🚨 CISA KEV 1[−]
31 Oct KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-46747 F5 BIG-IP Authentication Bypass Vulnerability CVE-2023-46748 F5 BIG-IP SQL Injection Vulnerability These types of vulnerabilities are f…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
31 OctAtlassian Warns of New Critical Confluence Vulnerability Threatening Data LossAtlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in "significant data loss if exploited by an unauthenticated attacker." Tracked as CVE-2023-22518, the vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring sys…THEHACKERNEWS.COM
31 OctAttackers Exploiting Critical F5 BIG-IP VulnerabilityExploitation of a critical vulnerability (CVE-2023-46747) in F5’s BIG-IP product started less than five days after public disclosure and PoC exploit code was published. The post Attackers Exploiting Critical F5 BIG-IP Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
⚠️ VULNERABILITY DISCLOSURE 26[−]
31 OctUpdate: Exploit Released for Critical Cisco IOS XE Flaw, Many Hosts Still HackedDespite patches being available, thousands of Cisco IOS XE devices remain compromised, with major telecommunications and internet providers being particularly affected by such attacks.BLEEPINGCOMPUTER.COM
31 OctRCE Exploit for Wyze Cam v3 Publicly Released, Patch NowA security researcher has discovered two vulnerabilities in Wyze Cam v3 firmware and released a proof-of-concept exploit that can be used to gain remote code execution and take over vulnerable devices.BLEEPINGCOMPUTER.COM
31 OctData loss prevention vendors tackle gen AI data risksData loss prevention (DLP) vendors are racing to add support for generative AI use cases to their platforms, following the popularity and increasing adoption of ChatGPT since its release in November 2022. The tool quickly became the fastest-growing app in history, and a board-lev…CSOONLINE.COM
31 OctThe Future of Drone WarfareUkraine is using $400 drones to destroy tanks: Facing an enemy with superior numbers of troops and armor, the Ukrainian defenders are holding on with the help of tiny drones flown by operators like Firsov that, for a few hundred dollars, can deliver an explosive charge capable of…SCHNEIER.COM
31 OctCrypto Thief Steals $4.4 Million in a Day as Toll Rises From LastPass BreachLastPass previously disclosed a breach in August 2022, where an attacker obtained customer information and encrypted vault data, leading to the theft of over $35 million worth of crypto from around 150 victims.COINTELEGRAPH.COM
31 OctFive Guys Discloses Hack of Two Employee Email AccountsThe breach, discovered on June 7, was the result of business email compromise. While the total number of individuals impacted was not disclosed, only three residents of Maine were affected.CYBERSECURITYDIVE.COM
31 OctConfirmed: Palo Alto Networks buys Dig Security, sources say for $400MWe reported in September that Palo Alto was getting ready to make yet more security acquisitions out of Israel, specifically of Dig Security and Talon. Today, some confirmation of one of those has arrived: the U.S. security giant said it would be acquiring Dig. The company is not…TECHCRUNCH.COM
31 OctSEC sues SolarWinds and its CISO for fraudulent cybersecurity disclosuresThe Security and Exchange Commission (SEC) has filed charges against SolarWinds and its chief information security officer, Timothy G. Brown for misleading investors by not disclosing "known risks" and not accurately representing the company's cybersecurity measures during and be…CSOONLINE.COM
31 OctCybersecurity workforce shortage reaches 4 million despite significant recruitment driveThe cybersecurity workforce shortage has risen to a record high of just under 4 million despite the cybersecurity workforce growing by almost 10% in the last year. That's according to the latest Cybersecurity Workforce Study from ISC 2 , the nonprofit member organization for cybe…CSOONLINE.COM
