🚨 CISA KEV 1[−]
11 Oct KEVCISA Warns of Attacks Exploiting Adobe Acrobat VulnerabilityCISA has added five bugs to its Known Exploited Vulnerabilities catalog, including the recent WordPad, Skype, and HTTP/2 zero-days. The post CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
11 OctMicrosoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence VulnerabilityMicrosoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant's threat intelligence team said it observed in-the-wild abuse of …THEHACKERNEWS.COM
11 Octcurl - SOCKS5 heap buffer overflowsubmitted by L4s to secops 1 points | 0 comments https://curl.se/docs/CVE-2023-38545.html curl - SOCKS5 heap buffer overflow::undefinedCURL.SE
11 OctMassive DDoS Attack Leveraged Zero-Day in HTTP/2 Rapid ResetMultiple Google services and Cloud users were allegedly the target of a unique HTTP/2-based DDoS attack. The attack used a cutting-edge method known as HTTP/2 Rapid Reset, a zero-day vulnerability in the HTTP/2 protocol tagged as CVE-2023-44487 that may be used to launch DDoS att…GBHACKERS.COM
11 OctOnly you can prevent forest trust issues: managing the complexity of merged networksIn the past, security decisions were rarely included in the planning when it came to combining networks after companies merged -- just getting the two systems up and running and talking to each other came first and foremost. It was standard procedure to disable workstation firewa…CSOONLINE.COM
11 OctSAP Releases Seven New Notes on October 2023 Patch DayOrganizations are advised to check all their software for the presence of the CVE-2023-4863 vulnerability in the libwebp image rendering library and apply patches accordingly.SECURITYWEEK.COM
11 OctMicrosoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence VulnerabilityThe vulnerability, CVE-2023-22515, allows remote attackers to create unauthorized administrator accounts and gain access to Confluence servers. Organizations using Confluence applications should upgrade to the latest versions and isolate them.THEHACKERNEWS.COM
11 OctOver 17,000 WordPress Sites Compromised by Balada Injector in September 2023More than 17,000 WordPress websites have been compromised in the month of September 2023 with malware known as Balada Injector, nearly twice the number of detections in August. Of these, 9,000 of the websites are said to have been infiltrated using a recently disclosed security f…THEHACKERNEWS.COM
11 Oct KEVU.S. Cybersecurity Agency Warns of Actively Exploited Adobe Acrobat Reader VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-21608 (CVSS score: 7.8), the vulnerabil…THEHACKERNEWS.COM
11 OctCVE-2023-38545: curl SOCKS5 oversized hostname vulnerability. How bad is it?, (Wed, Oct 11th)Last week,&#;x26;#;xc2;&#;x26;#;xa0;Daniel Stenberg announced that he would release a new version of the curl library and command line tool today, fixing a significant vulnerability. Curl is the de-facto standard library to …ISC.SANS.EDU
11 OctHTTP/2 Rapid Reset: deconstructing the record-breaking attacksubmitted by c0mmando to netsec 1 points | 0 comments https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ Starting on Aug 25, 2023, we started to notice some unusually big HTTP attacks hitting many of our customers. These attacks were detected and mitig…CLOUDFLARE.COM
⚠️ VULNERABILITY DISCLOSURE 35[−]
11 OctMicrosoft Releases October 2023 Patches for 103 Flaws, Including 2 Active ExploitsMicrosoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 …THEHACKERNEWS.COM
11 Oct3 Zero-days and 100+ vulnerabilities Fixed in Microsoft Security UpdateMicrosoft has published its October security patches in which over 100 vulnerabilities were fixed in multiple Microsoft products, including Windows 10, Windows 11, Windows Server, Microsoft Office, Skype, and other major Microsoft products. As per the security patch report, 45 Re…GBHACKERS.COM
11 Oct KEVTROOPERS23 - 35 talkssubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/679911fe-085e-484c-9486-d708e3786139.png TROOPERS23 - 35 talks (WINDOWS) HELLO FROM THE OTHER SIDE Dirk-jan Mollema ALL YOUR PARCEL ARE BELONG TO US Dennis Kniel ATTACKING ULTRA-WIDEBAND: SE…INFOSEC.PUB
