🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
6 NovQNAP Warns of Critical Command Injection Flaws in QTS OS, AppsThe first vulnerability, tracked as CVE-2023-23368, allows remote attackers to execute commands via a network. The second vulnerability, identified as CVE-2023-23369, can also be exploited by remote attackers.BLEEPINGCOMPUTER.COM
6 NovExploit Activity for CVE-2023-22518, Atlassian Confluence Data Center and Server, (Mon, Nov 6th)Last week, Atlassian published an advisory for CVE-2023-22518. The vulnerability is a trivial to exploit authentication bypass vulnerability [;1];. Atlassian emphasized the importance of the advisory with a quote from its CISO: "There are no reports of active ex…ISC.SANS.EDU
6 NovQNAP Releases Patch for 2 Critical Flaws Threatening Your NAS DevicesQNAP has released security updates to address two critical security flaws impacting its operating system that could result in arbitrary code execution. Tracked as CVE-2023-23368 (CVSS score: 9.8), the vulnerability is described as a command injection bug affecting QTS, QuTS hero,…THEHACKERNEWS.COM
6 NovYour printer is not your printer ! - Hacking Printers at Pwn2Own Part II | DEVCORE 戴夫寇爾submitted by L4s to secops 1 points | 0 comments https://devco.re/blog/2023/11/06/your-printer-is-not-your-printer-hacking-printers-pwn2own-part2-en/ Your printer is not your printer ! - Hacking Printers at Pwn2Own Part II | DEVCORE 戴夫寇爾::We identified Pre-auth RCE vulnerabilitie…DEVCO.RE
6 NovHackers exploit Looney Tunables Linux bug, steal cloud credsThe operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to gain root privileges on the system. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 22[−]
6 NovZero Day Threat Protection for Your NetworkExplore the world of zero day threats and gain valuable insight into the importance of proactive detection and remediation.TRENDMICRO.COM
6 NovDiscord Will Switch to Temporary File Links to Block Malware DeliveryDiscord has been a breeding ground for cybercriminals, with thousands of malware operations exploiting its CDN URLs to distribute and install malicious payloads on compromised systems.BLEEPINGCOMPUTER.COM
6 NovGoogle Warns How Hackers Could Abuse Calendar Service as a Covert C2 ChannelGoogle is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure. The tool, called Google Calendar RAT (GCR), employs Google Calendar Events for C2 using a Gmail account…THEHACKERNEWS.COM
6 Nov12 notable bug bounty programs launched in 2023Bug bounty programs have increased significantly in popularity and use over the last several years and for good reason — they're sexy, offering cold hard cash and the opportunity for cybersecurity experts to play detective for a good cause. More and more organizations are adoptin…CSOONLINE.COM
6 NovOrganizations turn to zero trust, network segmentation as ransomware attacks doubleThe number of ransomware attacks (successful and unsuccessful) has doubled over the past two years. The average number of attacks per country among surveyed organizations rose from an average of 43 in 2021 to 86 in 2023. Organizations have responded by implementing zero trust and…CSOONLINE.COM
6 NovMicrosoft Says Exchange ‘Zero Days’ Disclosed by ZDI Already Patched or Not UrgentMicrosoft says four Exchange ‘zero-days’ disclosed by ZDI have either already been patched or they don’t require immediate attention. The post Microsoft Says Exchange ‘Zero Days’ Disclosed by ZDI Already Patched or Not Urgent appeared first on SecurityWeek .SECURITYWEEK.COM
6 NovSocks5Systemz Proxy Hacked 10,000+ Systems World WideProxy services let users rent IP addresses and provide online anonymity by disguising their traffic as regular IP addresses while hiding the true source or origin. Bitsight researchers recently found a new malware sample distributed by the following two loaders:- It installs a pr…GBHACKERS.COM
6 NovA blueprint for high-speed cloud-native securityCloud-native environments and applications deliver unprecedented agility and scalability in a business climate that demands speed. However, they also introduce extraordinary security challenges that require more rapid event detection and response than the traditional on-premises …CSOONLINE.COM
