🚨 CISA KEV 2[−]
23 Oct KEVCISA Updates Guidance for Addressing Cisco IOS XE Web UI VulnerabilitiesToday, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273 , affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). The guidance now notes that Cisco has fixed these vulnerabilities for the 17.9 Cisco …CISA.GOV
23 Oct KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-20273 Cisco IOS XE Web UI Unspecified Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and p…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
23 OctCisco patches IOS XE zero-days used to hack over 50,000 devicesCisco has addressed the two vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. [...]BLEEPINGCOMPUTER.COM
23 OctVulnerability in Confluence Data Center and Confluence Server | Kaspersky official blogA vulnerability — CVE-2023-22515 — in Atlassian Confluence Data Center and Confluence Server allows administrator accounts to be created without authentication.KASPERSKY.COM
23 OctCitrix warns admins to patch NetScaler CVE-2023-4966 bug immediatelyCitrix warned admins today to secure all NetScaler ADC and Gateway appliances immediately against ongoing attacks exploiting the CVE-2023-4966 vulnerability. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 28[−]
23 OctEuropol: ‘Key Target’ in Ragnar Locker Ransomware Operation Arrested in ParisLaw enforcement agencies from 11 countries collaborated to arrest a key member of the Ragnar Locker ransomware group, leading to the takedown of their infrastructure and data leak website.THERECORD.MEDIA
23 OctUpdate: War Crimes Tribunal Says September Cyberattack was an Act of EspionageThe attack is seen as an attempt to undermine the Court's mandate. Dutch law enforcement authorities are currently investigating the incident, but it is unclear if any information was stolen.THERECORD.MEDIA
23 OctHow to ask the board and C-suite for security fundingRecent guidance published by the National Association of Corporate Directors (NACD) and the Internet Security Alliance instructs board members to drive "a culture of corporate cyber responsibility" by empowering CISOs with the influence and resources they need to drive decisions …CSOONLINE.COM
23 OctHacking against humanity: Are Red Cross cyber rules credible?Civilian hacking in conflict is on the rise . Recent non-state cyber activity surrounding the Ukraine and Israel conflicts has contributed to destabilizing both situations and enhanced risk of harm to civilian populations. A recent set of notional rules for non-state hacker behav…CSOONLINE.COM
23 OctChild Exploitation and the Crypto WarsSusan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation (CSAE). She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption i…SCHNEIER.COM
23 OctBusiness Resilience Becomes Primary Force Behind Cybersecurity InvestmentsAccording to a report by cybersecurity company Nixu, over 80% of organizations in northern Europe prioritize business resilience as the main driver for their cybersecurity investments.HELPNETSECURITY.COM
23 OctQuasar RAT Employs DLL Sideloading to Stay Under the RadarQuasar RAT, an open-source remote access trojan also known as CinaRAT or Yggdrasil, has been spotted leveraging a new Microsoft file as part of its DLL sideloading process to stealthily drop malicious payloads on compromised Windows systems. Once the Quasar RAT payload is execute…CYWARE.COM
23 OctQNAP takes down server behind widespread brute-force attacksQNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS (network-attached storage) devices with weak passwords. [...]BLEEPINGCOMPUTER.COM
23 OctCisco Finds Second Zero-Day As Number Of Hacked Devices Apparently DropsPACKETSTORMSECURITY.COM
23 OctFrom Copacabana to Barcelona: The Cross-Continental Threat of Brazilian Banking MalwareProofpoint researchers have discovered a new version of the Grandoreiro malware that is targeting victims in both Mexico and Spain. This is unusual as the malware has historically only targeted Portuguese and Spanish speakers in Brazil and Mexico.PROOFPOINT.COM
23 OctQNAP Takes Down Server Behind Widespread Brute-Force AttacksQNAP urges customers to implement security measures such as changing default access port numbers, using strong passwords, and updating firmware to protect against future attacks.BLEEPINGCOMPUTER.COM
23 Oct3 ways to enable cyber resilience in education in 2023 and beyondThose of us with the privilege to work in education have an opportunity to shape the next generation to be more cyberaware and make our digital world a safer place. It's an obligation we must all take seriously. The threat environment is becoming more perilous, particularly with …CSOONLINE.COM
