12Articles
4Categories
2023-10-28Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
28 OctThree new NGINX ingress controller vulnerabilities were just reported and how they affect Kubernetessubmitted by L4s to secops 1 points | 0 comments https://www.armosec.io/blog/cve-2023-5043-nginx-ingress/ Three new NGINX ingress controller vulnerabilities were just reported and how they affect Kubernetes::CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886 can be exploited by attac…ARMOSEC.IO
⚠️ VULNERABILITY DISCLOSURE 4[−]
28 OctCCleaner Says Hackers Stole Users’ Personal Data During MOVEit Mass-HackThe hackers exploited a vulnerability in the MOVEit file transfer tool, used by CCleaner, to access sensitive data. The stolen information includes names, contact details, and product purchase information. Less than 2% of users were affected.TECHCRUNCH.COM
28 OctResearchers Uncover Wiretapping of XMPP-Based Instant Messaging ServiceNew findings have shed light on what's said to be a lawful attempt to covertly intercept traffic originating from jabber[.]ru (aka xmpp[.]ru), an XMPP-based instant messaging service, via servers hosted on Hetzner and Linode (a subsidiary of Akamai) in Germany. "The attacker has …THEHACKERNEWS.COM
28 OctD-LINK SQL Injection Vulnerability Let Attacker Gain Admin PrivilegesA security flaw called SQL injection has been uncovered in the D-Link DAR-7000 device. SQL injection is a malicious attack that exploits vulnerabilities in web applications to inject malicious SQL statements and gain unauthorized access to the database. This technique allows an a…GBHACKERS.COM
28 OctHackerOne paid ethical hackers over $300 million in bug bountiesHackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 5[−]
28 OctA new ransomware uses virtual machine to dodge securitysubmitted by L4s to secops 1 points | 0 comments https://tech.hindustantimes.com/tech/news/a-new-ransomware-uses-virtual-machine-to-dodge-security-71590409211492.html A new ransomware uses virtual machine to dodge security::Ragnar Locker remains out of reach of the security softw…TECH.HINDUSTANTIMES.COM
28 OctStanford University Investigating Cyberattack After Akira Ransomware ClaimsStanford University is currently investigating a cybersecurity incident within its Department of Public Safety after a ransomware gang claimed to have attacked the school. The Akira ransomware gang has claimed to have stolen 430 GB of data.THERECORD.MEDIA
28 OctLockBit Ransomware Gang Claims to Have Stolen Data From BoeingThe LockBit group has a history of listing companies as victims, even if it was actually a vendor to the compromised company, so further investigation is needed to confirm the extent of the breach.SECURITYAFFAIRS.COM
28 OctUpdate: Kansas Court System Down Nearly Two Weeks in ‘Security Incident’ That Has Hallmarks of RansomwareThe outage has hindered electronic filings, payment processing, case management, public access to records, and applications for various legal services, leading to delays and a reliance on paper-based processes.SECURITYWEEK.COM
28 OctHackers email stolen student data to parents of Nevada school districtThe Clark County School District (CCSD) in Nevada is dealing with a potentially massive data breach, as hackers email parents their children's' data that was allegedly stolen during a recent cyberattack. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 2[−]
28 OctSize Matters for Many Security Controls, (Sat, Oct 28th)This week, I&#;x26;#;39;m teaching FOR610 in Manchester, and while my students are busy resolving some challenges, I&#;x26;#;39;m looking at my hunting results from the previous days. I found an interesting sample. The file …ISC.SANS.EDU
28 OctGOAD: Vulnerable Active Directory environment for practicing attack techniques - Help Net Securitysubmitted by MajorTom to cybersecurity 2 points | 0 comments https://www.helpnetsecurity.com/2023/10/26/goad-game-of-active-directory/HELPNETSECURITY.COM