11 OctBritish Cable Manufacturer Volex Confirms Unauthorized Access to its Systems and DataDespite the breach, Volex's operations remain largely unaffected, and the financial impact is expected to be minimal. The details of the breach, including the method of attack and any ransom demands, remain undisclosed.THEREGISTER.COM
11 OctCode Execution Flaws Patched in Adobe Commerce, PhotoshopAdobe has released patches for multiple security vulnerabilities, including critical flaws in Adobe Commerce and Photoshop that could lead to code execution and privilege escalation.SECURITYWEEK.COM
11 OctCISA Collaborative Weighs in on Open Source Software SecurityThe Joint Cyber Defense Collaborative published a series of recommendations on Tuesday for operational technology vendors and critical infrastructure facilities to promote the secure use of open-source software.NEXTGOV.COM
11 OctNew Magecart Campaign Abuses 404 Page Not Found ErrorA new card skimming campaign discovered by Akamai utilizes 404 error pages on online retailers' websites to hide malicious code and steal customers' credit card information. The stolen data is exfiltrated via seemingly benign image requests, thus evading network monitoring t…CYWARE.COM
11 Oct KEVMicrosoft Releases October 2023 Patches for 103 Flaws, Including Two Active ExploitsThe two actively exploited flaws include information disclosure in Microsoft WordPad and privilege escalation in Skype for Business. Microsoft has also fixed flaws in Microsoft Message Queuing, Layer 2 Tunneling Protocol, and Windows IIS Server.THEHACKERNEWS.COM
11 OctCisco Can’t Stop Using Hard-Coded PasswordsThere’s a new Cisco vulnerability in its Emergency Responder product: This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the …SCHNEIER.COM
11 OctGoogle, Cloudflare, and AWS Reveal Record-Breaking HTTP/2 Rapid Reset DDoS VulnerabilityThreat actors have been exploiting a zero-day vulnerability in the HTTP/2 protocol since August to launch the largest DDoS attacks ever seen, according to several tech infrastructure giants.INFOSECURITY-MAGAZINE.COM
11 OctOrganizations Respond to HTTP/2 Zero-Day Exploited for DDoS AttacksOrganizations respond to HTTP/2 Rapid Reset zero-day vulnerability exploited to launch the largest DDoS attacks seen to date. The post Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
11 OctState-backed hackers are exploiting new ‘critical’ Atlassian zero-day bugMicrosoft says Chinese state-backed hackers are exploiting a “critical”-rated zero-day vulnerability in Atlassian software to break into customer systems. The technology giant’s threat intelligence team said in a post on X, formerly Twitter, that it has observed a nat…TECHCRUNCH.COM
11 Oct[DISINFORMATION ALERT] Israel-Hamas war causes deluge of dis- and misinformationSocial media, and it seems particularly X (former Twitter) seems to drown in an almost instant deluge of disinformation caused by the horrendous Israel-Hamas war that broke out last weekend. Unfortunately this is going to be used for social engineering attacks that your workforce…KNOWBE4.COM
11 OctMicrosoft, American Express most spoofed brands in financial services phishing emailsTechnology giant Microsoft and multinational banking firm American Express are the most spoofed companies in phishing emails targeting financial services. That's according to the 2023 Financial Services Sector Threat Landscape report by Trustwave SpiderLabs, which examines a mult…CSOONLINE.COM
11 OctCrunchyroll Resolves Class Action Lawsuit, Offers Compensation for SubscribersThe lawsuit alleged that Crunchyroll had disclosed subscribers' personal information to third parties without proper consent. Initially denying the allegations, Crunchyroll ultimately chose to settle to avoid expenses and uncertainties.THECYBEREXPRESS.COM
11 OctIsrael-Hamas conflict extends to cyberspaceAmid the ongoing conflict between Israel and Palestine, a new battleground has opened up in cyberspace, with hackers from both sides trying to attack each other's infrastructure, while also dragging supporters of each other into the conflict. "Analysts have noted public instances…CSOONLINE.COM
11 OctFBI and CISA Release Update on AvosLocker AdvisoryToday, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA), #StopRansomware: AvosLocker Ransomware (Update) to disseminate known indicators of compromise (IOCs), tactics, technique…CISA.GOV