6 NovExploitation of Critical Confluence Vulnerability BeginsThreat actors have started exploiting a recent critical vulnerability in Confluence Data Center and Confluence Server. The post Exploitation of Critical Confluence Vulnerability Begins appeared first on SecurityWeek .SECURITYWEEK.COM
6 NovHackers Could Abuse Google Calendar as a Covert C2 ChannelGoogle has warned about a new threat called Google Calendar RAT (GCR) that uses the Calendar service as command-and-control infrastructure. It creates a covert channel by exploiting event descriptions in Google Calendar, making detection difficult.THEHACKERNEWS.COM
6 Nov‘Looney Tunables’ Glibc Vulnerability Exploited in Cloud AttacksGlibc vulnerability affecting major Linux distributions and tracked as Looney Tunables exploited in cloud attacks by Kinsing group. The post ‘Looney Tunables’ Glibc Vulnerability Exploited in Cloud Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
6 NovConfirmed: Palo Alto has acquired Talon Cyber Security, sources say for $625MPalo Alto Networks has just confirmed one more major piece of security startup M&A out of Israel: it has acquired Talon Cyber Security, a specialist in building enterprise browsers for securing distributed workforces sources. Source say the deal is valued at $625 million. Thi…TECHCRUNCH.COM
6 NovMost cloud moves found rushed as adopters underrate associated risks: ReportA new study on the current state of cloud-native security found that a considerable number of cloud adopters do not understand the security risks of moving legacy applications to the cloud, opening themselves to a number of cloud-based attacks. The study conducted by cybersecurit…CSOONLINE.COM
6 NovHackers Actively Exploiting Linux Privilege Escalation Flaw to Attack Cloud EnvironmentsLinux Privilege Escalation flaw is one of the highly critical flaws as it can allow an attacker to gain elevated privileges on a system, potentially leading to full control. Hackers typically exploit these vulnerabilities by crafting malicious code or commands that take adv…GBHACKERS.COM
6 NovThis new SaaS security solution aims to disrupt the market with its ‘freemium’ approachIn today’s digital landscape, SaaS has emerged as the cornerstone of contemporary business operations. According to research published earlier this year, the average employee utilizes 28 distinct SaaS applications, and in mid-size organizations, an average of seven new applicatio…CSOONLINE.COM
6 NovTellYouThePass ransomware joins Apache ActiveMQ RCE attacksInternet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution (RCE) vulnerability previously exploited as a zero-day. [...]BLEEPINGCOMPUTER.COM
6 NovCISA Published When to Issue VEX InformationToday, CISA published When to Issue Vulnerability Exploitability eXchange (VEX) Information , developed by a community of industry and government experts with the goal to offer some guidance and structure for the software security world, including the large and growing global SBO…CISA.GOV
6 NovGUEST ESSAY: How to mitigate the latest, greatest phishing variant — spoofed QR codesQR code phishing attacks started landing in inboxes around the world about six months ago. Related: ‘BEC’ bilking on the rise These attacks prompt the target to scan a QR code and trick them into downloading malware or sharing sensitive … (more…)LASTWATCHDOG.COM
6 NovCritical Atlassian Confluence bug exploited in Cerber ransomware attacksAttackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware. [...]BLEEPINGCOMPUTER.COM
6 NovCisco patches serious flaws in Firepower and Identity Services EngineCisco released several patches for high and critical vulnerabilities affecting several products like its Firepower network security devices, Identity Services Engine (ISE)) network access control platform, and Adaptive Security Appliance (ASA). The US Cybersecurity and Infrastruc…CSOONLINE.COM
6 NovOnline store exposed millions of Chinese citizen IDsA security researcher said he discovered millions of Chinese citizen identity numbers spilling online after an e-commerce store left its database exposed to the internet. Viktor Markopoulos, a security researcher working for CloudDefense.ai, said he found the database belonging t…TECHCRUNCH.COM
