103Articles
9Categories
2023-10-27Date
🚨 CISA KEV 1[−]
27 Oct KEVCISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities With Additional ReleasesToday, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273 , affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). The guidance now notes that Cisco has fixed these vulnerabilities for the 17.6 Cisco …CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 9[−]
27 OctVMware warns of critical vulnerability affecting vCenter Server productsubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/vmware-warns-vulnerability-vsphere-center Cloud computing giant VMware warned this week of new vulnerabilities affecting a server management product present in VMware vSphere and Cloud Foundation (VCF) …THERECORD.MEDIA
27 Oct KEVApple issued another patch to stop TriangleDB cyber snoopingsubmitted by c0mmando to netsec 1 points | 1 comments https://www.theregister.com/2023/10/26/apple_triangledb_exploit/ Apple pushed several security fixes on Wednesday, including one for all iPhone and iPads used before September last year that has already been exploited by cyber…THEREGISTER.COM
27 OctF5 Issues Warning: BIG-IP Vulnerability Allows Remote Code ExecutionF5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS score of 9.…THEHACKERNEWS.COM
27 OctF5 Issues Warning Over BIG-IP Vulnerability That Allows Remote Code ExecutionThe high-severity flaw, tracked as CVE-2023-46747, could be exploited by an unauthenticated attacker with network access. The issue is related to the configuration utility component and does not expose data but impacts control plane operations.THEHACKERNEWS.COM
27 OctF5 Warns of Critical Remote Code Execution Vulnerability in BIG-IPA critical-severity vulnerability in F5 BIG-IP CVE-2023-46747 allows unauthenticated attackers to execute code remotely. The post F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP appeared first on SecurityWeek .SECURITYWEEK.COM
27 OctF5 fixes BIG-IP auth bypass allowing remote code execution attacksA critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution. [...]BLEEPINGCOMPUTER.COM
27 OctVMware Tools Flaw Let Attackers Escalate PrivilegesTwo high vulnerabilities have been discovered in VMware Tools, which were assigned with CVE-2023-34057 and CVE-2023-34058. These vulnerabilities were associated with Local Privilege Escalation and SAML Token Signature Bypass. The severities of these vulnerabilities are 7.5 (High)…GBHACKERS.COM
27 OctChromium: CVE-2023-5472: Use after free in ProfilesThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 27[−]
27 OctDissecting TriangleDB, a Triangulation spyware implantsubmitted by c0mmando to netsec 1 points | 0 comments https://securelist.com/triangledb-triangulation-implant/110050/ Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus, Predator, Reign and others. Often, the proces…SECURELIST.COM
27 OctOkta’s Latest Security Breach Is Haunted by the Ghost of Incidents Pastsubmitted by c0mmando to netsec 1 points | 0 comments https://web.archive.org/web/20231026203011/https://www.wired.com/story/okta-support-system-breach-disclosure/ On Friday, October 20, the identity management platform Okta said it suffered an intrusion in its customer support s…WEB.ARCHIVE.ORG
27 OctiLeakage attack steals passwords, texts from Apple devicessubmitted by c0mmando to netsec 1 points | 1 comments https://www.theregister.com/2023/10/26/ileakage_apple_exploit/ University researchers have developed a novel exploit that can steal information from virtually all modern Apple Macs, iPhones, and iPads. Dubbed “iLeakage,” the e…THEREGISTER.COM
27 OctFinding You: The Network Effect of Telecommunications Vulnerabilities for Location Disclosuresubmitted by c0mmando to netsec 1 points | 0 comments https://citizenlab.ca/2023/10/finding-you-teleco-vulnerabilities-for-location-disclosure/ cross-posted from: links.hackliberty.org/post/262311 The information collected by, and stored within, mobile networks can represent one …CITIZENLAB.CA
27 OctNovel Zero-Day Exploits Fuel Q3 Surge in DDoS AttacksThe HTTP/2 Rapid Reset vulnerability was exploited in 89 attacks that exceeded 100 million requests per second, with the largest attack reaching 201 million requests per second.CYBERSECURITYDIVE.COM
27 OctFailure to verify OAuth tokens enables account takeover on websitesResearchers have found yet another OAuth implementation error on various websites that allow users to authenticate with their identities from third-party services such as Facebook or Google. Some sites fail to complete an important step in the OAuth authorization chain that invol…CSOONLINE.COM
