matlock.ca // THREAT INTELLIGENCE

126Articles

9Categories

2023-10-26Date

🚨

CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-5631 Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors for malic…

KEVCISA.GOV — Thu, 26 Oct 23 1

🐛

VSCode Vulnerabilities - Thomas Chauchefoin, Paul Gerste - PSW #804

YOUTUBE.COM — 2023-10-26

🐛

Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data

THEHACKERNEWS.COM — 26 Oct 2023

🐛

Citrix Bleed: PoC Released for Citrix NetScaler Zero-Day Vulnerability

GBHACKERS.COM — 26 Oct 2023

🐛

Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data

THEHACKERNEWS.COM — 26 Oct 2023

🐛

Firefox Memory Corruption Flaw Let Attacker Execute Arbitrary Code

GBHACKERS.COM — 26 Oct 2023

🐛

Adventures in Validating IPv4 Addresses, (Thu, Oct 26th)

ISC.SANS.EDU — 26 Oct 2023

🐛

VMware Releases Security Advisory for vCenter Server

CISA.GOV — Thu, 26 Oct 23 1

🐛

Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data

SECURITYWEEK.COM — 26 Oct 2023

🐛

CVE-2023-46747: Pre-Auth Remote Code Execution in F5-BIGIP via AJP Request Smuggling

PRAETORIAN.COM — 26 Oct 2023

🐛

CVE-2021-31192 Windows Media Foundation Core Remote Code Execution Vulnerability

MSRC.MICROSOFT.COM — 26 Oct 2023

🐛

CVE-2021-31205 Windows SMB Client Security Feature Bypass Vulnerability

MSRC.MICROSOFT.COM — 26 Oct 2023

🐛

CVE-2021-31207 Microsoft Exchange Server Security Feature Bypass Vulnerability

MSRC.MICROSOFT.COM — 26 Oct 2023

⚠️

Pro-Russia group exploits Roundcube zero-day in attacks on European government emails

THEREGISTER.COM — 26 Oct 2023

⚠️

Businesses face “silent infiltration” of generative AI as use spirals out of control

CSOONLINE.COM — 26 Oct 2023

⚠️

Copilot is ready for takeoff: Microsoft rolls out artificial intelligence for Windows

CSOONLINE.COM — 26 Oct 2023

⚠️

Spain Arrests 34 Cybercriminals Who Stole Data of 4 Million People

GBHACKERS.COM — 26 Oct 2023

⚠️

Indian National Arrested for Stealing $150,000 via Computer Hacking

GBHACKERS.COM — 26 Oct 2023

⚠️

Teleport’s new offering to help reduce attack response times

CSOONLINE.COM — 26 Oct 2023

⚠️

Google adds generative AI threats to its bug bounty program

TECHCRUNCH.COM — 26 Oct 2023

⚠️

The Danger of Forgotten Pixels on Websites: A New Case Study

THEHACKERNEWS.COM — 26 Oct 2023

⚠️

Increasing transparency in AI security

SECURITY.GOOGLEBLOG.COM — 2023-10-26

⚠️

Google’s reward criteria for reporting bugs in AI products

SECURITY.GOOGLEBLOG.COM — 2023-10-26

⚠️

Winter Vivern APT Resurfaces to Target European Entities

CYWARE.COM — 26 Oct 2023

⚠️

Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware

THEHACKERNEWS.COM — 26 Oct 2023

⚠️

Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw

THEHACKERNEWS.COM — 26 Oct 2023

⚠️

CISA Releases Nine Industrial Control Systems Advisories

CISA.GOV — Thu, 26 Oct 23 1

⚠️

Apple Ships Major iOS, macOS Security Updates

SECURITYWEEK.COM — 26 Oct 2023

⚠️

Human-Crafted Phishing Emails Only Three Percent More Successful Than AI-Generated Ones, According To IBM

KNOWBE4.COM — 26 Oct 2023

⚠️

Citrix Bleed Exploit Lets Hackers Hijack Netscaler Accounts

BLEEPINGCOMPUTER.COM — 26 Oct 2023

⚠️

Nine Vulnerabilities Found in VPN Software, Including One Critical RCE Issue

TALOSINTELLIGENCE.COM — 26 Oct 2023

⚠️

CISA, HHS Release Cybersecurity Healthcare Toolkit

SECURITYWEEK.COM — 26 Oct 2023

⚠️

iLeakage Attack Exploits Safari to Steal Sensitive Data From Macs, iPhones

SECURITYWEEK.COM — 26 Oct 2023

⚠️

Celebrating Cybersecurity Awareness Month with KnowBe4: Insights from Our Valued Customers