11 OctSimpson Manufacturing shuts down IT systems after cyberattackSimpson Manufacturing disclosed via a SEC 8-K filing a cybersecurity incident that has caused disruptions in its operations, which are expected to continue. [...]BLEEPINGCOMPUTER.COM
11 OctCitrix Patches Critical NetScaler ADC, Gateway VulnerabilityCitrix has released patches for a critical information disclosure vulnerability in NetScaler ADC and NetScaler Gateway. The post Citrix Patches Critical NetScaler ADC, Gateway Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
11 OctUS Government Releases Security Guidance for Open Source Software in OT, ICSCISA, FBI, NSA, and US Treasury published new guidance on improving the security of open source software in OT and ICS. The post US Government Releases Security Guidance for Open Source Software in OT, ICS appeared first on SecurityWeek .SECURITYWEEK.COM
11 OctMicrosoft: State hackers exploiting Confluence zero-day since SeptemberMicrosoft says a Chinese-backed threat group tracked as 'Storm-0062' (aka DarkShadow or Oro0lxy) has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023. [...]BLEEPINGCOMPUTER.COM
11 OctA New Threat on the Horizon: The Grayling APT GroupSymantec found a previously unidentified threat actor named Grayling conducting advanced persistent attacks targeting organizations in Taiwan, the Pacific Islands, Vietnam, and the U.S., with a focus on intelligence gathering. Grayling's modus operandi seems to revolve around exp…CYWARE.COM
11 OctMultiple Citrix NetScaler Flaw Leads to DoS Attack and Data ExposureCritical vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway have exposed sensitive information and a denial of service attack. A malicious cyber actor can exploit one of these vulnerabilities to gain control of an affected machine. Citrix has published security upgrade…GBHACKERS.COM
11 OctCritical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at RiskFlaw poses a direct threat to the SOCKS5 proxy handshake process in cURL and can be exploited remotely in some non-standard configurations. The post Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk appeared first on SecurityWeek .SECURITYWEEK.COM
11 OctNews alert: Study finds law firms targeted — ALSO Cloud UK urges them to shore up cyber hygieneEmmen, Switzerland, Oct. 11, 2023 — Recent research by the National Cyber Security Centre (NCSC) has found UK law firms are increasingly appealing targets for cybercriminals interested in stealing and exploiting client data. Hybrid working has been cited as a … (more……LASTWATCHDOG.COM
11 OctChinese APT Group Exploiting Atlassian Zero DayMicrosoft Says Campaign Exploiting Escalation Flaw Began in September A Chinese nation state hacking group is exploiting a zero day flaw in Atlassian's Confluence Data Center and Server products as part a campaign spotted in mid-September, Microsoft researchers say. The company a…DATABREACHTODAY.CO.UK
11 OctIZ1H9 Mirai-Based Botnet Enhances its Arsenal with 13 New ExploitsFortiGuard Labs found that the IZ1H9 Mirai-based DDoS botnet campaign has strengthened its arsenal with 13 exploits for D-Link devices, Netis wireless routers, TOTOLINK routers, Zyxel devices, and others. As the botnet expands its arsenal with new exploit triggers, it underscores…CYWARE.COM
11 OctMirai reloads exploit arsenal before latest expansion drivesubmitted by c0mmando to netsec 2 points | 0 comments https://www.theregister.com/2023/10/10/mirai_reloads_its_exploit_arsenal/ The infamous Mirai botnet was spotted by researchers who say it is spinning up again, this time with an “aggressively updated arsenal of exploits.” It’s…THEREGISTER.COM
11 OctMicrosoft Fixes Three Zero DaysFlaws Addressed In WordPad, Skype for Business, and HTTPS/2 Protocol Microsoft fixed three zero-days under actively exploitation in its patch dump for the month of October: A disclosure flaw in WordPad that can be exploited to obtain hashed passwords, a bug in Skype for Business …DATABREACHTODAY.CO.UK
11 OctOne-click remote code exploit in CD cue files affects most GNOME-based Linux distrosYet another tiny, crucial piece of volunteer software begets a big problem.ARSTECHNICA.COM