23 OctCount of Hacked Cisco IOS XE Devices Unexpectedly PlummetsFrom 60,000 to 1,200: Researchers Warn Attackers May Have Disguised Infections Security researchers are warning that the number of apparently backdoored Cisco IOS XE Devices has suddenly plunged from to 36,541 to about 1,200. While the cause of the decline isn't clear, one concer…DATABREACHTODAY.CO.UK
23 OctThreat Actor Found Selling Access to Facebook and Instagram’s Police PortalResearchers suspect that Meta was either tricked into providing access to the threat actor or the threat actor obtained credentials for a legitimate law enforcement account.SECURITYAFFAIRS.COM
23 OctCISA Releases New Resource to Help Small and Medium-Sized Businesses Develop Supply Chain Resilience PlansCISA.GOV
23 OctWho's Experimenting with AI Tools in Your Organization?With the record-setting growth of consumer-focused AI productivity tools like ChatGPT, artificial intelligence—formerly the realm of data science and engineering teams—has become a resource available to every employee. From a productivity perspective, that’s fantastic. Unfortunat…THEHACKERNEWS.COM
23 OctDoNot Team's New Firebird Backdoor Hits Pakistan and AfghanistanThe threat actor known as DoNot Team has been linked to the use of a novel .NET-based backdoor called Firebird targeting a handful of victims in Pakistan and Afghanistan. Cybersecurity company Kaspersky, which disclosed the findings in its APT trends report Q3 2023, said the atta…THEHACKERNEWS.COM
23 OctQuasar RAT Leverages DLL Side-Loading to Fly Under the RadarThe open-source remote access trojan known as Quasar RAT has been observed leveraging DLL side-loading to fly under the radar and stealthily siphon data from compromised Windows hosts. "This technique capitalizes on the inherent trust these files command within the Windows enviro…THEHACKERNEWS.COM
23 OctSolarWinds Patches High-Severity Flaws in Access Rights ManagerSolarWinds patches high-severity flaws in its Access Rights Manager product, including three unauthenticated remote code execution issues. The post SolarWinds Patches High-Severity Flaws in Access Rights Manager appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctCisco Finds Second Zero-Day as Number of Hacked Devices Apparently DropsCisco has found a second zero-day vulnerability that has been exploited in recent attacks as the number of hacked devices has started dropping. The post Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctThis Cybersecurity Awareness Month, the focus is on educationThis October marks the 20th annual Cybersecurity Awareness Month . While it was initially founded as a national movement in the US, Cybersecurity Awareness Month has since grown into a global initiative. And for good reason. Today's cybersecurity market is suffering from a skills…CSOONLINE.COM
23 OctUkraine security services involved in hack of Russia’s largest private banksubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/sbu-involved-in-alfa-bank-hack Ukrainian hackers collaborated with the country’s security services, the SBU, to breach Russia’s largest private bank, a source within the department confirmed to Recorded…THERECORD.MEDIA
23 OctEncrypted traffic interception on Hetzner and Linode targeting the largest Russian XMPP (Jabber) messaging servicesubmitted by c0mmando to netsec 1 points | 0 comments https://notes.valdikss.org.ru/jabber.ru-mitm/ Security researchers have discovered what they believe may be a government attempt to covertly wiretap an instant messaging service in Germany — an attempt that was blown because t…NOTES.VALDIKSS.ORG.RU
23 OctIndian Federal Police Raid Tech Scam CentersAmazon, Microsoft Say Scammers Duped Thousands of Victims India federal law enforcement busted tech scam fraud rings operating in locations across the subcontinent after Microsoft and Amazon shared intelligence with the Central Bureau of Investigation. Scammers allegedly operated…DATABREACHTODAY.CO.UK
23 OctHamas’ online infrastructure reveals ties to Iran, researchers sayAn application disseminated by Hamas via the private messaging app Telegram clued security investigators in to a crossover between the militant Palestinian group and cyber infrastructure linked to Iran, as well as links to a known hacker group. According to a report from cybersec…CSOONLINE.COM
