🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
9 Nov KEVCISA Alerts: High-Severity SLP Vulnerability Now Under Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-29552 (CVSS score: 7.5…THEHACKERNEWS.COM
9 NovSysAid Zero-Day Vulnerability Exploited by Ransomware GroupCVE-2023-47246 zero-day vulnerability in SysAid IT service management software has been exploited by Cl0p ransomware affiliates. The post SysAid Zero-Day Vulnerability Exploited by Ransomware Group appeared first on SecurityWeek .SECURITYWEEK.COM
9 NovNetRise releases Trace solution with AI-powered semantic search aimed at protecting firmwareExtended internet of things (XIoT) security platform developer NetRise has released its Trace solution, which the company say allows users to identify and validate compromised and vulnerable third-party and proprietary software assets using an AI-powered semantic search. NetRise,…CSOONLINE.COM
9 NovSysAid Zero-Day Vulnerability Exploited by Ransomware GroupThe vulnerability, tracked as CVE-2023-47246, allows for arbitrary code execution and has been exploited by a threat actor known as Lace Tempest, who is associated with the deployment of Cl0p ransomware.SECURITYWEEK.COM
9 NovMOVEit cybercriminals behind SysAid zero-day attacksubmitted by c0mmando to netsec 1 points | 1 comments https://www.theregister.com/2023/11/09/moveit_cybercriminals_behind_latest_sysaid/ The cybercriminals behind the rampant MOVEit exploits from earlier this year are making use a zero-day vulnerability in on-prem instances of IT…THEREGISTER.COM
9 NovZero-Day Alert: Lace Tempest Exploits SysAid IT Support Software VulnerabilityThe threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. Lace Tempest, which is known for distributing the Cl0p ransomware, has in the past leveraged z…THEHACKERNEWS.COM
9 NovCVE-2022-44687 Raw Image Extension Remote Code Execution VulnerabilityUpdated FAQ information. This is an informational change only.MSRC.MICROSOFT.COM
9 NovChromium: CVE-2023-5996 Use after free in WebAudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
9 NovCVE-2023-36014 Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 NovCVE-2023-36024 Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 20[−]
9 NovAndroid Security Updates: 2023 – 37 Vulnerabilities Patched Including RCE, DOSAndroid has fixed 37 vulnerabilities that were impacting its devices with the release of its November 2023 security updates. Most of the flaws included information disclosure, elevation of privilege, denial of service, and remote code execution. These updates address major securi…GBHACKERS.COM
9 NovRansomware Actors Exploiting Legitimate System Tools to Gain Access – FBIRansomware attacks are on the rise, causing organizations to lose millions of dollars, restricting them from accessing their data, and possibly disclosing personal information. According to the FBI Private Industry Notification, ransomware attackers have recently been taking…GBHACKERS.COM
9 NovResearchers Uncover Undetectable Crypto Mining Technique on Azure AutomationSafeBreach discovered three methods to run the miner, including exploiting a bug in the Azure pricing calculator, creating a dummy test-job, and leveraging Azure Automation's custom Python package upload feature.THEHACKERNEWS.COM
9 NovForget the spam filter: How unique phishing attempts undermine Microsoft email securityAs the email dropped into my inbox, I could see clearly right away it was a phishing attempt, yet my email defenses clearly didn't agree — at least not right away. Several hours later I would get an alert that the message had been flagged as malicious and was removed. So why, if …CSOONLINE.COM
9 NovCouncil for Scottish Islands Faces IT Outage After ‘Incident’Organizations must urgently apply the patch for the Citrix vulnerability, CitrixBleed, and actively hunt for any malicious activity to prevent session hijacking and data breaches.THERECORD.MEDIA
9 Nov KEVCISA Says SLP Vulnerability Allowing Amplified DoS Attacks Exploited in the WildCISA says an SLP vulnerability allowing for a DoS amplification factor of 2,000 is being exploited in attacks. The post CISA Says SLP Vulnerability Allowing Amplified DoS Attacks Exploited in the Wild appeared first on SecurityWeek .SECURITYWEEK.COM