6 NovISC2 Cyber Workforce Study Says AI, Cloud Skills Are NeededISC2 CEO Clar Rosso on the Latest Cybersecurity Training and Development Trends Tech firms are making huge investments in generative AI tools, but nearly half of cybersecurity professionals say they have little or no or knowledge of AI, according to ISC2's Cyber Workforce Study 2…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 8[−]
6 NovUK's NCSC Publishes Guidance to Help Firms Prepare for Post-Quantum CryptographyPost-quantum cryptography (PQC) algorithms should be implemented to replace vulnerable traditional public key cryptography (PKC) algorithms to mitigate the threat of quantum computers.NCSC.GOV.UK
6 NovLiechtenstein's Data Regulator Releases AI Chatbot GuidanceGuidance Cites GDPR Transparency and Consent Clauses The data protection regulator of European country Liechtenstein rolled out new data processing guidance for large language model-powered chatbots such as ChatGPT. The primary legal basis for compliance will be the consent and t…DATABREACHTODAY.CO.UK
6 NovMicrosoft will roll out MFA-enforcing policies for admin portal accessMicrosoft will roll out Conditional Access policies requiring multifactor authentication from administrators when signing into Microsoft admin portals such as Microsoft Entra, Microsoft 365, Exchange, and Azure. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 21[−]
6 NovU.S. Treasury Targets Russian Money Launderer in Cybercrime CrackdownThe U.S. Department of the Treasury imposed sanctions against a Russian woman for taking part in the laundering of virtual currency for the country's elites and cybercriminal crews, including the Ryuk ransomware group. Ekaterina Zhdanova, per the department, is said to have facil…THEHACKERNEWS.COM
6 NovArid Viper Steals Sensitive data From Android Phones and Deploy other MalwareAccording to recent reports, Arabic-speaking Android users have been targeted with spyware by the “Arid Viper” threat actor, also known as APT-C-23, Desert Falcon, or TAG-63). This threat actor has been using counterfeit dating apps designed to exfiltrate data from co…GBHACKERS.COM
6 NovLEGO Marketplace BrickLink Suffering Downtime Due to Alleged Hacking IncidentThe website of BrickLink, a popular LEGO marketplace, is currently down due to a reported hacking incident. Hackers are allegedly demanding payments in cryptocurrency in exchange for not deleting store inventories and other items on BrickLink.HACKREAD.COM
6 NovA Cyber Breach Delays Poll Worker Training in Mississippi’s Largest County Before the Statewide VoteElection officials in Mississippi’s most populous county had to scramble to complete required poll worker training after an early September breach involving county computers. The post A Cyber Breach Delays Poll Worker Training in Mississippi’s Largest County Before the Stat…SECURITYWEEK.COM
6 NovHHS: Healthcare Data Breaches Impact 88 Million Americans This YearIn 2023 alone, there has been a 60% year-on-year increase in large breaches impacting over 88 million individuals, with hacking accounting for 77% of these breaches, according to the HHS.INFOSECURITY-MAGAZINE.COM
6 NovIranian Hackers Launches Destructive Cyberattacks on Israeli Tech and Education SectorsIsraeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware. The intrusions, which took place as recently as October, have been attributed …THEHACKERNEWS.COM
6 NovHackers Steal 400GB of Data From Russian Insurance Giant RosgosstrakhThe data, which is being sold on Breach Forums for $50,000 in cryptocurrency, includes bank statements, personal information of 730,000 individuals, and sensitive details such as Russian Social Security Numbers and bank routing information.HACKREAD.COM
6 NovCorrupt Police Imprisoned for Revealing Investigation Secrets to CriminalNatalie Mottram, a 25-year-old intelligence analyst who worked for Cheshire Police and the North West Regional Organised Crime Unit (ROCU), has been given a prison sentence of three years and nine months for her role in a serious security breach. She was convicted of access…GBHACKERS.COM