11 OctHow the Cybersecurity Industry Is Aiding Israel's War EffortCyber Vendors With Large Israeli Footprint Grapple With Displaced, Deployed Workers Cybersecurity companies across the globe are now preparing for a sizable chunk of their Israel-based workforce to be drafted into the country's military reserves. They've also in recent days taken…DATABREACHTODAY.CO.UK
11 OctVirus Bulletin – building digital armiesSecurity researchers, global organizations, law enforcement and other government agencies need to have the right conversations and test potential scenarios without the pressure of an actual attackWELIVESECURITY.COM
11 OctCD-indexing cue files are the core of a serious Linux remote code exploitYet another tiny, crucial piece of volunteer software begets a big problem.ARSTECHNICA.COM
📋 SECURITY BULLETINS 5[−]
11 OctCyber Security Today, Oct. 11, 2023 - IT administrators warned of serious vulnerabilities in web servers and in cURLThis episode reports on the latest security updates for a wide variety of applicationsCYBERSECURITYTODAY.LIBSYN.COM
11 OctICS Patch Tuesday: Siemens Ruggedcom Devices Affected by Nozomi Component FlawsICS Patch Tuesday: Siemens and Schneider Electric release over a dozen advisories addressing more than 40 vulnerabilities. The post ICS Patch Tuesday: Siemens Ruggedcom Devices Affected by Nozomi Component Flaws appeared first on SecurityWeek .SECURITYWEEK.COM
11 OctWindows 11 21H2 and Windows Server 2012 reach end of supportWindows Server 2012 and multiple editions of Windows 11, version 21H2, have reached the end of support with this month's Patch Tuesday. [...]BLEEPINGCOMPUTER.COM
11 OctPatch Tuesday harvests a bumper crop in OctoberTwo significant vulnerabilities – both extending far beyond Microsoft – make this a crucial month for admins to stay on their gameSOPHOS.COM
11 OctFortinet Releases Security Updates for Multiple ProductsFortinet has released security advisories addressing vulnerabilities in multiple products. These vulnerabilities may allow cyber threat actors to take control of the affected systems. CISA encourages users and administrators to review the following Fortinet security advisories an…CISA.GOV
📢 SECURITY ADVISORIES 7[−]
11 OctTROOPERS23: Hidden Pathways: Exploring the Anatomy of ACL-Based Active Directory Attacks and Building Strong Defensessubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/30f27ad1-b4f5-4cbc-b6db-63c916427a96.png Slides Talk’s webpage Video of the talk Hidden Pathways: Exploring the Anatomy of ACL-Based Active Directory Attacks and Building Strong Defenses We …INFOSEC.PUB
11 OctNew WordPress backdoor creates rogue admin to hijack websitesA new malware has been posing as a legitimate caching plugin to target WordPress sites, allowing threat actors to create an administrator account and control the site's activity. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 15[−]
11 OctAir Europa Breached: Customers’ Credit Card Details ExposedOn Tuesday, Air Europa, a Spanish airline, experienced a security breach where cybercriminals gained unauthorized access to the credit card information of the airline’s customers. Following the attack, the airline took the necessary steps to email the impacted customers and…GBHACKERS.COM
11 OctCredit card information exposed in Air Europa hackCustomers were told to cancel their crediat cards due to the nature of the data exposed in the cyber attackCSHUB.COM
11 OctMcLaren Health Care Facing Three Lawsuits in Ransomware HackMcLaren Health Care is facing three proposed federal class action lawsuits after a Russian ransomware-as-a-service group stole the personal information of 2.5 million patients, alleging negligence in protecting patient privacy.BANKINFOSECURITY.COM
11 OctSeven New Organizations Listed as Victims by PLAY RansomwareThe victims include Hughes Gill Cochrane Tinetti, Saltire Energy, Centek Industries, NachtExpress Austria, WCM Europe, Starr Finley, and an unknown firm. These attacks are part of a wider scheme by the threat actor, targeting major firms globally.THECYBEREXPRESS.COM