KNOWBE4.COM — 26 Oct 2023

⚠️

Apple Releases Security Advisories for Multiple Products

CISA.GOV — Thu, 26 Oct 23 1

⚠️

Firefox, Chrome Updates Patch High-Severity Vulnerabilities

KEVSECURITYWEEK.COM — 26 Oct 2023

⚠️

UK Prime Minister announces world’s first AI Safety Institute

CSOONLINE.COM — 26 Oct 2023

⚠️

CISA, HHS, and HSCC Jointly Release Cybersecurity Toolkit For Healthcare Sector

INFOSECURITY-MAGAZINE.COM — 26 Oct 2023

⚠️

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A and M-Series CPUs

THEHACKERNEWS.COM — 26 Oct 2023

⚠️

The Evolving Role of the Browser in the Modern Enterprise World – ESW #337

YOUTUBE.COM — 2023-10-26

⚠️

Breach Roundup: Winter Vivern Hunting For Emails

DATABREACHTODAY.CO.UK — 2023-10-26

⚠️

Proof of Concept: Overcoming Open Source Code Security Risks

DATABREACHTODAY.CO.UK — 2023-10-26

⚠️

The Evolving Role of the Browser in the Modern Enterprise World - Noriko Bouffard, Mar... - ESW #337

YOUTUBE.COM — 2023-10-26

📢

CISA Issues Request for Comment on Software Identification Ecosystem Analysis White Paper

CISA.GOV — Thu, 26 Oct 23 1

📢

Amazon Rolls Out Independent Cloud for Europe to Address Stricter Privacy Standards

SECURITYWEEK.COM — 26 Oct 2023

📢

[Control systems] Sielco security advisory (AV23-655)

CYBER.GC.CA — 2023-10-26

📢

[Control systems] Rockwell Automation security advisory (AV23-654)

CYBER.GC.CA — 2023-10-26

📢

[Control systems] Dingtian security advisory (AV23-651)

CYBER.GC.CA — 2023-10-26

📢

[Control systems] Centralite security advisory (AV23-652)

CYBER.GC.CA — 2023-10-26

📢

[Control systems] Ashlar-Vellum security advisory (AV23-653)

CYBER.GC.CA — 2023-10-26

📢

F5 security advisory (AV23-656)

CYBER.GC.CA — 2023-10-26

📢

White House Teases New AI Executive Order

DATABREACHTODAY.CO.UK — 2023-10-26

🔥

Update: Grammarly Says It Corrected Sign-in Vulnerabilities After Alert From Cyber Researchers

THERECORD.MEDIA — 26 Oct 2023

🔥

Cybercriminals Leak Patient Pictures in Low Blow Bid to Win Ransom

THEREGISTER.COM — 26 Oct 2023

🔥

SEIKO Cyber Attack: Customers Personal Data Exposed

GBHACKERS.COM — 26 Oct 2023

🔥

ASVEL basketball club slam dunked by NoEscape ransomware gang, data stolen

BITDEFENDER.COM — 26 Oct 2023

🔥

Meet Rhysida, a New Ransomware Strain That Deletes Itself

DARKREADING.COM — 26 Oct 2023

🔥

Ambulances diverted after New York hospitals hit by cyber attack

BITDEFENDER.COM — 26 Oct 2023

🔥

Chilean Telecom Giant GTD Suffers Disruptive Attacks Affecting its Infrastructure-as-a-Service Platform

BLEEPINGCOMPUTER.COM — 26 Oct 2023

🔥

Why cybersecurity training isn’t working (and how to fix it)

SECURITYINTELLIGENCE.COM — 26 Oct 2023

🔥

DUCKTAIL Malware Employs LinkedIn Messages to Execute Attacks

GBHACKERS.COM — 26 Oct 2023

🔥

Redcliffe Labs Database with Over 12 Million Patient Records Exposed

THECYBEREXPRESS.COM — 26 Oct 2023

🔥

BeyondTrust, Cloudflare And 1Password Targeted After Okta Breach

PACKETSTORMSECURITY.COM — 26 Oct 2023

🔥

Seiko Discloses Data Breach Resulting From BlackCat Ransomware Attack

INFOSECURITY-MAGAZINE.COM — 26 Oct 2023

🔥

Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack

SECURITYWEEK.COM — 26 Oct 2023

🔥

The Rise and Tactics of Octo Tempest: A Cyber Threat Analysis

CYWARE.COM — 26 Oct 2023

🔥

Key Learnings from “Big Game” Ransomware Campaigns

SECURITYWEEK.COM — 26 Oct 2023

🔥

Kansas Court System Down Nearly 2 Weeks in ‘Security Incident’ That Has Hallmarks of Ransomware