6 NovUS Sanctions Russian National for Helping Ransomware Groups Launder MoneyThe US Treasury has sanctioned Ekaterina Zhdanova for laundering money on behalf of cybercriminals and Russian elites. The post US Sanctions Russian National for Helping Ransomware Groups Launder Money appeared first on SecurityWeek .SECURITYWEEK.COM
6 NovWho’s Behind the SWAT USA Reshipping Service?Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today's Part II, we'll examine clues about the real-life identi…KREBSONSECURITY.COM
6 NovHealthcare’s Road to Redefining Cybersecurity With Modern SolutionsAccording to a report by Sophos, the rate of data encryption following a ransomware attack in the healthcare sector has reached its highest level in the last three years.HELPNETSECURITY.COM
6 NovHealthcare Sector Experiencing Increases in Ransomware, Ransoms and DowntimeAn analysis of ransomware attacks on healthcare organizations from 2016 through October of 2023 shows the healthcare sector is likely to continue to suffer as a viable ransomware target.KNOWBE4.COM
6 NovSecuriDropper: New Android Dropper-as-a-Service Bypasses Google's DefensesCybersecurity researchers have shed light on a new dropper-as-a-service (DaaS) for Android called SecuriDropper that bypasses new security restrictions imposed by Google and delivers the malware. Dropper malware on Android is designed to function as a conduit to install a payload…THEHACKERNEWS.COM
6 NovNew Android Dropper-as-a-Service Called SecuriDropper Bypasses Google's DefensesDropper malware allows cybercriminals to install payloads on compromised devices. SecuriDropper disguises itself as harmless apps and uses a different Android API to install the payload, mimicking the process used by app marketplaces.THEHACKERNEWS.COM
6 NovReport: Over Half of Users Report Kubernetes or Container Security IncidentsCloud-native development practices are creating dangerous new security blind spots for organizations in the US, UK, France, and Germany, according to a new study from Venafi.INFOSECURITY-MAGAZINE.COM
6 NovAmerican Airlines Pilot Union Recovering After Ransomware AttackThe Allied Pilots Association is restoring its systems after a file-encrypting ransomware attack. The post American Airlines Pilot Union Recovering After Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
6 NovCyber Intrusion Delays Poll Worker Training in Mississippi’s Largest County Before the Statewide VoteElection officials in Hinds County, Mississippi, had to rush to complete poll worker training after a breach in early September compromised county computers. This caused a delay in processing voter registration forms.SECURITYWEEK.COM
6 NovUS sanctions Russian who laundered money for Ryuk ransomware affiliateThe U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Russian national Ekaterina Zhdanova for laundering millions in cryptocurrency for various individuals, including ransomware actors. [...]BLEEPINGCOMPUTER.COM
6 NovSideCopy APT's Multi-Platform Onslaught Targets Indian Government and Defense EntitiesSideCopy is employing phishing tactics and using compromised domains with reused IP addresses to distribute malicious files and deploy malware, including a Linux variant of the Ares RAT, indicating a multi-platform approach in their attacks.SEQRITE.COM
6 NovUS sanctions Russian accused of laundering Ryuk ransomware fundsThe U.S. government has sanctioned a Russian national for allegedly laundering millions of dollars worth of victim ransom payments on behalf of individuals linked to the notorious Ryuk ransomware group. According to an announcement from the U.S. Treasury’s Office of Foreign Asset…TECHCRUNCH.COM
6 NovNew Jupyter Infostealer Version Emerges with Sophisticated Stealth TacticsAn updated version of an information stealer malware known as Jupyter has resurfaced with "simple yet impactful changes" that aim to stealthily establish a persistent foothold on compromised systems. "The team has discovered new waves of Jupyter Infostealer attacks which leverage…THEHACKERNEWS.COM
🕵️ THREAT INTELLIGENCE 29[−]