9 NovRussian hackers switch to LOTL technique to cause power outageRussian state hackers have evolved their methods for breaching industrial control systems by adopting living-off-the-land techniques that enable reaching the final stage of the attack quicker and with less resources [...]BLEEPINGCOMPUTER.COM
9 NovOnline Retail HackSelling miniature replicas to unsuspecting shoppers: Online marketplaces sell tiny pink cowboy hats. They also sell miniature pencil sharpeners, palm-size kitchen utensils, scaled-down books and camping chairs so small they evoke the Stonehenge scene in “This Is Spinal Tap.…SCHNEIER.COM
9 NovCISA Alerts of High-Severity SLP Vulnerability Now Under Active ExploitationThe vulnerability allows an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a DoS attack with a significant amplification factor, making it a serious threat to network and server security.THEHACKERNEWS.COM
9 NovMicrosoft: SysAid zero-day flaw exploited in Clop ransomware attacksThreat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware. [...]BLEEPINGCOMPUTER.COM
9 NovSysAid warns customers to patch after ransomware gang caught exploiting new zero-day flawSoftware maker SysAid is warning customers that hackers linked to a notorious ransomware gang are exploiting a newly discovered vulnerability in its widely used IT service automation software. SysAid chief technology officer Sasha Shapirov confirmed in a blog post Wednesday that …TECHCRUNCH.COM
9 NovBigID unveils new data risk remediation guidance featureData security platform BigID has announced the release of a new automated, context-based data risk remediation recommendations capability to enable security teams to make informed decisions that reduce risks and elevate data security posture management (DSPM). The capability leve…CSOONLINE.COM
9 NovCISA Releases Four Industrial Control Systems AdvisoriesCISA released four Industrial Control Systems (ICS) advisories on November 9, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-313-01 Johnson Controls Quantum HD Unity ICSA-23-313-02 Hitachi En…CISA.GOV
9 NovNow is the time to insist on total visibility, enabling your organization to utilize AI strategically and comprehensively in the futureComplexity is the bane of all network security teams, and they will attest that the more dashboards, screens, and manual integration they must juggle, the slower their response time. It need not be complex, it need not be disjointed, nor does it need to require adroitness in the …CSOONLINE.COM
9 NovMedical Company Fined $450,000 by New York AG Over Data BreachA medical company has been fined $450,000 by the New York AG over a data breach that may have involved exploitation of a SonicWall vulnerability. The post Medical Company Fined $450,000 by New York AG Over Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
9 NovSandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technologysubmitted by c0mmando to netsec 2 points | 0 comments https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology In late 2022, Mandiant responded to a disruptive cyber physical incident in which the Russia-linked threat actor Sandworm targeted …MANDIANT.COM
9 NovCISA, NSA, and Partners Release New Guidance on Securing the Software Supply ChainToday, CISA, the National Security Agency (NSA), and partners released Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption . Developed through the Enduring Security Framework (ESF), this guidance provides software developers and su…CISA.GOV
9 NovMOVEit Hackers Turn to SysAid Zero-Day BugPath Traversal Bug Leads to Code Execution Within SysAid On-Premises Software A Russian digital extortion gang behind a raft of attacks on file transfer applications is now targeting a newly patched vulnerability in SysAid IT support software. Attacks can lead to ransomware and d…DATABREACHTODAY.CO.UK
9 NovIranian APT group launches destructive attacks against Israeli organizationsSecurity researchers warn that an Iran-based threat actor has launched cyberespionage attacks against Iranian organizations from the education and technology sectors since the beginning of the year. The attacks have a destructive component as the actor deploys data wipers to cove…CSOONLINE.COM