27 OctHackers Earn $350k on Second Day at Pwn2Own Toronto 2023The highest reward of $100,000 went to Chris Anastasio for exploits targeting a P-Link Omada Gigabit router and a Lexmark CX331adwe printer. Other successful exploits earned hackers rewards ranging from $50,000 to $10,000.SECURITYWEEK.COM
27 OctGoogle Expands Its Bug Bounty Program to Tackle Artificial Intelligence ThreatsGoogle has announced that it's expanding its Vulnerability Rewards Program (VRP) to reward researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in an effort to bolster AI safety and security. "Generative AI raises new and different …THEHACKERNEWS.COM
27 OctRecord-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset FlawCloudflare has revealed that it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks exploiting the recently disclosed HTTP/2 Rapid Reset flaw.THEHACKERNEWS.COM
27 OctCybersecurity Resilience Quotient Metric for Measuring Security EffectivenessThe Cybersecurity Resilience Quotient (CRQ) metric goes beyond traditional approaches by considering factors such as asset exposure, vulnerability, criticality, architecture defensibility, and business process vulnerabilities.SECURITYWEEK.COM
27 OctCISA Announces Launch of Logging Made EasyToday, CISA announces the launch of a new version of Logging Made Easy (LME) , a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s National C…CISA.GOV
27 OctN. Korean Lazarus Group Targets Software Vendor Using Known FlawsThe North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in th…THEHACKERNEWS.COM
27 OctApple fixes bug that undermined iOS privacy feature for yearsApple has fixed a years-old vulnerability in its iPhone and iPad software that undermined a privacy feature since it first debuted. Back in 2020, Apple announced a new feature in iOS 14 that would prevent nearby wireless routers and access points from gathering an Apple device…TECHCRUNCH.COM
27 OctStripedfly Malware Framework Infects One Million Windows, Linux HostsStripedFly features TOR-based traffic concealing mechanisms, automated updating, worm-like spreading capabilities, and an EternalBlue SMBv1 exploit created before the flaw was disclosed.BLEEPINGCOMPUTER.COM
27 OctNorth Korean Lazarus Group Targets Software Vendor Using Known FlawsThe group compromised a software vendor by exploiting known security flaws in another popular software. They deployed malware such as SIGNBT and LPEClient to gain control over the victims' systems.THEHACKERNEWS.COM
27 OctPutting Censorship Circumvention to the Test: Security Audit Findings | Tor Projectsubmitted by c0mmando to netsec 0 points | 0 comments https://blog.torproject.org/security-audit-report-tor-browser-ooni/ The auditors remarked that although the scope was large, the number of issues uncovered was low, and that Tor in general adopts “an admirably robust and harde…TORPROJECT.ORG
27 Oct KEVCISA: Agencies Seeing Steep Decrease in Known Exploited Vulnerabilities on Federal NetworksFederal civilian agencies have remediated over 7 million Known Exploited Vulnerabilities findings this year, resulting in a 72% decrease in the percentage of vulnerabilities exposed for 45 or more days.THERECORD.MEDIA
27 OctNews alert: Massachusetts awards $2.3 million grant to strengthen cybersecurity ecosystem statewideBoston, Mass., Oct. 27, 2023 – Today, the Healey-Driscoll Administration announced a $2.3 million grant through the MassTech Collaborative’s MassCyberCenter to CyberTrust Massachusetts, a nonprofit dedicated to strengthening the cybersecurity ecosystem, to support cybersecurity r…LASTWATCHDOG.COM
27 OctCCleaner says hackers stole users’ personal data during MOVEit mass-hackThe maker of the popular optimization app CCleaner has confirmed hackers stole a trove of personal information about its paid customers following a data breach in May. In an email sent to customers, Gen Digital, the multinational software company that owns CCleaner, Avast, Norton…TECHCRUNCH.COM
27 OctHackers earn over $1 million for 58 zero-days at Pwn2Own TorontoThe Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug collisions) targeting consumer products between October 24 and October 27. [...]BLEEPINGCOMPUTER.COM