31 OctAtlassian Warns of New Critical Confluence Vulnerability Threatening Data LossThe vulnerability, rated 9.1 out of 10 on the CVSS scoring system, is an improper authorization vulnerability and affects all versions of Confluence Data Center and Server.THEHACKERNEWS.COM
31 OctiLeakage updates Spectre for novel info-stealing side-channel attackA new proof of concept (PoC) exploit called iLeakage has been demonstrated by a group of US and German university professors to steal sensitive user data from Apple devices by improving on side-channel attack techniques used by Spectre and MeltDown , which alarmed CISOs when the …CSOONLINE.COM
31 OctHackers Abuse Google Search Ads to Deploy Bonanza MalwareCybercriminals are resorting to unscrupulous tactics to deploy Bonanza malware by exploiting Google Search Ads. The hackers are taking advantage of the search engine’s advertising mechanism to spread the malicious software, putting unsuspecting users at risk of cyber attack…GBHACKERS.COM
31 OctWhy ransomware victims can’t stop paying off hackersIn September, MGM Resorts was hit by a devastating ransomware attack, downing operations at some of its most iconic casino hotels in Las Vegas, including the Bellagio, Mandalay Bay and the Cosmopolitan. Guests were forced to wait hours to check in after the cyberattack crippled e…TECHCRUNCH.COM
31 OctWhat the White House executive order on AI means for cybersecurity leadersArtificial intelligence continues to snare the technological limelight and, rightly so as we move well into the final quarter of 2023, there is wide international interest in harnessing the power of AI. But with the excitement and anticipation come some appropriate notes of cauti…CSOONLINE.COM
31 OctMalicious NuGet Packages Exploit Loophole in MSBuild IntegrationsCybersecurity firm ReversingLabs has discovered a coordinated and ongoing malicious campaign on the NuGet package manager. The campaign involves the publishing of hundreds of malicious packages since August.REVERSINGLABS.COM
31 OctCISA Releases Three Industrial Control Systems AdvisoriesCISA released three Industrial Control Systems (ICS) advisories on October 31, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-304-02 INEA ME RTU ICSA-23-304-03 Zavio IP Camera ICSA-23-208-03 …CISA.GOV
31 OctPrepare Your Employees to Withstand a Zero-Day Cyber Attack: 5 Key StrategiesImagine walking into work one morning to find your company’s network completely crippled. Servers are down, workstations display ransomware notices, and critical data has been encrypted or deleted. Total operational paralysis. This is the potential aftermath of a devastatin…GBHACKERS.COM
31 OctAtlassian warns of critical Confluence flaw leading to data lossAustralian software company Atlassian warned admins to immediately patch Internet-exposed Confluence instances against a critical security flaw that could lead to data loss following successful exploitation. [...]BLEEPINGCOMPUTER.COM
31 OctAtlassian CISO Urges Quick Action to Protect Confluence Instances From Critical VulnerabilityAtlassian warns that a critical vulnerability in Confluence Data Center and Server could lead to significant data loss if exploited. The post Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
31 OctSecuring Cloud Infrastructure Demands a New MindsetRising attacks on cloud infrastructure and services have created a ‘shared fate’ scenario for cloud providers and users, where a successful breach means everybody loses. Fresh thinking and closer collaboration can help avoid that outcome and better protect public cloud resources.TRENDMICRO.COM
31 OctHow Security Tools Must Evolve - Dan Kuykendall - ASW #261The categories of security tools that we're most familiar with have struggled to keep up with how modern apps are designed and what modern devs need. What if instead of being beholden to categories, we created tools that solved problems devs have today in the types of apps they b…YOUTUBE.COM
31 OctThird Wave Innovations rolls security into all-in-one NOC offeringThird Wave Innovations wants to be one-stop shopping for both security and network operations management, having grafted a host of network operations center (NOC) capabilities onto its existing C4 Intelligence Platform and dubbing it a Cyber Network Operations Center. The company…CSOONLINE.COM