9 NovMaine government says data breach affects 1.3 million residentsThe government of Maine has confirmed over a million state residents had personal information stolen in a data breach earlier this year by a Russia-backed ransomware gang. In a statement published Thursday, the Maine government said hackers exploited a vulnerability in its MOVEit…TECHCRUNCH.COM
📢 SECURITY ADVISORIES 4[−]
🔥 INCIDENT REPORTING 14[−]
9 NovJapan Aviation Electronics Targeted in Ransomware AttackJapan Aviation Electronics confirms cyberattack as Alphv/BlackCat ransomware group publishes allegedly stolen data. The post Japan Aviation Electronics Targeted in Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
9 NovNew Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious InstallersA new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. "This incident is a part of a larger malvertising campaign that targets other uti…THEHACKERNEWS.COM
9 NovThreat Actors Impersonate Windows News Portal to Distribute RedLine StealerA new malvertising campaign has been observed wherein threat actors are copying a legitimate Windows news portal to promote a malicious installer for the popular processor tool CPU-Z. Based on the infrastructure, domain names, and cloaking templates used, researchers believe the …CYWARE.COM
9 NovMedical Transcription Hack Affects 1.2 Million ChicagoansThe breach exposed sensitive patient data, including names, birthdates, addresses, medical information, and potentially Social Security numbers, emphasizing the risk of identity theft and healthcare fraud.BANKINFOSECURITY.COM
9 NovMr. Cooper says customer data exposed during cyberattackMr. Cooper, the mortgage and loan giant with more than four million customers, has confirmed customer data was compromised during a recent cyberattack. In an updated notice on its website published Thursday, Mr. Cooper said that it was “still investigating what data may hav…TECHCRUNCH.COM
9 NovCryptohack Roundup: Avraham Eisenberg's Trial Pushed to 2024Also: Bitfinex, Terraform Labs, $54M Civil Forfeiture Request This week, the trial of the alleged Mango Markets hacker was delayed, Bitfinex reported a "minor" cybersecurity incident, the U.S. Securities and Exchange Commission sought summary judgement in the Terraform Labs case …DATABREACHTODAY.CO.UK
9 NovIndustrial and Commercial Bank of China hit by ransomware attackThe Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues. [...]BLEEPINGCOMPUTER.COM
9 NovAWS IoT Core: A Compromised Device Perspectivesubmitted by L4s to secops 1 points | 0 comments https://seanpesce.github.io/Research-Blog-Redirector/?p=2023/11/aws-iot-core-compromised-device.html AWS IoT Core: A Compromised Device Perspective::undefinedSEANPESCE.GITHUB.IO
9 NovBreach Roundup: Mr. Cooper Recovers From Hacking IncidentAlso: ChatGPT Struggles to Stay Online Amid DDoS Attacks This week, mortgage lender Mr. Cooper recovered from a cyberattack, ChatGPT struggled with distributed denial-of-service attacks, a cybercrime group’s business model was exposed, hackers stole data of loyalty club members o…DATABREACHTODAY.CO.UK
9 Nov“Skillful Social Engineering of the IT Support Desk” One of the Most Common Tactics in Ransomware AttacksAs ransom payments reach an all-time high, it’s time to look at attacks from a data perspective and find the greatest opportunities to stop these attacks.KNOWBE4.COM
9 NovKyocera AVX says ransomware attack impacted 39,000 individualsKyocera AVX Components Corporation (KAVX) is sending notices of a data breach exposing personal information of 39,111 individuals following a ransomware attack. [...]BLEEPINGCOMPUTER.COM
9 NovSecurity Chaos Engineering: Realigning the Security Industry - Kelly Shortridge - ESW #339We've reached an inflection point in security. There are a handful of organizations regularly and successfully stopping cyber attacks. Most companies haven't gotten there, however. What separates these two groups? Why does it seem like we're still failing as an industry, despite …YOUTUBE.COM
