🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
20 Oct KEVCisco discloses new IOS XE zero-day exploited to deploy malware implantCisco disclosed a new high-severity zero-day (CVE-2023-20273) today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. [...]BLEEPINGCOMPUTER.COM
20 OctCISA Releases Guidance for Addressing Cisco IOS XE Web UI VulnerabilitiesToday, CISA, in response to active, widespread exploitation, released guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273 , affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). An unauthenticated remote actor could e…CISA.GOV
20 OctCVE-2023-36409 Microsoft Edge (Chromium-based) Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
20 OctCVE-2023-38545 MITRE: CVE-2023-38545 SOCKS5 heap buffer overflowUpdated FAQ #4 information. This is an informational change only.MSRC.MICROSOFT.COM
20 OctCVE-2023-38039 Hackerone: CVE-2023-38039 HTTP headers eat all memoryUpdated FAQ #4 and corrected one or more links in the FAQs. These are informational changes only.MSRC.MICROSOFT.COM
20 OctOver 40,000 Cisco devices exploited with the latest zero-day vulnerabilityCisco's recently disclosed Web UI-based critical zero-day has been confirmed to have more than 40,000 infected hosts, with over a fourth in the US alone. Closely tracking Cisco's Web UI privilege escalation vulnerability (dubbed CVE-2023-20198), cybersecurity research firm Censys…CSOONLINE.COM
20 OctNorth Korean Hackers Exploiting TeamCity Flaw to Compromise Organizations NetworkMicrosoft has detected two North Korean nation-state threat actors, Diamond Sleet and Onyx Sleet, exploiting CVE-2023-42793. This vulnerability allows remote code execution on various JetBrains TeamCity server versions widely used for DevOps and software development activities. D…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 8[−]
20 OctRagnar Locker ransomware developer arrested in FranceLaw enforcement agencies arrested a malware developer linked with the Ragnar Locker ransomware gang and seized the group's dark web sites in a joint international operation. [...]BLEEPINGCOMPUTER.COM
20 OctCritical RCE flaws found in SolarWinds access audit solutionSecurity researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges. [...]BLEEPINGCOMPUTER.COM
20 OctExploited SSH Servers Offered in the Dark web as Proxy PoolsResearchers at Aqua Nautilus have uncovered a threat to SSH in cloud environments. Attackers are using SSH tunneling to exploit SSH servers and gain access to organizations' networks.AQUASEC.COM
20 OctAlmost 42,000 Cisco IOS XE Devices Exploited, No Patch AvailableSecurity researchers have discovered tens of thousands of exploited devices with a backdoor installed due to a critical zero-day vulnerability in Cisco IOS XE software's web user interface.CYBERSECURITYDIVE.COM
20 OctTampered OpenCart Authentication Aids Credit Card Skimming AttackUsing outdated software is the main reason for website compromise. In one case, an e-commerce store running on an old version of OpenCart led to credit card theft and fraud.SUCURI.NET
20 OctAuthorities Seize Control of RagnarLocker Ransomware Dark Web SiteThe RagnarLocker ransomware group’s dark web leak site has been seized in a coordinated law enforcement operation. The post Authorities Seize Control of RagnarLocker Ransomware Dark Web Site appeared first on SecurityWeek .SECURITYWEEK.COM
20 OctExelaStealer: A New Low-Cost Cybercrime Weapon EmergesA new information stealer named ExelaStealer has become the latest entrant to an already crowded landscape filled with various off-the-shelf malware designed to capture sensitive data from compromised Windows systems. "ExelaStealer is a largely open-source infostealer with paid c…THEHACKERNEWS.COM
20 OctCISA Releases Fact Sheet on Effort to Revise the National Cyber Incident Response Plan (NCIRP)Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet on the effort to revise the National Cyber Incident Response Plan (NCIRP) . Through the Joint Cyber Defense Collaborative (JCDC), CISA will work to ensure that the updated NCIRP addresses sig…CISA.GOV
📢 SECURITY ADVISORIES 5[−]
20 OctCISA, NSA, FBI, MS-ISAC Publish Guide on Preventing Phishing IntrusionsThe guide categorizes phishing into two common tactics: obtaining login credentials and deploying malware, and provides details on techniques used by malicious actors, such as impersonation and spoofing, to carry out these attacks.CISA.GOV