31 OctG7 Unveils Rules for AI Code of Conduct - Will They Stick?Experts Are Raising Concerns About the Voluntary Nature of Recent AI Guidance The Group of Seven industrial countries has unveiled a voluntary set of guidelines and expectations for the safe and secure development of AI systems. While the move is seen as a significant step toward…DATABREACHTODAY.CO.UK
31 OctZero Day Threat Protection for Your NetworkExplore the world of zero day threats and gain valuable insight into the importance of proactive detection and remediation.TRENDMICRO.COM
31 OctClosing the gender gap: 7 ways to attract more women into cybersecurityGlobal Diversity Awareness Month is a timely occasion to reflect on the steps required to remove the obstacles to women's participation in the security industry, as well as to consider the value of inclusion and diversity in the security workforce.WELIVESECURITY.COM
📢 SECURITY ADVISORIES 6[−]
31 OctMeta Launches Paid Ad-Free Subscription in Europe to Satisfy Privacy LawsMeta on Monday announced plans to offer an ad-free option to access Facebook and Instagram for users in the European Union (EU), European Economic Area (EEA), and Switzerland to comply with "evolving" data protection regulations in the region. The ad-free subscription, which cost…THEHACKERNEWS.COM
31 OctFeds Levy First-Ever HIPAA Fine for Ransomware Data BreachMassachusetts Management Firm to Pay $100,000, Monitor HIPAA Compliance for 3 Years A Massachusetts-based medical management firm holds the dubious honor of being the first ransomware victim fined for a data breach by the Department of Health and Human Services. Doctor Management…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 12[−]
31 OctProofpoint to Buy Tessian to Infuse Email Protection With AIThe acquisition aligns with Proofpoint's vision of securing the human layer in cybersecurity and aims to improve email security, reduce the risk of data breaches, and ease the workload on security teams.BANKINFOSECURITY.COM
31 OctTrojanized PyCharm Software Version Delivered via Google Search AdsA new malvertising campaign has been observed capitalizing on a compromised website to promote spurious versions of PyCharm on Google search results by leveraging Dynamic Search Ads. "Unbeknownst to the site owner, one of their ads was automatically created to promote a popular p…THEHACKERNEWS.COM
31 OctProofpoint to Acquire AI Email Security Firm TessianProofpoint, an enterprise security company, has entered into a definitive agreement to acquire Tessian, a leading provider of email security solutions. The acquisition is aimed at enhancing the existing email security offerings of Proofpoint and preventing misdirected emails and …GBHACKERS.COM
31 OctSEC accuses SolarWinds CISO of misleading investors before Russian cyberattackThe U.S. Securities and Exchange Commission has charged SolarWinds and its top cybersecurity executive Timothy Brown with fraud and internal control failures for allegedly misleading investors about the company’s cybersecurity practices prior to a cyberattack launched by Ru…TECHCRUNCH.COM
31 OctDallas County Confirms Cybersecurity Incident After Ransomware Gang Claims AttackThe incident affected a portion of the county's network. The county is currently investigating the incident after ransomware gang, Play, claimed responsibility and threatened to leak stolen data by November 3.THERECORD.MEDIA
31 OctSeptember Sees a 32% Increase in the Number of Ransomware Attacks in Just One MonthContinued analysis of ransomware attacks shows an upward trend in the number of attacks, with September resulting in the highest number of assaults so far this year.KNOWBE4.COM
31 OctUS-led cybersecurity coalition vows to not pay hackers’ ransom demandsThe U.S. government and dozens of foreign allies have pledged never to pay ransom demands in a bid to discourage financially motivated hackers and ransomware gangs profiteering from cyberattacks. The joint pledge was announced during the third annual meeting of the International …TECHCRUNCH.COM