9 NovOntario Hospitals Expect Monthlong Ransomware RecoveryPatient Care Still Disrupted and IT Network, EHR System Down Until Mid-December A shared IT services provider and its five Ontario member hospitals say their recovery from a Daixin Team ransomware attack in October could last into December as the group rebuilds its IT network. Me…DATABREACHTODAY.CO.UK
9 NovWorld’s largest commercial bank ICBC confirms ransomware attackThe Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 27[−]
9 NovTesting AI Before It Comes To Get You - Austin Carson - PSW #806Austin spends the majority of his time thinking about ways to abuse LLMs, the impact of the attacks, and the effects on society. He brings a truly unique perspective to the way to use, attack, and verify output from AI LLM models. Whether you are just learning the ins and outs of…YOUTUBE.COM
9 NovISC Stormcast For Thursday, November 9th, 2023 https://isc.sans.edu/podcastdetail/8738, (Thu, Nov 9th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
9 NovFirmware, Mainframes, Security and Risk - PSW #806Do people still use mainframes? IoT and firmware security, Apple Find my, Bluetooth is the gift that keeps on giving, to hackers that is, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-806YOUTUBE.COM
9 NovNew ObjCShellz Malware Spotted Targeting macOS SystemsThe North Korea-based BlueNoroff APT group has been linked with a new malware strain that is being used to target macOS systems. Dubbed ObjCShellz, the malware shares similarities with the RustBucket malware campaign, which came to light earlier this year.CYWARE.COM
9 NovThreat Actors Leverage File-Sharing Service and Reverse Proxies for Credential HarvestingWe analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.TRENDMICRO.COM
9 NovRussian Hackers Used Novel OT Attack to Disrupt Ukrainian Power Amid Mass Missile StrikesMandiant says Russia's Sandworm hackers used a novel OT attack to cause power outages that coincided with mass missile strikes on critical infrastructure across Ukraine. The post Russian Hackers Used Novel OT Attack to Disrupt Ukrainian Power Amid Mass Missile Strikes appeared fi…SECURITYWEEK.COM
9 NovMuddyC2Go: New C2 Framework Iranian Hackers Using Against IsraelIranian nation-state actors have been observed using a previously undocumented command-and-control (C2) framework called MuddyC2Go as part of attacks targeting Israel. "The framework's web component is written in the Go programming language," Deep Instinct security researcher Sim…THEHACKERNEWS.COM
9 NovChinese APT Targeting Cambodian Governmentsubmitted by throws_lemy to cybersecurity 1 points | 0 comments https://unit42.paloaltonetworks.com/chinese-apt-linked-to-cambodia-government-attacks/UNIT42.PALOALTONETWORKS.COM
9 NovIranian Hackers are Using New MuddyC2Go C2 Framework Against IsraelMuddyC2Go allows the threat actors to automate the connection to their command-and-control server using an embedded PowerShell script, eliminating the need for manual execution.THEHACKERNEWS.COM
9 NovRisk Ledger Raises £6.25 Million for Supply Chain Security SolutionUK-based Risk Ledger has raised £6.25 million (~$7.65 million) in Series A funding to prevent supply chain attacks. The post Risk Ledger Raises £6.25 Million for Supply Chain Security Solution appeared first on SecurityWeek .SECURITYWEEK.COM
9 Nov KEVKnowBe4 Wins Multiple 2023 Best Of Awards From TrustRadiusKnowBe4 is proud to be recognized by TrustRadius for our Security Awareness Training and PhishER platforms in three categories for Best Value for Price, Best Relationship and Best Feature Set. KNOWBE4.COM
9 NovRussian Sandworm APT Group Caused Power Outage in October 2022The attack was not driven by military necessity but rather aimed to increase the psychological toll of the war, showcasing Russia's focus on disrupting and degrading military readiness through cyber means.BANKINFOSECURITY.COM
9 NovThis Is How We Do It — Season One Recap“This is How We Do It” offers a behind-the-scenes, candid exposé of how Palo Alto Networks protects its SOC using its own solutions. The post This Is How We Do It — Season One Recap appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