23 OctOkta support system breach highlights need for strong MFA policiesAttackers managed to breach identity and access management company Okta’s support system using stolen credentials and extracted valid customer session tokens from uploaded support files, according to a report by the firm. The strong multifactor authentication (MFA) policies enfor…CSOONLINE.COM
23 OctFeds Issue HIPAA Guidance on Employee Sanctions, TelehealthHHS OCR Guides Spotlight Sanctions for Insiders; Telehealth Privacy, Security Risks Federal regulators issued new guidance materials for HIPAA-regulated entities, including a document stressing the importance of sanction policies for workforce members who violate HIPAA, plus two …DATABREACHTODAY.CO.UK
23 OctNews | VSCode Vulnerabilities - PSW8046:00pm ET - Security News 8:00pm ET - Thomas Chauchefoin & Paul Gerste This week, we start things off with the security news for the week. Then we air a pre-recorded interview with Thomas Chauchefoin, Staff Vulnerability Researcher & Paul Gerste, Staff Vulnerability Researcher at…YOUTUBE.COM
📋 SECURITY BULLETINS 1[−]
23 OctCyber Security Today, Oct. 23, 2023 - Okta's support system hacked, and examples to use for cyber awareness trainingThis episode reports on the latest security updates from Cisco, SolarWinds and Siemens, and tricks hackers use to pass on to employees in awareness trainingCYBERSECURITYTODAY.LIBSYN.COM
📢 SECURITY ADVISORIES 7[−]
23 OctHarmonic Lands $7M Funding to Secure Generative AI DeploymentsThe company aims to provide businesses with a comprehensive understanding of AI adoption within their enterprises, offering risk assessments for all AI applications and identifying compliance, security, and privacy issues.SECURITYWEEK.COM
23 OctDoNot Team's New Firebird Backdoor Hits Pakistan and AfghanistanResearchers have linked DoNot Team, a threat actor believed to be of Indian origin, to a .NET-based backdoor called Firebird. The backdoor has been used to target victims in Pakistan and Afghanistan.THEHACKERNEWS.COM
23 OctCybersecurity: Business Priority, More Than Mere Compliance, and SEC Filings - BSW #325In the leadership and communications section, Cybersecurity should be a business priority for CEOs, What CISOs Should Exclude From SEC Cybersecurity Filings, Effective Communication: The Key to Workplace Success, and more! Visit https://www.securityweekly.com/bsw for all the late…YOUTUBE.COM
🔥 INCIDENT REPORTING 15[−]
23 OctCity of Philadelphia discloses data breach after five monthsThe City of Philadelphia is investigating a data breach after attackers "may have gained access" to City email accounts containing personal and protected health information five months ago, in May. [...]BLEEPINGCOMPUTER.COM
23 OctD.C. Board of Elections: Hackers may have breached entire voter rollThe District of Columbia Board of Elections (DCBOE) says that a threat actor who breached a web server operated by the DataNet Systems hosting provider in early October may have obtained access to the personal information of all registered voters. [...]BLEEPINGCOMPUTER.COM
23 OctUpdate: Number of Hacked Cisco IOS XE Devices Plummets From 50K to HundredsIt is speculated that the threat actors behind the attacks may be deploying an update to hide their presence, or a grey-hat hacker could be rebooting the devices to clear the implant.BLEEPINGCOMPUTER.COM
23 OctOkta Says Hackers Breached its Support System and Viewed Customer FilesHackers gained access to Okta's customer support management system, allowing them to view private customer information, including sensitive data such as cookies and session tokens.ARSTECHNICA.COM
23 OctCasio Hacked: Customers’ Personal Details ExposedCasio Computer Co., Ltd. has apologized for a data leak due to unauthorized server access. The server contained the personal information of customers who registered for its educational web service, “ClassPad[.]net.” The leak affected customers both in Japan and abroad…GBHACKERS.COM
23 OctCasio data breach involves customers in 149 countriessubmitted by throws_lemy to cybersecurity 15 points | 6 comments https://www.theregister.com/2023/10/19/casio_data_theftTHEREGISTER.COM
23 OctAmerican Family Insurance Confirms Cyberattack is Behind IT System OutagesThe cyberattack caused outages in the company's phone service, building connectivity, and online services, impacting customers' ability to pay bills and file claims online.BLEEPINGCOMPUTER.COM
23 OctDC Voter Data Breach May Have Exposed Personal InformationThe personal information of D.C. voters, including partial Social Security numbers and driver's license numbers, may have been exposed in a data breach affecting the Board of Elections' voter roll.NBCWASHINGTON.COM