6 NovISC Stormcast For Monday, November 6th, 2023 https://isc.sans.edu/podcastdetail/8732, (Mon, Nov 6th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
6 NovResearchers Uncover a New Version of Kazuar BackdoorResearchers identified Russian-linked Turla APT deploying an updated version of the Kazuar backdoor, suggesting a revival of the malware after years of inactivity with improved code structure and enhanced functionality. The new version of the Kazuar backdoor supports over 40…CYWARE.COM
6 Nov‘Crypto King’ Sam Bankman-Fried Pleads Guilty Multi-billion Dollar FraudSam Bankaman-Fried, the founder and CEO of the largest cryptocurrency exchange, has recently pleaded guilty to charges of fraud and money laundering. This news has sent shockwaves through the cryptocurrency community, as Bankaman-Fried was highly regarded and his exchange was con…GBHACKERS.COM
6 NovAuthor: Understanding Value at Risk Helps Quantify Uncertainty, Gauge Cybersecuritysubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/737f4dd2-001a-4f96-9219-19f483b45022.png Understanding Value at Risk Helps Quantify Uncertainty, Gauge Cybersecurity In a book he coauthored, Resilience Chief Risk Officer Rich Seiersen disc…INFOSEC.PUB
6 NovJawnCon 0x0submitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/8225b976-854d-4959-8986-fe9603600ee4.png JawnCon Schedule from the website JawnCon playlistINFOSEC.PUB
6 NovIranian APT Targets Israeli Education, Tech Sectors With New WipersThe Iran-linked APT Agrius has been targeting higher education and technology organizations in Israel with new wipers. The post Iranian APT Targets Israeli Education, Tech Sectors With New Wipers appeared first on SecurityWeek .SECURITYWEEK.COM
6 NovMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
6 NovPrisma® SASE and Talon to Secure the Rising Risk of Unmanaged DevicesOur intention to acquire Talon will enable customers to extend Prisma SASE’s leading Zero Trust and cloud-delivered security to unmanaged devices. The post Prisma® SASE and Talon to Secure the Rising Risk of Unmanaged Devices appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
6 NovSpear Phishing Becomes Most Common Attack Technique in Q3 2023Spear phishing was the most common attack technique in the third quarter of 2023, according to researchers at ReliaQuest.KNOWBE4.COM
6 NovIranian APT Targets Israeli Education, Tech Sectors With New Data WipersAn Iranian APT group known as Agrius has been targeting higher education and technology organizations in Israel with destructive attacks and wipers, including MultiLayer, PartialWasher, and BFG Agonizer, since January 2023.SECURITYWEEK.COM
6 NovCrashing iPhones with a Flipper ZeroThe Flipper Zero is an incredibly versatile hacking device. Now it can be used to <a href="https://arstechnica.com/security/2023/11/flipper-zero-gadget-that-doses-iphones-takes-once-esoteric-attacks-mainstream/"crash iPhones in its vicinity by sending it a never-ending stream…SCHNEIER.COM
6 NovUS, South Korea and Japan Launch Group to Tackle North Korean HackingThe FBI has attributed recent cryptocurrency hacks to North Korean-sponsored threat actors, highlighting the need for increased cybersecurity cooperation among liberal democracies in the Pacific.THERECORD.MEDIA
6 NovPalo Alto Networks to Buy Enterprise Browser Startup TalonTalon Acquisition Will Allow Users to Securely Access Business Apps From Any Device Palo Alto Networks announced its second acquisition in a week, scooping up the 2022 winner of RSA Conference's prestigious Innovation Sandbox contest. The proposed buy of Talon Cyber Security will…DATABREACHTODAY.CO.UK
6 NovPalo Alto to Acquire Talon, Intensifying Competition in Cloud Data SecurityTechnology powerhouse Palo Alto Networks is officially on a billion-dollar shopping spree in the cloud data security space. The post Palo Alto to Acquire Talon, Intensifying Competition in Cloud Data Security appeared first on SecurityWeek .SECURITYWEEK.COM
6 NovSecurity Money: The Index is Rebounding | Leadership & Communications - BSW #327This week, we start things off with our Security Money segment, about how The Index is Rebounding. Then we follow up with our Leadership and Communications Articles for the week. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securitywee…YOUTUBE.COM