9 NovNew BlazeStealer Malware in PyPI Targets DevelopersA new set of malicious Python packages has been discovered on the Python Package Index (PyPI) repository. These packages masquerade as harmless obfuscation tools but contain a malware called BlazeStealer . The campaign started in January 2023 and includes eight packages. Develope…CYWARE.COM
9 Nov‘BlazeStealer’ Malware Delivered to Python Developers Looking for Obfuscation ToolsCheckmarx uncovers a malicious campaign targeting Python developers with malware that takes over their systems. The post ‘BlazeStealer’ Malware Delivered to Python Developers Looking for Obfuscation Tools appeared first on SecurityWeek .SECURITYWEEK.COM
9 NovMajor ChatGPT Outage Caused by DDoS AttackChatGPT and its API have experienced a major outage due to a DDoS attack apparently launched by Anonymous Sudan. The post Major ChatGPT Outage Caused by DDoS Attack appeared first on SecurityWeek .SECURITYWEEK.COM
9 NovIranian Hackers Target Israeli Logistics and IT CompaniesIranian Espionage Group Used Tactics From Previous Campaigns Security company CrowdStrike said it had observed Iranian hacker group Imperial Kitten, also known as TA456, Crimson Sandstorm and Tortoiseshell, conducting web compromise operations between 2022 and 2023 to infiltrate …DATABREACHTODAY.CO.UK
9 NovSend Bluetooth LE Spam impersonating 219 devices just using Android app instead of Flipper Zerosubmitted by L4s to secops 1 points | 0 comments https://www.mobile-hacker.com/2023/11/08/android-kitchen-sink-send-ble-spam-to-ios-android-and-windows-at-once-using-android-app/ Send Bluetooth LE Spam impersonating 219 devices just using Android app instead of Flipper Zero::The …MOBILE-HACKER.COM
9 NovGoogle ads push malicious CPU-Z app from fake Windows news siteA threat actor has been abusing Google Ads to distribute a trojanized version of the CPU-Z tool to deliver the Redline info-stealing malware. [...]BLEEPINGCOMPUTER.COM
9 NovTidal Cyber Raises $5 Million for Threat-Informed Defense PlatformThe Washington, DC startup is building a threat-informed defense platform that helps organizations automate detection and response work. The post Tidal Cyber Raises $5 Million for Threat-Informed Defense Platform appeared first on SecurityWeek .SECURITYWEEK.COM
9 NovSmashing Security podcast 347 - Trolls, military data, and the hitman and her - 1 Hour, 4 minutessubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/2f828b03-d47b-48c7-9106-60c156c47ccf.png Smashing Security podcast 347 Trolls, military data, and the hitman and her Ashar’s collection of security podcastsINFOSEC.PUB
9 NovMicrosoft shares threat intelligence at CYBERWARCON 2023At the CYBERWARCON 2023 conference, Microsoft and LinkedIn analysts are presenting several sessions detailing analysis across multiple sets of threat actors and related activity, demonstrating Microsoft Threat Intelligence’s ongoing efforts to track threat actors, protect custome…MICROSOFT.COM
9 NovStorage And Backup Cyber Resiliency – CISOs Guide 2024CISOs rely on information about security from across the organization, particularly from the various IT departments. Unfortunately, the information being fed to CISOs about cybersecurity risk is incomplete. There is a blind spot present—a gaping hole. Data about the security post…GBHACKERS.COM
9 NovExperts Urge Congress to Combat Deepfake Technology ThreatsDigitally Manipulated Media Already Poses National Security and Privacy Concerns A panel of legal experts and technologists warned lawmakers that deepfake technologies were already causing security and privacy concerns across the country, particularly for women and minority commu…DATABREACHTODAY.CO.UK
9 NovRockwell Combines Generative AI and Industrial AutomationNew Tool to Help Create OT Code Samples, Answer Questions, Enable Customization The reliance on text bases in modern software development means Rockwell Automation can capitalize on generative AI's ability to read, produce and generate text. Having open text-based files and a dom…DATABREACHTODAY.CO.UK