27 OctCareless OAuth Implementation Puts Billions at RiskSkipping Token Validation Is Open Door for Hackers Social media single sign-on standard OAuth has an implementation weakness that hackers could exploit to obtain unauthorized access, say researchers. "We expect that 1,000s of other websites are vulnerable to the attack," wrote Sa…DATABREACHTODAY.CO.UK
27 OctExabeam Lays Off 20% of Staff, F-Secure to Ax Up to 70 StaffEconomic Headwinds, High Inflation, Ukraine War Cited as Major Reasons For Job Cuts Two cybersecurity vendors are laying off a sizable chunk of their staff, with Exabeam axing 20% of its workforce and F-Secure cutting up to 70 employees. Exabeam eliminated roughly 134 positions t…DATABREACHTODAY.CO.UK
27 OctUK's Ofcom Prepares to Enforce Online Safety BillControversial Proposal Formally Adopted Into Law on Thursday The U.K. communication regulator laid down plans to implement a controversial regulation intended to prevent online child sexual abuse material after it officially became law. The Online Safety Bill received royal assen…DATABREACHTODAY.CO.UK
27 OctCISA Launches Logging Tool For Resource-Poor Organizations'Logging Made Easy' Provides Organizations With Critical Cybersecurity Insights The U.S. Cybersecurity and Infrastructure Security Agency launched a security tool intended to help organizations with limited resources better protect their Windows-based devices and sensitive data. …DATABREACHTODAY.CO.UK
27 OctRoundcube Webmail servers under attack – Week in security with Tony AnscombeThe zero-day exploit deployed by the Winter Vivern APT group only requires that the target views a specially crafted message in a web browserWELIVESECURITY.COM
27 OctWhat keeps incident responders up at night: Common pitfalls that cyber responders encounter when arriving at the sceneWhat does the worst day look like for incident responders? What keeps them up at night? And what makes their jobs more difficult? Cyber responders from IBM X-Force shared their first-hand accounts for what can turn a bad situation into a worst-case scenario when it comes to respo…SECURITYINTELLIGENCE.COM
📢 SECURITY ADVISORIES 12[−]
27 OctIOTW: DDoS attacks hit Czech ministries, pro-Russia group allegedly behind themCzech government and airport websites affected by cyber attackCSHUB.COM
27 OctMessaging Service Wiretap Discovered through Expired TLS CertFascinating story of a covert wiretap that was discovered because of an expired TLS certificate: The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certifica…SCHNEIER.COM
27 OctUN Chief Appoints 39-Member Panel to Advise on International Governance of Artificial IntelligenceU.N. Secretary-General António Guterres assembled a global advisory panel to report on international governance of artificial intelligence and its risks, challenges and key opportunities. The post UN Chief Appoints 39-Member Panel to Advise on International Governance of Artifici…SECURITYWEEK.COM
27 OctHow to Keep Your Business Running in a Contested EnvironmentWhen organizations start incorporating cybersecurity regulations and cyber incident reporting requirements into their security protocols, it's essential for them to establish comprehensive plans for preparation, mitigation, and response to potential threats. At the heart of your …THEHACKERNEWS.COM
27 Oct[Live Demo] Customizing Your Compliance Training to Increase EffectivenessLinking compliance training to specific outcomes is hard. Compliance training has a reputation for being challenging for organizations to offer, difficult to do right and employees are not engaged.KNOWBE4.COM
27 OctUK: NCSC Rolls Out Protective DNS Service for SchoolsThe U.K NCSC's PDNS for Schools service will be rolled out for free over the next year, and it will provide metrics about network health and support for resolving issues.INFOSECURITY-MAGAZINE.COM
27 OctFTC Expands Financial Data Breach Reporting RequirementsNon-Banking Institutions Will Be Required to Report Breaches Under Revised Rule. Consumer lenders such as mortgage brokers, auto dealers and payday lenders must soon report data breaches to the Federal Trade Commission under a revised regulation that mandates public disclosure. T…DATABREACHTODAY.CO.UK
27 OctUnited Nations AI Body to Advise on Risks, Global GovernanceThe 38-Member Body Comprises Government, Private, Civil Society Representatives The United Nations unveiled Thursday an AI advisory body that looks to analyze risks and make recommendations on international governance for the technology. The body comprises 38 experts across geogr…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 15[−]