6 NovTravelers to Acquire Cyberinsurance Firm Corvus for $435 MillionProperty and casualty insurance giant Travelers has entered into an agreement to acquire Corvus Insurance Holdings for approximately $435 million. The post Travelers to Acquire Cyberinsurance Firm Corvus for $435 Million appeared first on SecurityWeek .SECURITYWEEK.COM
6 NovSecurity Money: The Index is Rebounding - BSW #327It's time to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update you on the Security Weekly 25 index. The index is rebounding, but there's a long way to go to get back to the top. Visit https://…YOUTUBE.COM
6 NovSEC Charging SolarWinds Is A Game Changer, Forcing Us To Rethink CISO Accountability - BSW #327In the leadership and communications segment, SolarWinds Is A Game Changer - You Cannot Sugarcoat Cybersecurity, Rethinking CISO Accountability: A Call for Balance in Cybersecurity Leadership, How to improve communication in the workplace: Strategies for enhanced productivity, an…YOUTUBE.COM
6 NovPentagon AI Strategy Pursues Agile and Responsible AdoptionDefense Department's Artificial Intelligence Strategy Prioritizes Deployment Speed The Department of Defense has published guidance calling for the rapid and responsible deployment of artificial intelligence systems across its entire enterprise while emphasizing continuous experi…DATABREACHTODAY.CO.UK
6 NovIT Admins Continue to Use Weak PasswordsIn an analysis of web pages identified as admin portals, some incredibly weak passwords were identified – and some of them are going to really surprise you.KNOWBE4.COM
6 NovFTC Alleges Data Broker Sells Vast Amounts of Sensitive DataAgency Details Accusations Against Idaho Firm in Unsealed Amended Complaint The Federal Trade Commission in an amended lawsuit complaint unsealed Friday details how Idaho-based data broker Kochava allegedly violated federal law by collecting and disclosing to third parties "enorm…DATABREACHTODAY.CO.UK
6 NovHow CISOs Can Mitigate Personal Liability ConcernsCISO Quentyn Taylor on Preparing for More Scrutiny in Wake of SolarWinds Charges SEC regulators have filed charges against software company SolarWinds and its CISO Tim Brown - accusing them of misleading investors about the firm's cybersecurity practices in light of a high-profil…DATABREACHTODAY.CO.UK
6 NovState-Sponsored Attackers Targeting Armenians, Apple Warns'Lockdown Mode' Can Defeat Commercial Spyware Members of Armenian civil society say they have received warnings from Apple regarding commercial spyware. John Scott-Railton, a senior researcher at The Citizen Lab, tweeted that "Apple threat notifications are 'clear & invaluable' s…DATABREACHTODAY.CO.UK
6 NovAutomatic Conditional Access policies in Microsoft Entra streamline identity protectionTo help our customers be secure by default, we're rolling out Microsoft managed Conditional Access policies that will automatically protect tenants. The post Automatic Conditional Access policies in Microsoft Entra streamline identity protection appeared first on Microsoft Securi…MICROSOFT.COM
6 NovGrok | Okta | Looney Tunables | HelloKitty | Veeam | Jason Wood & More! – SWN340This week, Doug Talks: Grok, Okta, Looney Tunables, HelloKitty, Gootbot, Veeam , Jason Wood, and More on the security weekly news. →Full Show Notes: https://securityweekly.com/swn340 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our website: https://…YOUTUBE.COM
6 NovProtecting The Digital Supply Chain - BTS #17In this edition of Below The Surface, we discuss Protecting The Digital Supply Chain, with Yuriy Bulygin, Founder and CEO at Eclypsium. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! →Full Show Notes: https://securityw…YOUTUBE.COM
6 NovTesting AI Before It Comes To Get You | News - PSW8066:00pm ET - Austin Carson 8:00pm ET - Security News This week, we start things off with an interview with Austin Carson, Chief Executive Officer at SeedAI, about Testing AI Before It Comes To Get You. Then we discuss our security news for the week. →Full Show Notes: https://secur…YOUTUBE.COM