20 OctCISA Launches New Phase of Secure by Design to Push Global Industry on Software SecurityCISA plans to issue a request for information to address Secure by Design engineering and is urging software manufacturers to demonstrate evidence of security incorporation through artifacts.CYBERSECURITYDIVE.COM
20 OctBiden Administration Seeks $105 Billion In National Security Package That Includes Aid To Ukraine And IsraelPACKETSTORMSECURITY.COM
20 OctSpearphishing targets in Latin America – Week in security with Tony AnscombeESET's analysis of cybercrime campaigns in Latin America reveals a notable shift from opportunistic crimeware to more complex threats, including those targeting enterprises and governmentsWELIVESECURITY.COM
🔥 INCIDENT REPORTING 14[−]
20 OctIOTW: 23andMe hacker releases genetic data profiles of 4.1 million victims23andMe is reviewing the leaked data to determine if it is legitimateCSHUB.COM
20 OctSecuring AI, SingTel sells Trustwave, Yubico IPO, Healthcare attacks & CISO Tenure - ESW #336This week, in the enterprise security news, 1. AI dominates new funding rounds (I’m shocked. This is my shocked face.) 2. The buyer’s market continues, with lots of small acquisitions 3. SingTel sells off Trustwave at a significant loss 4. Yubico goes public (actually, a month ag…YOUTUBE.COM
20 OctCyber Security Today, Oct. 20, 2023 - Free anti-phishing guidance, ransomware gang sunk for not patching Confluence servers, and moreThis episode reports on what could be a fatal mistake for a ransomware gangCYBERSECURITYTODAY.LIBSYN.COM
20 OctOkta says its support system was breached using stolen credentialsOkta says attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials. [...]BLEEPINGCOMPUTER.COM
20 OctKwik Trip finally confirms cyberattack was behind ongoing outageTwo weeks into an ongoing IT outage, Kwik Trip finally confirmed that it's investigating a cyberattack impacting the convenience store chain's internal network since October 9. [...]BLEEPINGCOMPUTER.COM
20 OctViking Line in Crisis as Cyberattack Paralyzes Shipping Industry Across EuropeThe Viking Line cyberattack, believed to be a DDoS attack, caused major disruptions to shipping company websites and emphasizes the urgent need for robust cybersecurity measures in the industry.THECYBEREXPRESS.COM
20 OctPlay Ransomware Threatens to Reveal Stolen Data From Associated Wholesale GrocersThe Play ransomware group has threatened Associated Wholesale Grocers (AWG) with a cyberattack, stating their intention to release sensitive data stolen from the firm on October 22, 2023.THECYBEREXPRESS.COM
20 OctOkta Support System Hacked, Sensitive Customer Data StolenOkta warns that hackers broke into its support case management system and stole sensitive data that can be used to impersonate valid users. The post Okta Support System Hacked, Sensitive Customer Data Stolen appeared first on SecurityWeek .SECURITYWEEK.COM
20 OctIn Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel HijackSummary of notable cybersecurity news stories that may be top headlines, but are important for the week of October 16, 2023. The post In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack appeared first on SecurityWeek .SECURITYWEEK.COM
20 OctIranian Hackers Lurked for 8 Months in Government NetworkIran-linked hacking group Crambus spent eight months inside a compromised network of a Middle Eastern government, Broadcom’s Symantec cybersecurity unit reports. The post Iranian Hackers Lurked for 8 Months in Government Network appeared first on SecurityWeek .SECURITYWEEK.COM
20 OctHackers Stole Access Tokens from Okta’s Support UnitOkta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a "very sm…KREBSONSECURITY.COM
20 OctInternational Criminal Court says cyberattack was attempted espionageThe International Criminal Court (ICC), the world’s only permanent international court with a mandate to investigate and prosecute genocide, crimes against humanity and war crimes, has determined that a September cyberattack against its systems was attempted espionage. The court,…TECHCRUNCH.COM
20 OctSphero - 832,255 breached accountsIn September 2023, over 1M rows of data from the educational robots company Sphero was posted to a popular hacking forum . The data contained 832k unique email addresses alongside names, usernames, dates of birth and geographic locations.HAVEIBEENPWNED.COM