31 OctDozens of countries will pledge to stop paying ransomware gangsAn alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. [...]BLEEPINGCOMPUTER.COM
31 OctSEC charges SolarWinds CISO with fraud for misleading investors before major cyberattacksubmitted by thebardingreen to securitynews 1 points | 0 comments https://therecord.media/solarwinds-ciso-sec-chargedTHERECORD.MEDIA
31 OctBritish Library knocked offline by weekend cyberattackThe British Library has been hit by a major IT outage affecting its website and many of its services following a "cyber incident" that impacted its systems on Saturday, October 28. [...]BLEEPINGCOMPUTER.COM
31 OctIndia’s biggest data breach? Hacking gang claims to have stolen 815 million people’s personal informationThe personal information of more than 815 million people in India has reportedly been leaked online. According to local media reports, hackers have offered for sale the personally identifiable information (PII) - including that found on Aadhaar identity cards - belonging to hundr…INDIA'S%20BIGGEST%20DATA%20BREACH?%20HACKING%20GANG%20CLAIMS%20TO%20HAVE%20STOLEN%20815%20MILLION%20PEOPLE'S%20PERSONAL%20INFORMATION
31 OctStep-by-step through the Money Message ransomwareMoney Message is an insidious ransomware family known for resisting detection and remediation in various ways. We walk through a recent caseSOPHOS.COM
🕵️ THREAT INTELLIGENCE 36[−]
31 OctCryptojackers steal AWS credentials from GitHub in 5 minutessubmitted by throws_lemy to cybersecurity 3 points | 0 comments https://www.theregister.com/2023/10/30/cryptojackers_steal_aws_credentials_github/THEREGISTER.COM
31 OctISC Stormcast For Tuesday, October 31st, 2023 https://isc.sans.edu/podcastdetail/8724, (Tue, Oct 31st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
31 OctSEC Charges SolarWinds and Its CISO With Fraud and Cybersecurity FailuresThe SEC filed charges against SolarWinds and its CISO over misleading investors about its cybersecurity practices and known risks. The post SEC Charges SolarWinds and Its CISO With Fraud and Cybersecurity Failures appeared first on SecurityWeek .SECURITYWEEK.COM
31 OctServiceNow Misconfigurations Lead to Leak of Sensitive DataServiceNow has been alerted to a potential misconfiguration concern that might impact the security of its platform. The company is actively addressing the issue and working towards a resolution. The issue involves Access Control Lists (ACLs), which are used to control access to t…GBHACKERS.COM
31 OctBSides Munich 2023 - 7 SYNs; 22 videossubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/d3689f9a-9e95-49c6-8eed-1bf712098f38.png BSidesMunich is the premiere, independently organized computer security event in the Munich, Germany area, bringing together both local and internati…INFOSEC.PUB
31 OctPro-Hamas Hacker Group Targets Israeli Entities with BiBi-Linux Wiper MalwareThe suspected Hamas-affiliated threat actor, Arid Viper, employs social engineering and phishing attacks to deploy custom malware for cyber espionage activities against high-profile targets in Israel and Palestine.THEHACKERNEWS.COM
31 OctPentestPad: Platform for Pentest TeamsIn the ever-evolving cybersecurity landscape, the game-changers are those who adapt and innovate swiftly. Pen test solutions not only supercharge productivity but also provide a crucial layer of objectivity, ensuring efficiency and exceptional accuracy. The synergy between a skil…THEHACKERNEWS.COM
31 OctHacker Jailed for Stealing $1 Million Via SIM Swapping AttacksA young man from Orlando, Florida, has been handed a 30-month prison sentence for his role in a cybercrime scheme that stole nearly $1 million in cryptocurrency from unsuspecting victims. As part of a group of hackers, Jordan Dave Persad, a 20-year-old, admitted to conspiri…GBHACKERS.COM