11 OctTake an Offensive Approach to Password Security by Continuously Monitoring for Breached PasswordsPasswords are at the core of securing access to an organization's data. However, they also come with security vulnerabilities that stem from their inconvenience. With a growing list of credentials to keep track of, the average end-user can default to shortcuts. Instead of creatin…THEHACKERNEWS.COM
11 Oct10 years in review: Cost of a Data BreachToday, the pace of world change astounds us, and cybersecurity reflects that, unlike any other industry. The data from the last decade tells us an amazing — and sometimes troubling — story. In 2014, the average cost of a data breach was $3.5 million. Today, the averag…SECURITYINTELLIGENCE.COM
11 OctThat day you find you’re suddenly in charge of Facebook’s official UK accountFacebook's official UK account was compromised on Friday evening by a cricket lover, who was seemingly just as surprised as the rest of us...GRAHAMCLULEY.COM
11 OctNorth Korean Hackers Continue to Refine Their Arsenal of Tactics & TechniquesThe Democratic People’s Republic of Korea continues to advance its offensive cyber program, showcasing its unwavering commitment to using cyber attacks for espionage purposes. According to assessments made by Mandiant, the DPRK’s cyber program has exhibited new activi…GBHACKERS.COM
11 OctBoth Pro-Israeli and Pro-Palestinian Hacktivists Have Joined the Fight and are Targeting ICS and SCADA SystemsThe "Five Families" of hacktivist gangs, including ThreatSec, GhostSec, Stormous, Blackforums, and SiegedSec, are collaborating to launch large-scale cyberattacks, causing disruptions and chaos.SECURITYAFFAIRS.COM
11 OctMicrosoft Defender now auto-isolates compromised accountsMicrosoft Defender for Endpoint now uses automatic attack disruption to isolate compromised user accounts and block lateral movement in hands-on-keyboard attacks with the help of a new 'contain user' capability in public preview. [...]BLEEPINGCOMPUTER.COM
11 OctIsrael-Hamas War: Publicity-Seeking Hacktivists Take SidesMany Hack Attack, Data Dump and Website Disruption Claims Are Bogus, Experts Say Self-proclaimed hacktivist groups have been attempting to insert themselves into the narrative surrounding the latest war between Israel and Hamas, claiming to have hacked organizations, leaked stole…DATABREACHTODAY.CO.UK
11 OctSupply Chain, Cloud Compromise Worries Growing in HealthcareCloud compromises and supply chain attacks are overshadowing ransomware as the top cyberthreats worrying healthcare sector organizations - but all such incidents are still viewed as significant risks to patient outcomes and safety, said Ryan Witt of Proofpoint, citing new researc…DATABREACHTODAY.CO.UK
11 OctBianLian extortion group claims recent Air Canada breachThe BianLian extortion group claims to have stolen 210GB of data after breaching the network of Air Canada, the country's largest airline and a founding member of Star Alliance. [...]BLEEPINGCOMPUTER.COM
11 OctMicrosoft Defender for Endpoint now stops human-operated attacks on its ownToday, we're pleased to announce that Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated attacks like ransomware early in the kill chain without needing to deploy any other capabilities. Now, organizations only need to onboard their…MICROSOFT.COM
11 OctAutomatic disruption of human-operated attacks through containment of compromised user accountsUser containment is a unique and innovative defense mechanism that stops human-operated attacks in their tracks. We’ve added user containment to the automatic attack disruption capability in Microsoft Defender for Endpoint. User containment is automatically triggered by high-fide…MICROSOFT.COM
🕵️ THREAT INTELLIGENCE 17[−]
11 OctWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
11 OctISC Stormcast For Wednesday, October 11th, 2023 https://isc.sans.edu/podcastdetail/8696, (Wed, Oct 11th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
11 OctThreat Actors Abusing 404 Pages to Hide Credit Card Stealing MalwareA new web skimming campaign has been discovered, which targets multiple organizations in the food and retail industries. This campaign was unique as it included three advanced concealment techniques. One involved using the 404 error page to hide malicious code, making it difficul…GBHACKERS.COM