27 OctNew England Biolabs leak sensitive datasubmitted by throws_lemy to cybersecurity 1 points | 0 comments https://securityaffairs.com/152995/data-breach/new-england-biolabs-leak-sensitive-data.htmlSECURITYAFFAIRS.COM
27 OctHackers that breached Las Vegas casinos rely on violent threats, research showssubmitted by throws_lemy to cybersecurity 1 points | 0 comments https://cyberscoop.com/com-scattered-spider-tradecraft/CYBERSCOOP.COM
27 OctUpdate: Hackers Spent Three Months Accessing Philadelphia City Government Email AccountsHackers had unauthorized access to Philadelphia city email accounts for at least three months, potentially compromising health information stored in them. Suspicious activity was initially detected in May but residents were only notified in October.THERECORD.MEDIA
27 OctCyber Security Today, Oct. 27, 2023 - Malware hiding as a cryptominer may have infected 1 million PCs since 2017This episode reports on a data-stealing gang that's added ransomware to its arsenal, a new UK law forcing social media platforms to police harmful content and moreCYBERSECURITYTODAY.LIBSYN.COM
27 OctRussian Artists’ Spotify Accounts Defaced by Pro-Ukraine HackersSpotify confirmed the incident and stated that they have fixed the issue, although some affected profiles may still show altered or missing profile pictures due to caching.THERECORD.MEDIA
27 OctToumei - 76,682 breached accountsIn October 2023, the Japanese consultancy firm Toumei suffered a data breach . The breach exposed over 100M lines and 10GB of data including 77k unique email addresses along with names, phone numbers and physical addresses.HAVEIBEENPWNED.COM
27 OctRising Global Tensions Could Portend Destructive HacksU.S. government agencies and private sector organizations should remain on high alert for cyberattacks targeting critical infrastructure and key sectors in light of escalating global conflicts.BANKINFOSECURITY.COM
27 OctFrance Says Russian State Hackers Breached Numerous Critical NetworksThe Russian APT28 hacking group, also known as 'Strontium' or 'Fancy Bear,' has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021.BLEEPINGCOMPUTER.COM
27 OctFakeUpdateRU: New Malware Camouflaged as Fake Chrome UpdateA new malware variant dubbed FakeUpdateRU was found targeting site visitors, attempting to trick them into downloading a fake Google Chrome update. The infection impacts WordPress websites as well as other CMS platforms. Google has blocked many domains associated with this malwar…CYWARE.COM
27 OctDuckTail Malware Spread via Fake Job Offers From Compromised LinkedIn ProfilesDuckTail is a highly elusive form of malicious software that evades detection, collects information about victims, communicates with a Command and Control server through a Telegram Bot, and exfiltrates data through ZIP archives.CLUSTER25.DUSKRISE.COM
27 OctCalifornia City Warns of Data Breach After Attack Claim by NoEscape RansomwareThe breach, which occurred from August 12 to September 26, involved the theft of personal information such as names, Social Security numbers, driver's license numbers, medical information, and health insurance policy numbers.THERECORD.MEDIA
27 OctUS Senator Quizzes 23andMe Over Credential-Stuffing HackGenetics testing firm 23andMe is facing multiple class action lawsuits and congressional scrutiny following a credential-stuffing hacking incident that exposed sensitive customer data.HEALTHCAREINFOSECURITY.COM
27 OctLazarus hackers breached dev repeatedly to deploy SIGNBT malwareThe North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer. [...]BLEEPINGCOMPUTER.COM
27 OctThe Week in Ransomware - October 27th 2023 - Breaking RecordsRansomware attacks are increasing significantly, with reports indicating that last month was a record month for ransomware attacks in 2023. [...]BLEEPINGCOMPUTER.COM
27 OctFeds Warn Healthcare Sector of AI-Augmented Phishing ThreatsGen AI Helps Hackers Create More Realistic Phishing Messages to Infiltrate Systems Hospitals, clinics and doctor practices have long fallen victim to cyberattacks and breaches kicked off with phishing emails. But with the advent of AI-augmented phishing, the lures are more convin…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 17[−]
27 OctWeekly Update 371Presently sponsored by: Got Linux? (And Mac and Windows and iOS and Android?) Then Kolide has the device trust solution for you. Click here to watch the demo. So I wrapped up this week's live stream then promptly blew hours mucking around with Zigbee on Home Assistant. Is it…TROYHUNT.COM