23 OctCity of Philadelphia Discloses Data Breach After Five MonthsA potential data breach in Philadelphia's email system may have exposed protected health information, including names, addresses, birth dates, Social Security numbers, medical information, and some financial information.BLEEPINGCOMPUTER.COM
23 OctOkta Support System Hacked, Users Sensitive Data ExposedThe US-based software firm Okta has discovered malicious activity using a stolen credential to access Okta’s support case management system. An attacker was able to view sensitive files uploaded by Okta customers. According to the company’s public statement, the Auth0…GBHACKERS.COM
23 OctUS energy firm shares how Akira ransomware hacked its systemsIn a rare display of transparency, US energy services firm BHI Energy details how the Akira ransomware operation breached their networks and stole the data during the attack. [...]BLEEPINGCOMPUTER.COM
23 OctDC Board of Elections Says Full Voter Roll Compromised in Data BreachThe District of Columbia Board of Elections says full voter roll compromised in a recent data breach at hosting provider DataNet. The post DC Board of Elections Says Full Voter Roll Compromised in Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctUniversity of Michigan employee, student data stolen in cyberattackThe University of Michigan says in a statement today that they suffered a data breach after hackers broke into its network in August and accessed systems with information belonging to students, applicants, alumni, donors, employees, patients, and research study participants. [...…BLEEPINGCOMPUTER.COM
23 OctSpanish Police Dismantle Cybercrime RingPolice Arrested 34 Members of the Group That Defrauded 3 Million Euros Spanish police arrested 34 members of a cybercrime group that used phishing and other tactics to extort nearly 3 million euros from victims. The group is believed to have stolen data of more than 4 million ban…DATABREACHTODAY.CO.UK
23 Oct1Password discloses security incident linked to Okta breach1Password, a popular password management platform used by over 100,000 businesses, suffered a security breach after hackers gained access to its Okta ID management tenant. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 24[−]
23 OctISC Stormcast For Monday, October 23rd, 2023 https://isc.sans.edu/podcastdetail/8712, (Mon, Oct 23rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
23 OctVietnamese Hackers Hit Digital Marketers With Info Stealerssubmitted by throws_lemy to cybersecurity 6 points | 0 comments https://www.healthcareinfosecurity.com/vietnamese-hackers-hit-digital-marketers-infostealers-a-23360HEALTHCAREINFOSECURITY.COM
23 OctCrambus: New Campaign Targets Middle Eastern Governmentsubmitted by throws_lemy to cybersecurity 13 points | 1 comments https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/crambus-middle-east-governmentSYMANTEC-ENTERPRISE-BLOGS.SECURITY.COM
23 OctMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
23 OctThe DarkGate Menace: Tracing the Vietnamese ConnectionA recent report from WithSecure has highlighted a surge in DarkGate malware infection attempts. Multiple Vietnamese threat groups have been found to deploy info-stealer campaigns using Malware-as-a-Service (MaaS), honing in on specific sectors or groups. Their modus operandi disp…CYWARE.COM
23 OctTaking the complexity out of identity solutions for hybrid environments For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that th…SECURITYINTELLIGENCE.COM
23 OctA Brief History of Phishing, and Other Forms of Social EngineeringSocial engineering attacks have a very long history, though the Internet has made it easier to launch these attacks en masse, according to Sean McNee at DomainTools. McNee points to an advance-fee scam from 1924, in which a crook sent a letter pretending to be trapped in a Spanis…KNOWBE4.COM
23 OctBSides Canberra 2023submitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/a605fd4d-fe78-4815-a12b-296b37466e9f.png BSides Canberra is a technical community conference focussing on the deep understanding of cyber security topics. YouTube Playlist Schedule from the …INFOSEC.PUB
23 OctGUEST ESSAY: Cisco-Splunk merger will boost Snowflake – here’s how security teams can benefit.Cisco’s $28 billion acquisition of Splunk comes at an inflection point of security teams beginning to adopt to working with modern, cloud-native data lakes. Related: Dasera launches new Snowflake platform For years, Splunk has been the workhorse SIEM for many … (more…)LASTWATCHDOG.COM