11 OctHow I made a heap overflow in curl | daniel.haxx.sesubmitted by redd to cybersecurity 1 points | 0 comments https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/DANIEL.HAXX.SE
11 OctChina-Linked Stayin Alive Campaign Targets Telecom and Government EntitiesSecurity researchers exposed a cyberespionage operation named Stayin Alive, which targets the telecommunications sector and government entities in Kazakhstan, Uzbekistan, Pakistan, and Vietnam. The campaign employs spear-phishing emails and DLL side-loading to deliver archive fil…CYWARE.COM
11 OctNorth Korea's State-Sponsored APTs Organize and AlignCollaboration and information-sharing among North Korean APTs have increased during the COVID-19 pandemic, leading to a more organized and coordinated state-sponsored structure, researchers from Mandiant revealed in a report.DARKREADING.COM
11 OctWireshark Tutorial: Identifying Hosts and Userssubmitted by throws_lemy to cybersecurity 1 points | 0 comments https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/UNIT42.PALOALTONETWORKS.COM
11 OctChrome 118 Patches 20 VulnerabilitiesGoogle has released Chrome 118 to the stable channel with patches for 20 vulnerabilities, including one rated ‘critical severity’. The post Chrome 118 Patches 20 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
11 OctApplying AI to API SecurityWhile there is quite a bit of buzz and hype around AI, it is a technology that can add tremendous value to security programs. The post Applying AI to API Security appeared first on SecurityWeek .SECURITYWEEK.COM
11 OctSecuring the future of Industry 4.0: WALLIX white paper reveals key strategies – get your copy today!Graham Cluley Security News is sponsored this week by the folks at WALLIX. Thanks to the great team there for their support! In the rapidly evolving landscape of Industry 4.0, marked by rapid innovation and unparalleled connectivity, safeguarding your critical assets is non-negot…GRAHAMCLULEY.COM
11 Oct[Cybersecurity Awareness Month] Password Security: Do Not Get Bit by Count HackulaOur login credentials of a username and password are sometimes all that stands between our personal identifiable information and cybercriminals. Count Hackula could be waiting in the shadows to bite on your weak or reused password. Cybersecurity Awareness Month is the perfect tim…KNOWBE4.COM
11 OctCybersecurity Awareness Month: A Year-Round Effort for StatesTwenty years after Congress declared October as Cybersecurity Awareness Month, much changed, but the need for broad collaboration against threats hasn't. The post Cybersecurity Awareness Month: A Year-Round Effort for States appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
11 OctPayment Card Data Stolen in Air Europa HackSpanish airline Air Europa is informing customers that their payment card information has been stolen as a result of a hacker attack. The post Payment Card Data Stolen in Air Europa Hack appeared first on SecurityWeek .SECURITYWEEK.COM
11 Oct KEVKnowBe4 Named a Leader in the Fall 2023 G2 Grid Report for Security Awareness TrainingWe are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence.KNOWBE4.COM
11 OctUnity, Compassion and Business Resilience in IsraelXtra-Mile CEO Shares Firsthand Insights on War Israel-Hamas War, Impact on Business Recent coordinated attacks by Hamas have stunned the Israeli people and business community. Just days after the attacks, Xtra-Mile CEO Sharon Israel shared her firsthand account of the war's impac…DATABREACHTODAY.CO.UK
11 OctPentera CEO on How Firms Should Respond to Attack on IsraelPentera Only Wants to Work With Clients Who Support Israel's Right to Self-defense Pentera escaped the attacks on Israel with no injuries among its 180 local employees, and now 20 workers have been called up to serve in infantry or intelligence units. The automated security valid…DATABREACHTODAY.CO.UK
11 OctVietnam Accused of Using Predator to Spy on EU, US LawmakersSocial Media Account Used to Spread Links to Commercial Spyware Malware Amnesty International says the Vietnamese government is likely behind a wave of attempted Predator spyware infections against targets including members of the U.S. Congress and European officials. Central to …DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 1[−]