31 OctPalo Alto Networks + Dig SecurityThe acquisition of Dig Security will strengthen our investment in powerful data security capabilities that extend Code to Cloud intelligence insights. The post Palo Alto Networks + Dig Security appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
31 OctExtending ZTNA to Protect Against Insider ThreatsOne of the main reasons why ZTNA fails is that most ZTNA implementations tend to focus entirely on securing remote access. The post Extending ZTNA to Protect Against Insider Threats appeared first on SecurityWeek .SECURITYWEEK.COM
31 OctCould a threat actor socially engineer ChatGPT?As the one-year anniversary of ChatGPT approaches, cybersecurity analysts are still exploring their options. One primary goal is to understand how generative AI can help solve security problems while also looking out for ways threat actors can use the technology. There is some th…SECURITYINTELLIGENCE.COM
31 OctNavigating Cybersecurity in a Social-First CampaignThe "Cyber Talks" series simplifies complex cybersecurity through relatable scenarios. Learn to protect your digital life in this social-first campaign. The post Navigating Cybersecurity in a Social-First Campaign appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
31 OctCyberheistNews Vol 13 #44 [Don't Get Trapped] The Dark History of Phishing and More Social EngineeringKNOWBE4.COM
31 OctTraining Tuesday - Discussions for certs, training and learning-at-homesubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss industry certifications, trainings and other courses/learning. Ask questions, share your experiences and help others!INFOSEC.PUB
31 OctGoogle Chrome Now Auto-Upgrades to Secure Connections for All UsersGoogle Chrome's new feature, HTTPS-Upgrades, automatically upgrades insecure HTTP requests to HTTPS requests. This will help secure old links and prevent snooping on connections to steal sensitive data.BLEEPINGCOMPUTER.COM
31 OctCybercriminal Group Octo Tempest and Its Menacing PhishbaitMicrosoft is tracking a cybercriminal group called “Octo Tempest” that uses threats of violence as part of its social engineering and data theft extortion campaigns.KNOWBE4.COM
31 OctShould We Be Relying on Our Cybersecurity Risk Matrices? - Doug Hubbard - CSP #146A key role for the CISO and the team is to identify and plan for mitigation of the most damaging risks. Various approaches have been used over the years with varying levels of success. Are we measuring the right things? Are we using the right instruments? Join us as we discuss so…YOUTUBE.COM
31 OctWSJ: "SEC Sues SolarWinds Over 2020 Hack Attributed to Russians"October 30, 2023 the Wall street Journal broke news that the United States Security and Exchange Commission sued Solarwinds. Here are the first few paragraphs and there is a link to the full WSJ article at the bottom : "the software company victimized by Russian-linked hac…KNOWBE4.COM
31 OctArid Viper Targeting Arabic Android Users with Spyware Disguised as Dating AppThe threat actor known as Arid Viper (aka APT-C-23, Desert Falcon, or TAG-63) has been attributed as behind an Android spyware campaign targeting Arabic-speaking users with a counterfeit dating app designed to harvest data from infected handsets. "Arid Viper's Android malware has…THEHACKERNEWS.COM
31 OctDr. Who | iLeakage | Canada | AI | Killnet | NuGet | Jason Wood & More! – SWN338This week, Doug Talks: Dr. Who, iLeakage, Canada, AI, Killnet, NuGet, Jason Wood, and More on the security weekly news. →Full Show Notes: https://securityweekly.com/swn338 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our website: https://www.securit…YOUTUBE.COM
31 OctMassive cybercrime URL shortening service uncovered via DNS dataA threat actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected. [...]BLEEPINGCOMPUTER.COM
31 OctArid Viper Disguising Mobile Spyware as Updates for Non-Malicious Android ApplicationsThe malware used by Arid Viper shares similarities with a non-malicious dating app called Skipped, indicating a possible connection between the APT group and the app's developers.TALOSINTELLIGENCE.COM