23 OctSecuring Edge Computing Use Cases – Theresa Lanowitz, Scott Stout – BSW #325As the CISO role continues to transform from a technician to a risk manager, how do you secure emerging technologies, such as edge computing? By aligning to business objectives. In this segment, Theresa Lanowitz from AT&T Cybersecurity and Scott Stout From Cisco help us break…YOUTUBE.COM
23 OctSecuring Edge Computing by Aligning to Business Outcomes | Leadership & Communications - BSW #325This week, we start things off with an interview with Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Cybersecurity & Scott Stout, Vice President, Americas Security Sales Cisco at Cisco Systems, about Securing Edge Computing Use Cases by Aligning to Business Outcom…YOUTUBE.COM
23 OctRockwell Automation to Acquire ICS/OT Security Firm Verve IndustrialRockwell Automation agreed to acquire ICS/OT cybersecurity firm Verve Industrial Protection to expand its offerings. The post Rockwell Automation to Acquire ICS/OT Security Firm Verve Industrial appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctEnterprise Browser Startup Island Banks $100M in FundingSince 2020, Island has raised a total of $325 million to help protect corporate data flowing through SaaS and internal web applications. The post Enterprise Browser Startup Island Banks $100M in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctBlockaid Emerges From Stealth With $33 Million InvestmentBlockaid raises a Series A funding round to build technology to secure blockchain applications from hacks and scams. The post Blockaid Emerges From Stealth With $33 Million Investment appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctCasio Says Personal Information Accessed in Web Application Server HackHackers access the personal information of Casio customers after compromising the server for an education web application. The post Casio Says Personal Information Accessed in Web Application Server Hack appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctSecuring Edge Computing Use Cases by Aligning to Business Outcomes - Theresa Lanowitz,... - BSW #325As the CISO role continues to transform from a technician to a risk manager, how do you secure emerging technologies, such as edge computing? By aligning to business objectives. In this segment, Theresa Lanowitz from AT&T Cybersecurity and Scott Stout From Cisco help us break…YOUTUBE.COM
23 OctIsland Raises $100M to Embrace Anomaly Detection, Go GlobalCEO Mike Fey Wants Island to Expand From North America to Germany, Japan, Benelux An enterprise browser startup led by former Symantec President and COO Mike Fey closed its Series C round to accelerate market penetration and revenue growth. The company said the $100 million inves…DATABREACHTODAY.CO.UK
23 OctChina Crackdown on Cyber Scams in Southeast Asia Nets Thousands but Leaves Networks IntactChinese authorities have netted thousands of people in a crackdown on cyber scams, but the criminal networks remain intact. The post China Crackdown on Cyber Scams in Southeast Asia Nets Thousands but Leaves Networks Intact appeared first on SecurityWeek .SECURITYWEEK.COM
23 OctGoatse | Okta | Cisco | Ducktail | 0Auth | China | Spain | Aaran Leyland & More! – SWN336This week, Doug Talks: Goatse, Okta, Cisco, Ducktail, 0Auth, China, Spain, Aaran Leyland, and More on the security weekly news. →Full Show Notes: https://securityweekly.com/swn336 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our website: https://www…YOUTUBE.COM
23 OctForrester names Microsoft a Leader in the 2023 Endpoint Security Wave™ reportMicrosoft has been named a Leader in The Forrester Wave™: Endpoint Security, Q4 2023 report. The post Forrester names Microsoft a Leader in the 2023 Endpoint Security Wave™ report appeared first on Microsoft Security Blog .MICROSOFT.COM
23 OctUEFI and The Digital Supply Chain - BTS #16In this edition of Below The Surface, we discuss UEFI and The Digital Supply Chain with Dick Wilkins, Principal Technology Liaison at Phoenix Technologies, Inc. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! →Full Show…YOUTUBE.COM
23 OctEvolving Role of the Browser | Alternative Approaches to Startup Funding | News - ESW336This week, we kick things off with an interview with Noriko Bouffard, Global Lead of Chrome Browser Customer Engineering at Google Chrome Enterprise, & Marco Genovese, Head of BeyondCorp Enterprise Architecture at Google, about The Evolving Role of the Browser in the Modern Enter…YOUTUBE.COM