20 OctMGM Resorts Cybersecurity Issue: A Review of Potential Vulnerabilities in the Hospitality IndustryThe hospitality industry is increasingly under the microscope due to rising cybersecurity concerns. The MGM Resorts data breach in 2023 stands as a stark illustration of the significant risks faced by the sector. This episode highlighted the vulnerabilities of the hospitality ind…GBHACKERS.COM
🕵️ THREAT INTELLIGENCE 18[−]
20 OctProtobuf Magic: Burp Extension for Deserializing Protobuf Without .proto Filessubmitted by L4s to secops 1 points | 0 comments https://github.com/DeiteriyLab/protobuf-magic Protobuf Magic: Burp Extension for Deserializing Protobuf Without .proto Files::Contribute to DeiteriyLab/protobuf-magic development by creating an account on GitHub.GITHUB.COM
20 OctISC Stormcast For Friday, October 20th, 2023 https://isc.sans.edu/podcastdetail/8710, (Fri, Oct 20th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
20 OctFriday Squid Blogging: Why There Are No Giant Squid in AquariumsThey’re too big and we can’t recreate their habitat. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here .SCHNEIER.COM
20 OctAI and US Election RulesIf an AI breaks the rules for you, does that count as breaking the rules? This is the essential question being taken up by the Federal Election Commission this month, and public input is needed to curtail the potential for AI to take US campaigns (even more) off the rails. At iss…SCHNEIER.COM
20 OctFake Corsair job offers on LinkedIn push DarkGate malwareA threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair to lure people into downloading info-stealing malware like DarkGate and RedLine. [...]BLEEPINGCOMPUTER.COM
20 OctPhilippine Military Ordered to Stop Using Artificial Intelligence Apps Due to Security RisksThe Philippine defense chief ordered the 163,000-member military to stop using applications that harness AI to generate personal portraits, saying they could pose security risks. The post Philippine Military Ordered to Stop Using Artificial Intelligence Apps Due to Security Risks…SECURITYWEEK.COM
20 OctFraud Detection Firm Spec Raises $15 MillionSilicon Valley fraud detection startup attracts $15 million in new financing from SignalFire, Legion Capital and Rally Ventures. The post Fraud Detection Firm Spec Raises $15 Million appeared first on SecurityWeek .SECURITYWEEK.COM
20 OctWeekly Update 370Presently sponsored by: Got Linux? (And Mac and Windows and iOS and Android?) Then Kolide has the device trust solution for you. Click here to watch the demo. I did it again - I tweeted about Twitter doing something I thought was useful and the hordes did descend on Twitter to tw…TROYHUNT.COM
20 OctVietnamese Hackers Target U.K., U.S., and India with DarkGate MalwareAttacks leveraging the DarkGate commodity malware targeting entities in the U.K., the U.S., and India have been linked to Vietnamese actors associated with the use of the infamous Ducktail stealer. "The overlap of tools and campaigns is very likely due to the effects of a cybercr…THEHACKERNEWS.COM
20 OctU.S. DoJ Cracks Down on North Korean IT Scammers Defrauding Global BusinessesThe U.S. government has announced the seizure of 17 website domains used by North Korean information technology (IT) workers as part of an illicit scheme to defraud businesses across the world, evade sanctions, and fund the country's ballistic missile program. The Department of J…THEHACKERNEWS.COM
20 OctQR Code Phishing on the Rise: The Alarming Findings From the Hoxhunt ChallengeAs the digital landscape continues to evolve, so do the tactics of cybercriminals. The Hoxhunt Challenge , a comprehensive study conducted across 38 organizations spanning nine industries and 125 countries, has uncovered a disconcerting trend in the world of QR code phishing atta…KNOWBE4.COM
20 OctNews alert: AI-powered web scrapers from Oxylabs are breaking new ground in fraud detectionVilnius, Lithuania, Oct. 20, 2023 — The UN Office on Drugs and Crime estimates that 5% of global GDP (£1.6 trillion) is laundered yearly , with increasing volumes of online data and the digitization of the economy making fraudsters more … (more…)LASTWATCHDOG.COM
20 OctSkynet, India, North Korea, China, passwords, KeePass, Cisco, AI, Aaran Leyland, More - SWN #335Skynet, India, North Korea, China, passwords, KeePass, Cisco, AI, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-335YOUTUBE.COM