31 OctIAM Credentials in Public GitHub Repositories Harvested in MinutesA threat actor is reportedly harvesting IAM credentials from public GitHub repositories within five minutes of exposure. The post IAM Credentials in Public GitHub Repositories Harvested in Minutes appeared first on SecurityWeek .SECURITYWEEK.COM
31 OctDr. Who, iLeakage, Canada, AI, Killnet, NuGet, More News and Jason Wood - SWN #338Dr. Who, iLeakage, Canada, AI, Killnet, NuGet, You might be a North Korean, More News, and Jason Wood, on this Halloween edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-338YOUTUBE.COM
31 OctPalo Alto Networks to Buy Data Defense Startup Dig SecurityDig Purchase Will Give Customers Visibility, Control Around Multi-Cloud Data Estate Palo Alto Networks plans to purchase a data security posture management startup led by a Microsoft and Google veteran and backed by Samsung. The proposed buy of Tel Aviv, Israel-based Dig Security…DATABREACHTODAY.CO.UK
31 OctPalo Alto Networks to Acquire Cloud Security Start-Up Dig SecurityPalo Alto Networks has entered into a definitive agreement to acquire Dig Security, a provider of Data Security Posture Management (DSPM) technology. The post Palo Alto Networks to Acquire Cloud Security Start-Up Dig Security appeared first on SecurityWeek .SECURITYWEEK.COM
31 OctAbusing OAuth, State of DevOps, Nightshade and AI, iLeakage, Sandboxing Apps - ASW #261OAuth implementation failures, the State of DevOps report, data poisoning generative AIs with Nightshade, implementing spectre attacks with JavaScript and WebAssembly against WebKit, sandboxing apps Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes:…YOUTUBE.COM
31 OctMisdirection for a Price: Malicious Link-Shortening ServicesResearchers Discover 'Prolific Puma' Service Used by Hackers, Phishers and Scammers Researchers have discovered an underground offering with the codename "Prolific Puma," which since 2020 has been the "largest and most dynamic" cybercrime link-shortening service on the market. At…DATABREACHTODAY.CO.UK
31 OctDR. WHO, ILEAKAGE, CANADA, AI, KILLNET, NUGET, MORE NEWS AND JASON WOOD – SWN #338This week our own Dr. Doug talks: Dr. Who, iLeakage, Canada, AI, Killnet, NuGet, You might be a North Korean, Jason Wood, and more Spooky News on this Halloween edition of the Security Weekly News! →Watch Live: https://securityweekly.com/live →Subscribe to our podcasts: https://s…YOUTUBE.COM
31 OctNews alert: Ivanti reports reveals 49% of CXOs have requested bypassing security measuresSalt Lake City, Utah, Oct. 31, 2023 — Ivanti , the tech company that elevates and secures Everywhere Work, today announced the results of its Executive Security Spotlight report as part of Ivanti’s Cybersecurity Status Report Series. Ivanti surveyed over … (more…)LASTWATCHDOG.COM
31 OctCybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISOThe SEC's lawsuit against the CISO of SolarWinds is leaving CISOs across the industry spooked and reevaluating their roles. The post Cybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO appeared first on SecurityWeek .SECURITYWEEK.COM
31 OctNews alert: Traceable celebrates winning the prestigious SINET16 Innovator Award for 2023San Francisco, Calif., Oct. 31, 2023 – Traceable AI , the industry’s leading API security company, proudly announces its continued recognition in the cybersecurity industry, with the latest accolade being the prestigious SINET16 Innovator Award for 2023. The SINET16 Innovat…LASTWATCHDOG.COM
31 OctGerman Data Regulator to Intensify ChatGPT ProbeData Agency for Rhineland-Palatinate Area Will Send Additional Questions to OpenAI A German data regulator will deepen its investigation of ChatGPT maker OpenAI to determine if the company's data processing requirements comply with European privacy law. The intensified probe will…DATABREACHTODAY.CO.UK
31 OctSupercharging Red-Teaming with Infrastructure as Code Integrationsubmitted by L4s to secops 1 points | 0 comments https://github.com/RoseSecurity-Research/WolfPack Supercharging Red-Teaming with Infrastructure as Code Integration::WolfPack combines the capabilities of Terraform and Packer to streamline the deployment of red team redirectors on…GITHUB.COM
