctLazarus APT Laundered Over $900 Million Worth of CryptocurrencyThreat actors have been laundering currencies with multiple methods. One of the most predominant ways they have been using lately was the Cross-chain crime. In a cross-chain crime, threat actors swap their Cryptocurrency between different blockchains and tokens that help maintain…GBHACKERS.COM
9 OctRegister for KB4-CON EMEA 2023 Now!Exciting news, registration for KB4-CON EMEA 2023 is open!KNOWBE4.COM
9 OctIntelligence Failure: Surprise Strike on Israel by HamasMilitants Likely Planned Assault Offline, to Evade Digital Surveillance Dragnet How did Israeli intelligence fail to spot and stop the deadly assault on Saturday by Hamas militants? Experts suggest planners used offline tactics and extreme compartmentalization to prevent leaks an…DATABREACHTODAY.CO.UK
9 OctNews alert: Georgia State receives a $10 million grant to research AI, robotics and edge computingAtlanta, GA, Oct. 9, 2023 — Jonathan Shihao Ji, a computer science professor at Georgia State University, has received a $10 million grant from the Department of Defense (DoD) to address critical problems in artificial intelligence (AI) and robotics with … (more…)LASTWATCHDOG.COM
9 OctDigital Transformation Breaks Risk Management | Leadership & Communications - BSW #323This week, we start things off with an interview with Chris Morales, CISO and Head of Security Strategy at Netenrich, about Digital Transformation Breaks Risk Management. Then we follow up with our Leadership and Communications Articles for the week. Visit https://www.securitywee…YOUTUBE.COM
9 OctUK Lawmakers Call for Halt to Live Facial RecognitionPetition Signed by 65 Parliamentarians and 31 Civil Society Organizations More than five dozen British lawmakers across political parties and privacy organizations called for an "immediate stop" to real-time facial recognition in the United Kingdom. Live facial recognition faces …DATABREACHTODAY.CO.UK
9 OctDigital Transformation Breaks Risk Management - Chris Morales - BSW #323CEOs and boards struggle with their digital transformation process. Does their operations hinder or align with business initiatives? Has their security operations scaled to meet the data and digital demands to protect against business risk? In today’s episode, we’re talking to Ch…YOUTUBE.COM
9 OctValuing Cybersecurity Investment, Cybersecurity is a CFO Issues, and CISO Career Path - BSW #323In the leadership and communications section, The Data Your Board Actually Wants to Hear About When Valuing Cybersecurity Investments, Cybersecurity is a CFO issue, Must-know insights when navigating the CISO career path, and more! Visit https://www.securityweekly.com/bsw for all…YOUTUBE.COM
9 OctGet Ready for AI as a Service in the Cloud - and EverywhereCloud Security Alliance's Troy Leach on AI in Cloud, Fintech Industry Firms using large language models that power gen AI-powered tools must consider security and privacy aspects such as data access, output monitoring and model security before jumping on the bandwagon, said Troy …DATABREACHTODAY.CO.UK
9 OctExpert: Israel Intelligence 'Complacent or Overly Confident'Former Deputy National Security Adviser in Israel on Resilience of Cyber Defenses Israeli intelligence is considered one of the best, yet it failed to anticipate a major attack launched by Hamas over the weekend. Harvard professor Chuck Freilich said this oversight has had a prof…DATABREACHTODAY.CO.UK
9 OctExpanded Microsoft Security Experts offerings provide comprehensive protectionRead about the latest updates to our Microsoft Security Experts product offerings. The post Expanded Microsoft Security Experts offerings provide comprehensive protection appeared first on Microsoft Security Blog .MICROSOFT.COM
9 OctChina-based spies are hacking East Asian semiconductor companies, report sayssubmitted by throws_lemy to cybersecurity 28 points | 0 comments https://therecord.media/china-budworm-apt27-east-asia-semiconductor-companiesTHERECORD.MEDIA
9 OctGoogle | 23andMe | Facebook | GitHub's Secret Scanning | MGM Resorts | Jason Wood & more – SWN332This week, Aaran Rants: Google, 23andMe, Facebook, GitHub's Secret Scanning, MGM Resorts, Grindr, Jason Wood, and more on the Security Weekly News. →Full Show Notes: https://securityweekly.com/swn332 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our …YOUTUBE.COM
9 OctReverse Engineering BMCs and Other Firmware - BTS #15In this edition of Below The Surface, we discuss Reverse Engineering BMCs and Other Firmware with Vladyslav Babkin, Security Researcher at Eclypsium. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! →Full Show Notes: htt…YOUTUBE.COM
9 OctGetting Started With Reverse Engineering Hardware | News - PSW8026:00pm ET - Discussion Topic 8:00pm ET - Security News This week, we start Discussing Getting Started With Reverse Engineering Hardware. Then we discuss our security news for the week. →Full Show Notes: https://securityweekly.com/psw802 →Join the Security Weekly Discord Server: h…YOUTUBE.COM