SECURITYWEEK.COM — 26 Oct 2023

🔥

France says Russian state hackers breached numerous critical networks

BLEEPINGCOMPUTER.COM — 26 Oct 2023

🔥

Hackers Earn $350k on Second Day at Pwn2Own Toronto 2023

SECURITYWEEK.COM — 26 Oct 2023

🔥

Cryptohack Roundup: Defense Calls Sam Bankman-Fried

DATABREACHTODAY.CO.UK — 2023-10-26

🔥

What Is Operational Risk and Why Should You Care? Assessing SEC Rule Readiness for OT and IoT

HELPNETSECURITY.COM — 26 Oct 2023

🔥

Cyber Fail: Can You Trust Hallucinating Chatbots?

DATABREACHTODAY.CO.UK — 2023-10-26

🔥

Known Ransomware Attack Volume Breaks Monthly Record, Again

DATABREACHTODAY.CO.UK — 2023-10-26

🔥

Microsoft: Octo Tempest one of the most dangerous financial hacking groups

BLEEPINGCOMPUTER.COM — 26 Oct 2023

🔥

Cybersecurity Unicorns Are Back, the Okta Breach Is Bad, & Don’t Invest in Startups - ESW #337

YOUTUBE.COM — 2023-10-26

🔥

Microsoft: Octo Tempest is one of the most dangerous financial hacking groups

BLEEPINGCOMPUTER.COM — 26 Oct 2023

🔥

An integrated incident response solution with Microsoft and PwC

MICROSOFT.COM — 26 Oct 2023

🕵️

ISC Stormcast For Thursday, October 26th, 2023 https://isc.sans.edu/podcastdetail/8718, (Thu, Oct 26th)

ISC.SANS.EDU — 26 Oct 2023

🕵️

Shenanigans and more - PSW #804

YOUTUBE.COM — 2023-10-26

🕵️

New Undetected Python-Based Info-stealer Offered Via Dedicated Website

GBHACKERS.COM — 26 Oct 2023

🕵️

Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks

THEHACKERNEWS.COM — 26 Oct 2023

🕵️

YoroTrooper: Researchers Warn of Kazakhstan's Stealthy Cyber Espionage Group

THEHACKERNEWS.COM — 26 Oct 2023

🕵️

Authorities Seize 17 North Korean Hacker Websites Used for Scamming

GBHACKERS.COM — 26 Oct 2023

🕵️

New NSA Information from (and About) Snowden

SCHNEIER.COM — 2023-10-26

🕵️

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

KNOWBE4.COM — 26 Oct 2023

🕵️

Google AI Security Plan: Bug Bounty, Supply Chain Safety

DATABREACHTODAY.CO.UK — 2023-10-26

🕵️

Cloudflare sees surge in hyper-volumetric HTTP DDoS attacks

BLEEPINGCOMPUTER.COM — 26 Oct 2023

🕵️

Monetization of Partner Led Managed Services Model

PALOALTONETWORKS.COM — 26 Oct 2023

🕵️

Octo Tempest Attacking Organizations to Steal Financial Data

GBHACKERS.COM — 26 Oct 2023

🕵️

Pro-Russian Hackers Target XSS In Roundcube

PACKETSTORMSECURITY.COM — 26 Oct 2023

🕵️

Mandiant Intelligence Chief Raises Alarms Over China's Volt Typhoon Hackers In US Critical Infrastructure

PACKETSTORMSECURITY.COM — 26 Oct 2023

🕵️

Google Announces Bug Bounty Program and Other Initiatives to Secure AI

SECURITYWEEK.COM — 26 Oct 2023

🕵️

Weapons Systems Provide Valuable Lessons for ICS/OT Security

SECURITYWEEK.COM — 26 Oct 2023

🕵️

Day 3 of SecurityWeek’s 2023 ICS Cybersecurity Conference — Challenges and Solutions

SECURITYWEEK.COM — 26 Oct 2023

🕵️

The Role of AI in Email Security and How Real-Time Threat Intelligence Can Supercharge Your SOC Team