31 OctAI-Enabled Crimes Are Already Here, UK NCA Chief SaysGraeme Biggar Says We Need to Get AI and Facial Recognition Right Risks tied to artificial intelligence are imminent and require systemic attention, the head of the British crime agency said Tuesday. Facial recognition and AI are the two latest technical developments where we nee…DATABREACHTODAY.CO.UK
31 OctFrom classroom to cyberfront: Unlocking the potential of the next generation of cyber defendersMicrosoft education programs and AI promise to help address one of cybersecurity’s biggest challenges—3.4 million skills shortage globally. Learn how Microsoft is supporting the cause. The post From classroom to cyberfront: Unlocking the potential of the next generation of cyber …MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 7[−]
31 OctMalicious NuGet Packages Caught Distributing SeroXen RAT MalwareCybersecurity researchers have uncovered a new set of malicious packages published to the NuGet package manager using a lesser-known method for malware deployment. Software supply chain security firm ReversingLabs described the campaign as coordinated and ongoing since August 1, …THEHACKERNEWS.COM
31 Oct.US Harbors Prolific Malicious Link Shortening ServiceThe top-level domain for the United States -- .US -- is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified .…KREBSONSECURITY.COM
31 OctMalicious NuGet packages abuse MSBuild to install malwareA new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily. [...]BLEEPINGCOMPUTER.COM
31 OctRussia to Launch its Own Version of Virustotal Due to US Snooping FearsThe Russian government is developing its own malware scanning platform, Multiscanner, due to concerns that the U.S. government could access data from the popular VirusTotal service.THERECORD.MEDIA
31 OctMultiple Layers of Anti-Sandboxing Techniques, (Tue, Oct 31st)It has been a while that I did not find an interesting malicious Python script. All the scripts that I recently spotted were always the same:&#;x26;#;xc2;&#;x26;#;xa0;a classic intostealer using Discord as C2 channel. Today …ISC.SANS.EDU
31 OctSamsung Galaxy gets new Auto Blocker anti-malware featureSamsung has unveiled a new security feature called 'Auto Blocker' as part of the One UI 6 update, offering enhanced malware protection on Galaxy devices. [...]BLEEPINGCOMPUTER.COM
31 OctAvast confirms it tagged Google app as malware on Android phonesCzech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 24[−]
31 OctIndian opposition leaders say Apple has warned them of state-sponsored iPhone attacksApple has warned at least six Indian politicians and other members of political parties and one journalist of their iPhones being targets of state-sponsored attacks, these people said Tuesday. Shashi Tharoor of the opposition Congress party, Mahua Moitra, a national lawmaker with…TECHCRUNCH.COM
31 OctCostco Pharmacy Sends Sensitive Health Data to Third PartiesThe lawsuits claim that Costco's data collection and disclosure practices violate HIPAA, the Federal Trade Act, and federal and state wiretapping and other laws, as well as warnings from government agencies.BANKINFOSECURITY.COM
31 OctCanada Bans WeChat and Kaspersky Apps On Government DevicesCanada on Monday announced a ban on the use of apps from Tencent and Kaspersky on government mobile devices, citing an "unacceptable level of risk to privacy and security." "The Government of Canada is committed to keeping government information and networks secure," the Canadian…THEHACKERNEWS.COM
31 OctSEC Charges SolarWinds, its CISO With FraudSolarWinds and its CISO Timothy Brown have been charged by the SEC for fraud and internal control failures related to misleading investors about their cybersecurity practices leading up to the Sunburst attack.CYBERSECURITYDIVE.COM