27 OctISC Stormcast For Friday, October 27th, 2023 https://isc.sans.edu/podcastdetail/8720, (Fri, Oct 27th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
27 OctMalicious Android Apps on Google Play With Over 2 Million InstallsOn Google Play, several new malicious apps with over 2 million installations have been found to display intrusive advertisements to users. Once installed, these trojans attempted to conceal themselves from users of Android smartphones. According to detection statistics collected …GBHACKERS.COM
27 OctYour KnowBe4 Fresh Content Updates from October 2023Check out the 27 new pieces of training content added in October, alongside the always fresh content update highlights, events and new features.KNOWBE4.COM
27 OctHave you accidentally hired a North Korean IT worker who’s spying on your company?South Korea and the United States's FBI are warning organisations that they might have inadvertently recruited a North Korean spy to work in their IT department.GRAHAMCLULEY.COM
27 OctThe evolution of 20 years of cybersecurity awarenessSince 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over…SECURITYINTELLIGENCE.COM
27 OctSecurity Onion Conference 2023 - 7 videossubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/372206af-e262-41e6-8125-547474d82f29.png Security Onion Conference 2023 Playlist Schedule from the conference website Security Onion is a free and open platform built by defenders for defend…INFOSEC.PUB
27 OctIn Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education FundingNoteworthy stories that might have slipped under the radar: Ex-NSA employee spying for Russia, EU threat landscape report, cyber education funding The post In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding appeared first on SecurityWee…SECURITYWEEK.COM
27 OctAdvanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked ToolsThe StripedFly malware has APT-like capabilities, but remained unnoticed for five years, posing as a cryptocurrency miner. The post Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools appeared first on SecurityWeek .SECURITYWEEK.COM
27 OctNew Amazon-Themed Phishing Campaign Targets Microsoft Live Outlook UsersSeveral months ago, Netskope Threat Labs uncovered a surge in PDF phishing attachments infiltrating Microsoft Live Outlook. These attacks were part of a larger series of phishing campaigns aimed to trick unsuspecting users.KNOWBE4.COM
27 OctNow Android and Windows devices aren't safe from Flipper Zero eithersubmitted by retiolus to cybersecurity 2 points | 0 comments https://news.retiolus.net/read?url=https://www.zdnet.com/article/now-android-and-windows-devices-arent-safe-from-flipper-zero-either/RETIOLUS.NET
27 OctCure53 | Pentest-Report Tor Browser & OONI 02.-03.2023submitted by L4s to secops 1 points | 0 comments https://blog.torproject.org/security-audit-report-tor-browser-ooni/TTP-01-report.pdf Cure53 | Pentest-Report Tor Browser & OONI 02.-03.2023::undefinedTORPROJECT.ORG
27 OctPumpkin Spice, VMWARE, RoundCube, Apple, Big-IP, Oktapus, Aaran Leyland and More - SWN #337Pumpkin Spice, VMWARE, Winter Vivern, RoundCube, Apple, Big-IP, Oktapus, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-337YOUTUBE.COM
27 OctFriday Squid Blogging: On the Ugliness of Squid FishingAnd seafood in general : A squid ship is a bustling, bright, messy place. The scene on deck looks like a mechanic’s garage where an oil change has gone terribly wrong. Scores of fishing lines extend into the water, each bearing specialized hooks operated by automated reels.…SCHNEIER.COM
27 OctISMG Editors: Business, Cyber Resilience in Israel-Hamas WarAlso: Cisco IOS XE Vulnerabilities in the Wild, Indonesia's Data Protection Picture In the latest weekly update, ISMG editors discuss how cybersecurity businesses are building resilience during the Israel-Hamas war, the latest on the hacks of Cisco IOS XE devices, and recommendat…DATABREACHTODAY.CO.UK
27 OctStripedFly worming miner hides sophisticated code and espionage-ready capabilitiessubmitted by throws_lemy to cybersecurity 2 points | 0 comments https://usa.kaspersky.com/about/press-releases/2023_stripedfly-a-worming-miner-hiding-sophisticated-code-and-espionage-ready-capabilitiesUSA.KASPERSKY.COM