11 OctCybersecurity Pros Predict Rise of Malicious AIA recent survey conducted by Enea reveals that 76% of cybersecurity professionals believe that malicious AI, capable of bypassing most cybersecurity measures, is a looming threat.HELPNETSECURITY.COM
🎙️ PODCASTS 1[−]
11 OctSmashing Security podcast #343: Four-legged girlfriends, LoveGPT, and a military intelligence failureDream girlfriends, AI love scams, and an alleged spy who is said to have made a series of blunders. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by …GRAHAMCLULEY.COM
📡 INFOSEC NEWS 16[−]
11 OctKaspersky proposes six principles of ethical use of AI | Kaspersky official blogKaspersky calls for ethical use of Artificial Intelligence (AI) in cybersecurity based on six principlesKASPERSKY.COM
11 OctUK Opposition Leader Targeted by AI-Generated Fake Audio SmearAn audio clip of UK opposition leader Keir Starmer verbally abusing his staff, which gained significant traction on social media, has been debunked as AI-generated by private-sector and government analysis.THERECORD.MEDIA
11 OctGoogle Steps Up Its Push to Kill the PasswordGoogle is making passkeys the default login setting for users, aiming to replace passwords and enhance security. Passkeys reduce the risk of phishing attacks and offer a more secure alternative to traditional passwords.WIRED.COM
11 OctSophos Interns Share Experiences To Mark International Day of the GirlA range of events and activities are happening across Sophos to encourage girls to consider and explore a career in tech.SOPHOS.COM
11 OctOld-School Attacks are Still a Danger, Despite Newer TechniquesAutomation and AI are being used by cybercriminals to enhance the speed and effectiveness of attacks, particularly in areas like money laundering and credential stuffing.DARKREADING.COM
11 OctLinkedIn Smart Links attacks return to target Microsoft accountsHackers are once again abusing LinkedIn Smart Links in phishing attacks to bypass protection measures and evade detection in attempts to steal Microsoft account credentials. [...]BLEEPINGCOMPUTER.COM
11 OctGenerative AI Security: Preventing Microsoft Copilot Data ExposureMicrosoft Copilot introduces potential privacy risks as it can have full access to your organization's documents, email, contacts, chats, and calendar. Learn more from Varonis about Microsoft Copilot's security model works and the privacy risks associated with using it. [...]BLEEPINGCOMPUTER.COM
11 OctChrome 118 Patches 20 VulnerabilitiesGoogle has released Chrome 118 with fixes for 20 vulnerabilities, including a critical bug in Site Isolation that could allow for sandbox escape and arbitrary code execution.SECURITYWEEK.COM
11 OctTikTok Chief Summoned by EU Lawmakers for Privacy ProbeThe letter from the lawmakers follows a recent fine of 345 million euros (~$366 million) imposed on TikTok by the Irish Data Protection Commissioner for failing to adequately protect children's privacy.BANKINFOSECURITY.COM
11 OctExchange Online mail delivery issues caused by anti-spam rulesMicrosoft is investigating Exchange Online mail delivery issues causing "Server busy" errors and delays when receiving emails from outside organizations. [...]BLEEPINGCOMPUTER.COM
11 OctSEC is investigating MOVEit mass-hack, says Progress SoftwareU.S. securities regulators have opened a probe into the MOVEit mass-hack that has exposed the personal data of at least 64 million people, according to the company that made the affected software. In a regulatory filing this week, Progress Software confirmed it had received a sub…TECHCRUNCH.COM
11 OctYepic fail: This startup promised not to make deepfakes without consent, but did anywayU.K.-based startup Yepic AI claims to use “deepfakes for good” and promises to “never reenact someone without their consent.” But the company did exactly what it claimed it never would. In an unsolicited email pitch to a TechCrunch reporter, a representati…TECHCRUNCH.COM
11 Oct6 steps to getting the board on board with your cybersecurity programHow CISOs and their peers can better engage with boards to get long-term buy-in for strategic initiativesWELIVESECURITY.COM