31 OctCanada Bans WeChat and Kaspersky on Government PhonesCanada has banned the messaging app WeChat and cybersecurity platform Kaspersky from government smartphones and mobile devices due to privacy and security concerns. This follows Canada's previous ban on TikTok in February.SECURITYWEEK.COM
31 OctApple Improves iMessage Security With Contact Key VerificationContact key verification uses a verifiable log-backed map data structure to ensure user privacy and allow audits. It also enables users to manually verify contacts using a protocol called Vaudenay SAS.SECURITYWEEK.COM
31 OctPreparing for your child's first gadget: what you need to know | Kaspersky official blogCybersecurity and psychological considerations that parents should be aware of before handling their kids their very first tech gadget.KASPERSKY.COM
31 OctPreparing for your child's first gadget: a comprehensive checklist | Kaspersky official blogDownloadable handbook: your go-to guide for managing your child's first gadget.KASPERSKY.COM
31 OctMeta Launches Paid Ad-Free Subscription in Europe to Satisfy Privacy LawsMeta, the parent company of Facebook and Instagram, has announced plans to offer an ad-free subscription option for users in the European Union (EU), European Economic Area (EEA), and Switzerland.THEHACKERNEWS.COM
31 OctReport Links ChatGPT to 1265% Rise in Phishing EmailsThe SlashNext State of Phishing Report 2023 reveals a significant surge in malicious phishing emails and credential phishing attacks, with a 1265% and 967% increase respectively.INFOSECURITY-MAGAZINE.COM
31 OctSEC Charges SolarWinds And Its CISO With Fraud And Cybersecurity FailuresPACKETSTORMSECURITY.COM
31 OctAlliance Of 40 Countries To Vow Not To Pay Ransom To Cybercriminals, US SaysPACKETSTORMSECURITY.COM
31 OctPacket Storm Updates Will Be Minimal Until November 10Updates to the site will be paused or very minimal over the next week. I'll be off grid for a while and will make updates if I'm fortunate enough to find connectivity. Updates will resume around November 10th if everything goes according to schedule. -ToddPACKETSTORMSECURITY.COM
31 OctCanada bans WeChat and Kaspersky products on govt devicesCanada has banned the use of Kaspersky security products and Tencent's WeChat app on mobile devices used by government employees, citing network and national security concerns. [...]BLEEPINGCOMPUTER.COM
31 OctFlorida SIM Swapper Sentenced to Prison for Cryptocurrency TheftThe perpetrator and his co-conspirators targeted dozens of victims, gaining access to their cryptocurrency accounts by hijacking their phone numbers and initiating password resets.SECURITYWEEK.COM
31 OctLargest Indian Data Leak Involving 815 Million People’s COVID Test Data on Sale; Samples VerifiedThe personal data of nearly 815 million citizens of India, including names, phone numbers, addresses, passport information, and Aadhaar card details, has been found for sale on the dark web.THECYBEREXPRESS.COM
31 OctMicrosoft releases Windows 11 23H2 as an enablement packageMicrosoft announced today the release of Windows 11, version 23H2, the next feature update for its operating system (also known as the Windows 11 2023 Update). [...]BLEEPINGCOMPUTER.COM
31 OctHow to download a Windows 11 23H2 ISO from MicrosoftMicrosoft released Windows 11 23H2, the Windows 11 2023 Update, today, and you can now download an ISO image for the new version to put aside for emergencies or clean installs. [...]BLEEPINGCOMPUTER.COM
31 OctLog analysis and security firm Graylog raises $9M in equity, $30M in debtThe decline in VC funding for cybersecurity startups might finally be reversing course after months of discouraging trend lines. Recently, Crunchbase reported that cybersecurity startups raised nearly $1.9 billion through 153 deals in Q3 — a 12% increase from the $1.7 billi…TECHCRUNCH.COM
31 OctWindows 11 23H2 - New features in the Windows 11 2023 UpdateThis article will explore Windows 11 23H2 features, from dynamic lighting to Windows Copilot upgrades. [...]BLEEPINGCOMPUTER.COM
31 OctFlipper Zero Bluetooth spam attacks ported to new Android appRecent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts. [...]BLEEPINGCOMPUTER.COM