27 OctCloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rpssubmitted by throws_lemy to cybersecurity 1 points | 0 comments https://securityaffairs.com/153082/hacking/cloudflare-hyper-volumetric-http-distributed-ddos-attacks.htmlSECURITYAFFAIRS.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
27 OctAndroid Adware Apps on Google Play Amass Two Million InstallsThese apps, associated with malware families such as 'FakeApp,' 'Joker,' and 'HiddenAds,' have been downloaded over 2 million times. The HiddenAds apps push intrusive ads to users while hiding their presence on the infected devices.BLEEPINGCOMPUTER.COM
27 OctReport: Consumers are Taking Action to Protect Their PrivacyA recent survey conducted by Cisco reveals that younger consumers are more proactive in protecting their privacy, with 42% of those aged 18-24 exercising their Data Subject Access Rights.HELPNETSECURITY.COM
27 OctHumans Need to Rethink Trust in the Wake of Generative AIA recent survey by ISACA revealed that the biggest risk associated with generative AI is misinformation and disinformation. This has led to concerns about privacy violations, social engineering, intellectual property loss, and job displacement.INFOSECURITY-MAGAZINE.COM
🎙️ PODCASTS 1[−]
27 OctCyber Security Today, Week in Review for the week ending Friday, Oct. 27, 2023This episode features a discussion on the recent Okta hack, an attack on a Canadian shared services provider to five Canadian hospitals, the SecTOR conference and more.CYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 16[−]
27 OctHow Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate CybercrimeThis report explores the Kopeechka service and gives a detailed technical analysis of the service’s features and capabilities and how it can help cybercriminals to achieve their goals.TRENDMICRO.COM
27 OctNigerian Police Dismantle Major Cybercrime HubNigerian police have shut down a cybercrime recruitment and training center in Abuja, arresting six suspects involved in various cybercrimes including business email compromise and romance scams.INFOSECURITY-MAGAZINE.COM
27 OctCranium Announces $25 Million in Series A Funding to Secure AIThe AI security and trust software firm has raised $25 million in Series A funding, bringing its total funding to $32 million, which will be used for innovation, R&D, and business expansion.DARKREADING.COM
27 OctNew Project Analyzes and Catalogs Vendor Support for Secure PLC CodingWhile some secure coding practices apply to all PLCs, others are specific to each vendor, making it difficult to find relevant documentation. The project aims to provide this information in an easy-to-digest format.SECURITYWEEK.COM
27 OctSecurity Leaders Have Good Reasons to Fear AI-Generated AttacksAccording to Abnormal Security, the majority of security leaders are not adequately prepared to defend against AI-generated email attacks, relying on traditional solutions that lack effectiveness.HELPNETSECURITY.COM
27 OctReport: Security Not a Priority For a Third of SMBsA key point of contention is the shared responsibility model which is frequently misunderstood. While cloud providers like AWS secure the infrastructure, customers are responsible for safeguarding their sensitive data and other components.INFOSECURITY-MAGAZINE.COM
27 OctIn-Home Hospitality App Hello Alfred Exposes User DataThe in-home hospitality app exposed almost 170,000 user records, including sensitive personal data and partial payment information, due to a passwordless and publicly accessible database.SECURITYAFFAIRS.COM
27 OctWindows 11 KB5031455 preview update enables Moment 4 features by defaultMicrosoft has released the optional KB5031455 Preview cumulative update for Windows 11 22H2, which enables 72 new Moment 4 features by default and fixes 22 issues. [...]BLEEPINGCOMPUTER.COM
27 OctInternet access in Gaza is collapsing as ISPs fall offlineAs the conflict between Israel and Hamas reaches its third week, internet connectivity in Gaza is getting worse. On Thursday, internet monitoring firm NetBlocks wrote on X, formerly Twitter, that the Palestinian internet service provider NetStream “has collapsed days after the op…TECHCRUNCH.COM
27 OctMicrosoft 365 users get workaround for ‘Something Went Wrong’ errorsMicrosoft shared a workaround for a known Microsoft 365 issue triggering 'Something Went Wrong [1001]' sign-in errors and making desktop applications unusable for many customers. [...]BLEEPINGCOMPUTER.COM
27 OctSAS 2023: Key Research | Kaspersky official blogResearch presented by the GReAT team at the Security Analyst Summit 2023 conference.KASPERSKY.COM