6 NovThe State of Internet Attack Surface | Security Chaos Engineering | News - ESW339This week, we kick things off with an interview with Aidan Holland, Software Engineer at Censys, about The State of Internet Attack Surface. Then, we talk with Kelly Shortridge, Senior Principal at Fastly, about Security Chaos Engineering: Realigning the Security Industry. Finall…YOUTUBE.COM
6 NovFakes | SysAid | Sumo | farnetwork | CPU-Z | Google | Chat-GPT | Aaran Leyland & More! – SWN341This week, Doug Talks: Fakes, SysAid, Sumo, farnetwork, CPU-Z, Google, Chat-GPT , Aaran Leyland, and More on the security weekly news. →Full Show Notes: https://securityweekly.com/swn341 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our website: http…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 6[−]
6 NovApple Warns Armenians of State-Sponsored Hacking AttemptsThe ongoing tensions between Armenia and Azerbaijan, particularly around the disputed Nagorno-Karabakh region, have created a backdrop for the use of Pegasus spyware, targeting various individuals including politicians, activists, and journalists.THERECORD.MEDIA
6 NovCyber Security Today, Nov. 6, 2023 - Okta employee is faulted for a hack, another US school board's data stolen, and moreThis episode reports on the cause of a recent hack at Okta, personal data stolen from the emaill of employees at a fast food chain, a proxy botnet found and moreCYBERSECURITYTODAY.LIBSYN.COM
6 NovCybercrime service bypasses Android security to install malwareA new dropper-as-a-service (DaaS) named 'SecuriDropper' has emerged, using a method that bypasses Android 13's 'Restricted Settings' to install malware on devices and grant them access to the Accessibility Services. [...]BLEEPINGCOMPUTER.COM
6 NovSocks5Systemz Proxy Botnet Infects 10,000 Systems WorldwideThe botnet uses a domain generation algorithm (DGA) to connect with its command and control server and can be instructed to establish backconnect server connections, allowing infected devices to be used as proxy servers.BLEEPINGCOMPUTER.COM
6 Nov5 Strategies to Protect Your Software Development Teams from Software Supply Chain AttacksDATABREACHTODAY.CO.UK
6 NovVeeam warns of critical bugs in Veeam ONE monitoring platformVeeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 9[−]
6 NovEurope Clamps Down on Meta Ad PersonalizationThe European Data Protection Board has directed the Irish Data Protection Commissioner to restrict Meta platforms from using customer's personal data for ad personalization, citing a violation of GDPR.BANKINFOSECURITY.COM
6 NovMicrosoft Overhauls Cyber Strategy to Finally Embrace Security by DefaultThe Secure Future Initiative includes implementing secure default settings out of the box and using automation, AI, and memory-safe languages to develop software that is secure by design and default.CYBERSECURITYDIVE.COM
6 NovElection Officials Plead for Federal Cybersecurity FundingStates have been demanding increased federal funding to support election infrastructure security, establish federal cybersecurity and audit standards for voting equipment, and replace outdated technologies.BANKINFOSECURITY.COM
6 NovGoogle Play Store Highlights 'Independent Security Review' Badge for VPN AppsThe Mobile Application Security Assessment (MASA) allows developers to have their apps independently validated against a global security standard, such as the Mobile Application Security Verification Standard (MASVS).THEHACKERNEWS.COM
6 NovApple ‘Find My’ Network can be Abused to Steal Keylogged PasswordsResearchers at Positive Security demonstrated that by integrating a keylogger with a Bluetooth transmitter into a USB keyboard, passwords and other sensitive data typed on the keyboard can be relayed through the Find My network via Bluetooth.BLEEPINGCOMPUTER.COM
6 NovQNAP warns of critical command injection flaws in QTS OS, appsQNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices. [...]BLEEPINGCOMPUTER.COM
6 NovNavigating the security and privacy challenges of large language modelsOrganizations that intend to tap the potential of LLMs must also be able to manage the risks that could otherwise erode the technology’s business valueWELIVESECURITY.COM