KNOWBE4.COM — 26 Oct 2023

🕵️

UK Parliament Probes Critical Infrastructure Cybersecurity

DATABREACHTODAY.CO.UK — 2023-10-26

🕵️

AI Security Firm Cranium Raises $25 Million

SECURITYWEEK.COM — 26 Oct 2023

🕵️

Threat Hunting: Detecting Browser Credential Stealing [T1555.003]

FOURCORE.IO — 26 Oct 2023

🕵️

US Senator Quizzes 23andMe Over Credential-Stuffing Hack

DATABREACHTODAY.CO.UK — 2023-10-26

🕵️

Rockwell Forges Gen AI Pact With Microsoft, Buys Cyber Firm

DATABREACHTODAY.CO.UK — 2023-10-26

🕵️

Alternative Approaches to Startup Funding - The Syndicate Group - Chad Cardenas - ESW #337

YOUTUBE.COM — 2023-10-26

🕵️

ESET APT Activity Report Q2–Q3 2023

WELIVESECURITY.COM — 26 Oct 2023

🌐

Unmasking Vacum Stealer: The Malware Plotting Cryptocurrency Plunder

THECYBEREXPRESS.COM — 26 Oct 2023

🌐

FakeUpdateRU Chrome Update Infection Spreads Trojan Malware

SUCURI.NET — 26 Oct 2023

🌐

Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks

THEHACKERNEWS.COM — 26 Oct 2023

🌐

Octo Tempest aka 0ktapus has Become 'One of the Most Dangerous Financial' Hacker Groups

HEALTHCAREINFOSECURITY.COM — 26 Oct 2023

🌐

StripedFly malware framework infects 1 million Windows, Linux hosts

BLEEPINGCOMPUTER.COM — 26 Oct 2023

🌐

Phony Corsair job vacancy targets LinkedIn users with DarkGate malware

TRIPWIRE.COM — 26 Oct 2023

🎙️

Smashing Security podcast #345: Cyber sloppiness, and why does Google really want to hide your IP address?

GRAHAMCLULEY.COM — 26 Oct 2023

📡

Strategic Tips to Optimize Cybersecurity Consolidation

TRENDMICRO.COM — 26 Oct 2023

📡

Servicenow Quietly Fixes Eight-Year-Old Data Exposure Flaw

THEREGISTER.COM — 26 Oct 2023

📡

New iLeakage attack steals emails, passwords from Apple Safari

BLEEPINGCOMPUTER.COM — 26 Oct 2023

📡

Workflow of a zkSync Era transaction: from generation to finalization

QUARKSLAB.COM — 2023-10-26

📡

You Should Probably Buy A Flipper Zero Before It's Too Late

PACKETSTORMSECURITY.COM — 26 Oct 2023

📡

ServiceNow Quietly Addresses Unauthenticated Data Exposure Flaw From 2015

PACKETSTORMSECURITY.COM — 26 Oct 2023

📡

Google Announces Bug Bounty Program And Other Initiatives To Secure AI

PACKETSTORMSECURITY.COM — 26 Oct 2023

📡

Can you use emojis in passwords? | Kaspersky official blog

KASPERSKY.COM — 26 Oct 2023

📡

UK Parliament Opens Inquiry into Cyber-Resilience

INFOSECURITY-MAGAZINE.COM — 26 Oct 2023

📡

Australia Focuses on Threat of Chinese Attack on Solar Power

BANKINFOSECURITY.COM — 26 Oct 2023

📡

New iLeakage Attack Steals Emails, Passwords From Apple Safari

BLEEPINGCOMPUTER.COM — 26 Oct 2023

📡

Opinion | Can we Afford the Risk? Measuring the cost of the Expiration of the Chemical Facilities Anti-Terrorism Standards Program

CISA.GOV — Thu, 26 Oct 23 1

📡

Nigerian Police dismantle cybercrime recruitment, mentoring hub

BLEEPINGCOMPUTER.COM — 26 Oct 2023

📡

UK: Purchase Scams Surge as Fraud Losses Hit $703m

INFOSECURITY-MAGAZINE.COM — 26 Oct 2023

📡

Android adware apps on Google Play amass two million installs

BLEEPINGCOMPUTER.COM — 26 Oct 2023

📡

Windows 10 KB5031445 preview update fixes ctfmon.exe memory leak, 9 issues

BLEEPINGCOMPUTER.COM — 26 Oct 2023