23 OctPumpkin Spice | VMWARE | RoundCube | Apple | Big-IP | Oktapus | | Aaran Leyland & More! – SWN337This week, Doug Talks: Pumpkin Spice, VMWARE, RoundCube, Apple, Big-IP, Oktapus , Aaran Leyland, and More on the security weekly news. →Full Show Notes: https://securityweekly.com/swn337 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our website: http…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
23 OctNew TetrisPhantom Hackers Steal Data From Secure USB Drives on Government SystemsThe attack involves the deployment of a trojanized version of the UTetris application, which acts as a loader for malware and facilitates the spread of the attack to potentially air-gapped systems.BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 14[−]
23 OctCyber Resilience Starts in the C-SuiteA recent study by Commvault shows that many senior executives are not actively involved in their company's cybersecurity initiatives. Only 33% of CEOs and 21% of other senior leaders are heavily engaged in cyber preparedness.HELPNETSECURITY.COM
23 OctHamas Likely Cooperates With Hackers to Stay OnlineThe infrastructure of the Al-Qassam Brigades website has been moved between different providers to keep it online amidst Israeli airstrikes and constant attacks from hackers.THERECORD.MEDIA
23 OctCyber Venture Capital Funding on Pace to Hit Four-Year LowVenture capital investments in cybersecurity firms have decreased, with $1.9 billion raised in the third quarter, a 30% drop from the previous year, according to new data released by Crunchbase.CYBERSECURITYDIVE.COM
23 OctTech spend to hit milestone as businesses react to AI security scareThe increased investment in security, driven by concerns associated with AI and risk, is expected to be the top category for increased spending, with 4 in 5 CIOs planning to increase security investments, according to Gartner.CYBERSECURITYDIVE.COM
23 OctQuasar RAT Leverages DLL Sideloading to Fly Under the RadarThe attack chain involves renaming legitimate files, injecting malicious code, and leveraging DLL sideloading to ultimately deploy the Quasar RAT payload, highlighting the sophistication of the attack.THEHACKERNEWS.COM
23 OctNJ Man Hired Online to Firebomb, Shoot at Homes Gets 13 Years in PrisonA 22-year-old New Jersey man has been sentenced to more than 13 years in prison for participating in a firebombing and a shooting at homes in Pennsylvania last year. Patrick McGovern-Allen was the subject of a Sept. 4, 2022 story here about the emergence of "violence-as-a-service…KREBSONSECURITY.COM
23 OctMicrosoft Opens Early Access To AI Assistant For Infosec, Security CopilotPACKETSTORMSECURITY.COM
23 OctHow an AppleTV may take down your (#IPv6) network, (Mon, Oct 23rd)I recently ran into an odd issue with IPv6 connectivity in my home network. During a lengthy outage, I decided to redo some of my network configurations. As part of this change, I also reorganized my IPv6 setup, relying more on DHCPv6 and less on router advertisements to configur…ISC.SANS.EDU
23 OctSpain arrests 34 cybercriminals who stole data of 4 million peopleThe Spanish National Police have dismantled a cybercriminal organization that carried out a variety of computer scams to steal and monetize the data of over four million people. [...]BLEEPINGCOMPUTER.COM
23 OctPalestine crypto donation scams emerge amid Israel-Hamas warAs thousands of civilians die amid the deadly Israel-Hamas war, scammers are capitalizing on the horrific events to collect donations by pretending to be legitimate charities. BleepingComputer has come across several posts on X (formerly Twitter), Telegram and Instagram where sca…BLEEPINGCOMPUTER.COM
23 OctLive Webinar | The Dark Side of AI: Unmasking its Threats and Navigating the Shadows of Cybersecurity in the Digital AgeDATABREACHTODAY.CO.UK
23 OctCisco Cloud Protection: Driving Better Outcomes With a Holistic Approach to SecurityVisibility, consistency, efficiency - are goals every security leader strives to achieve across cloud environments, and remains one of the key digital transformation challenges. Cisco's Sean Baze talks about how to overcome this challenge and discover new efficiencies through a d…DATABREACHTODAY.CO.UK
23 OctOne login to rule them all: Should you sign in with Google or Facebook on other websites?Why use and keep track of a zillion discrete accounts when you can log into so many apps and websites using your Facebook or Google credentials, right? Not so fast. What’s the trade-off?WELIVESECURITY.COM