20 OctOFFZONE 2023 MOSCOW - 103 videos - mostly RUSSIANsubmitted by ashar to security_cpe 0 points | 0 comments https://infosec.pub/pictrs/image/2cccdbb1-0991-4507-a4aa-37d3ea434c25.png OFFZONE is always a packed agenda with plenty of entertainment and educational activities, as well as a powerful community. The event brings together…INFOSEC.PUB
20 OctRunAsRadio Show #901 - Security Chaos Engineering with Kelly Shortridge - 36 minutessubmitted by ashar to security_cpe 3 points | 0 comments https://infosec.pub/pictrs/image/224141ac-4caf-4489-98b7-ab1caa7ee109.png RunAsRadio Show #901 About Show #901 Ready to inject a little chaos into your systems? Richard talks to Kelly Shortridge about her book Security Chao…INFOSEC.PUB
20 OctWhat are some netsec projects one can do to learn ?submitted by gunpachi to netsec 4 points | 1 commentsLINKS.HACKLIBERTY.ORG
20 OctIndian Authorities Crackdown Microsoft and Amazon tech support scammersTechnical support fraud, also called tech and customer support fraud, is when someone pretends to be technical or customer support to trick people into giving them money. Criminals may offer help to fix problems like updating the computer Antivirus or the need to update a softwar…GBHACKERS.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
20 OctVietnamese Hackers Hit Digital Marketers With Info-stealer MalwareVietnamese cybercrime groups are targeting the digital marketing sectors in the United Kingdom, United States, and India with various malware strains, including the DarkGate information stealer.HEALTHCAREINFOSECURITY.COM
20 OctSMBs Seek Help as Cyber Threats Reach an All-Time HighCultivating a strong cybersecurity culture and empowering employees to make informed security decisions is crucial for SMBs to protect themselves and gain customer trust.HELPNETSECURITY.COM
20 OctMalvertisers Using Google Ads to Target Users Searching for Popular SoftwareDetails have emerged about a malvertising campaign that leverages Google Ads to direct users searching for popular software to fictitious landing pages and distribute next-stage payloads. Malwarebytes, which discovered the activity, said it's "unique in its way to fingerprint use…THEHACKERNEWS.COM
20 OctTransatlantic Cable podcast, episode 320 | Kaspersky official blogEpisode 320 of the Kaspersky podcast dives into X, scammers, Android malware, Elon Musk (again) Cisco and much more!KASPERSKY.COM
📡 INFOSEC NEWS 10[−]
20 OctCyber Security Today, Week in Review for the week ending Friday, Oct. 20, 2023It's early but already experts are making cybersecurity predictions for 2024. We take a look at four of themCYBERSECURITYTODAY.LIBSYN.COM
20 OctIndia Targets Microsoft, Amazon Tech Support Scammers in Nationwide CrackdownIndia's Central Bureau of Investigation (CBI) conducted raids at 76 locations across the country as part of Operation Chakra-II, targeting cybercrime operations involved in tech support scams and cryptocurrency fraud.BLEEPINGCOMPUTER.COM
20 OctSpec Secures $15M Series A Funding, Accelerating Innovation in Fraud DefenseCybersecurity firm Spec has successfully closed a $15M Series A funding round led by SignalFire, with participation from Legion Capital and Rally Ventures, enabling the company to advance its platform and expand its threat labs.DARKREADING.COM
20 OctUnleashing the Power of the Internet of Things and Cyber SecurityDue to the rapid evolution of technology, the Internet of Things (IoT) is changing the way business is conducted around the world. This advancement and the power of the IoT have been nothing short of transformational in making data-driven decisions, accelerating efficiencies, and…THEHACKERNEWS.COM
20 OctVMware Releases Security Patches for Fusion, Workstation and Aria Operations for Logs, (Fri, Oct 20th)VMware released advisories VMSA-2023-0021 and VMSA-2023-0022 that have been rated as important. They are as follows:
ISC.SANS.EDU
20 OctOkta says hackers stole customer access tokens from support unitIdentity and access giant Okta said a hacker broke into its customer support ticket system and stole sensitive files that can be used to break into the networks of Okta’s customers. Okta chief security officer David Bradbury said in a blog post Friday that a hacker used a s…TECHCRUNCH.COM
20 OctAttacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G CoresIn the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane.TRENDMICRO.COM
20 OctWhy you shouldn’t scan QR codes in emails | Kaspersky official blogBe wary of QR codes in emails — they’re likely email phishing.KASPERSKY.COM