9 Oct KEVWhat does it mean for AI to be trustworthy? | SW Executive Interviews | More SW Interviews - ESW335This week, we kick things off with an interview with Pamela Gupta, CEO at Trusted AI, an OutSecure Company, about What does it mean for AI to be trustworthy? Then, we air some of our executive interviews from InfoSec World 2023, with Mike Campfield, CRO at Uptycs, Nathan Wenzler,…YOUTUBE.COM
9 OctSeroxen RAT | Smart Links | ShellBot | Hidden Servers | Aaran Leyland & More! – SWN333This week, Doug Talks: Microsoft, SeroxenRAT, Smart Links (which sound like ai enabled sausages), Vogons, ToddyCAT, ShellBot, Hidden servers, Aaran Leyland, and More on the security weekly news. , Aaran Leyland, and more on the Security Weekly News. →Full Show Notes: https://secu…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
9 Oct"I Had a Dream" and Generative AI Jailbreaks"Of course, here's an example of simple code in the Python programming language that can be associated with the keywords "MyHotKeyHandler," "Keylogger," and "macOS," this is a message from ChatGPT followed by a piece of malicious code and a brief remark not to use it for illegal …THEHACKERNEWS.COM
📡 INFOSEC NEWS 17[−]
9 OctVictims Reported $2.7 Billion in Social Media Scam Losses Since 2021: FTCShopping scams are the most common type of social media fraud, with undelivered goods being the primary issue, while investment scams, particularly involving cryptocurrency, pose the highest financial risk to victims.THERECORD.MEDIA
9 OctUS Police Recover $3M Stolen by Pakistani Crypto ScammersAlthough arrests are unlikely, the stolen crypto was recovered, which is a significant achievement considering the difficulty of tracking and recovering cryptocurrencies.HACKREAD.COM
9 OctAccount Takeover From Student EmailsTaking over legitimate email accounts, whether belonging to employees or students, is an effective tactic for sending out phishing emails as the sender appears to be trustworthy.AVANAN.COM
9 OctGitHub's Secret Scanning Feature Now Covers AWS, Microsoft, Google, and SlackGitHub has improved its secret scanning feature to include validity checks for popular services like Amazon Web Services, Microsoft, Google, and Slack, enhancing the ability to identify and remediate exposed tokens.THEHACKERNEWS.COM
9 OctAI RisksThere is no shortage of researchers and industry titans willing to warn us about the potential destructive power of artificial intelligence. Reading the headlines, one would hope that the rapid gains in AI technology have also brought forth a unifying realization of the risksR…SCHNEIER.COM
9 OctWebinar: How vCISOs Can Navigating the Complex World of AI and LLM SecurityIn today's rapidly evolving technological landscape, the integration of Artificial Intelligence (AI) and Large Language Models (LLMs) has become ubiquitous across various industries. This wave of innovation promises improved efficiency and performance, but lurking beneath the sur…THEHACKERNEWS.COM
9 OctAmazon Prime Email Scammer Snatches Defeat From the Jaws of VictoryResearchers discovered a failed phishing attempt through a spam email. The email claimed to be from Amazon, stating that the recipient's Prime benefits were on hold due to a billing issue.MALWAREBYTES.COM
9 OctCybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. FirmsSenior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks. Menlo Security said the acti…THEHACKERNEWS.COM
9 OctSecurity Patch for Two New Flaws in Curl Library Arriving on October 11Organizations are advised to inventory and scan all systems using Curl and libcurl to identify potentially vulnerable versions once the details are released with the new version 8.4.0 on October 11.THEHACKERNEWS.COM
9 OctZIP's DOSTIME & DOSDATE Formats, (Mon, Oct 9th)I was recently looking at a ZIP file, and after some time, I noticed that 7Zip was not displaying a modification date/time:
ISC.SANS.EDU
9 OctGPU.zip attack in simple terms | Kaspersky official blogWe explain the GPU.zip attack in simple terms, and discuss why it's not dangerous.KASPERSKY.COM
9 OctHackers use malicious 404 error pages to steal credit cardsA new Magecart card skimming campaign hijacks the 404 error pages of online retailer's websites, hiding malicious code to steal customers' credit card information. [...]BLEEPINGCOMPUTER.COM
9 OctHackers modify online stores’ 404 pages to steal credit cardsA new Magecart card skimming campaign hijacks the 404 error pages of online retailer's websites, hiding malicious code to steal customers' credit card information. [...]BLEEPINGCOMPUTER.COM
9 OctHacktivism erupts in response to Hamas-Israel warSeveral groups of hacktivists have targeted Israeli websites with floods of malicious traffic following a surprise land, sea and air attack launched against Israel by militant group Hamas on Saturday, which prompted Israel to declare war and retaliate. Israeli newspaper The Jerus…TECHCRUNCH.COM
9 OctPhishers Spoof USPS, 12 Other Natl’ Postal ServicesRecent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here's a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at leas…KREBSONSECURITY.COM