9 NovThe State of Internet Attack Surface - Aidan Holland - ESW #339Today, we discuss the state of attack surface across the Internet. We've known for decades now that putting an insecure service on the public Internet is a recipe for disaster, often within minutes. How has this knowledge changed the publicly accessible Internet? We find out when…YOUTUBE.COM
9 NovCyber Security Today, Nov.10, 2023 - Patch SysAid software fast, how Ukraine's power system was crippled by Russia and moreThis episode reports on a sophisticated OT and IT attack on Ukraine by Russia's Sandworm gang, how failing to patch a firewall fast led to a regulatory fine and moreCYBERSECURITYTODAY.LIBSYN.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
9 NovUS Urges Critical Infrastructure Firms to Get “Shields Ready”The US government has launched a new campaign designed to encourage CNI stakeholders to enhance cyber-resilience in their organizations. The “Shields Ready” initiative is intended to complement the successful “Shields Up” campaign.INFOSECURITY-MAGAZINE.COM
9 NovGoogle Play malware clocks up more than 600 million downloads in 2023 | Kaspersky official bloghe most high-profile cases of malicious apps detected on Google Play in 2023, how they’ve harmed users, and how to guard against this threat.KASPERSKY.COM
9 NovUnlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-BaltistanESET researchers discovered Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza NewsWELIVESECURITY.COM
🎙️ PODCASTS 3[−]
9 NovSmashing Security podcast #347: Trolls, military data, and the hitman and herA woman's attempt to hire an assassin online backfires badly, it's scary just how cheap it is to buy information about US military personnel, and trolls and tattoos don't mix. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cyb…GRAHAMCLULEY.COM
9 NovTransatlantic Cable podcast, episode 323 | Kaspersky official blogEpisode 323 of the Kaspersky podcast looks at BAYC, AI, CCTV concerns & what does AI and Perfect Dark have in common?KASPERSKY.COM
📡 INFOSEC NEWS 14[−]
9 NovUK’s online safety regulator puts out draft guidance on illegal content, saying child safety is priorityThe UK’s newly empowered Internet content regulator has published the first set of draft Codes of Practice under the Online Safety Act (OSA) which became law late last month. More codes will follow but this first set — which is focused on how user-to-user (U2U) servic…TECHCRUNCH.COM
9 NovOpenAI confirms DDoS attacks behind ongoing ChatGPT outagesDuring the last 24 hours, OpenAI has been addressing what it describes as "periodic outages" linked to DDoS attacks affecting its API and ChatGPT services. [...]BLEEPINGCOMPUTER.COM
9 NovVisual Examples of Code Injection, (Thu, Nov 9th)Code injection techniques (T1055 from MITRE[1]) is a common technique these days. It's a nice way for an attacker to hide malicious code into a legit process. A deviation of this technique is called “Process Hollowingâ€[2…ISC.SANS.EDU
9 NovOpenAI blames DDoS attack for ongoing ChatGPT outageOpenAI has confirmed that a DDoS (distributed denial-of-service) attack is behind “periodic outages” affecting ChatGPT and its developer tools. ChatGPT, OpenAI’s AI-powered chatbot, has been experiencing sporadic outages for the past 24 hours. Users who attempted to access the se…TECHCRUNCH.COM
9 NovWhen Email Security Meets SaaS Security: Uncovering Risky Auto-Forwarding RulesWhile intended for convenience and efficient communication, email auto-forwarding rules can inadvertently lead to the unauthorized dissemination of sensitive information to external entities, putting confidential data at risk of exposure to unauthorized parties. Wing Security (Wi…THEHACKERNEWS.COM
9 NovSecure messaging app Signal moves a step closer to launching usernamesEnd-to-end encrypted messaging app, Signal, is getting closer to launching a much anticipated feature that will allow users to share only a username in order to connect with other users, rather than having to reveal the phone number linked to their account, as is the case now. Ot…TECHCRUNCH.COM
9 NovMemory scanning leaves attackers nowhere to hideSophos X-Ops takes an in-depth look at memory scanning and why it mattersSOPHOS.COM
9 NovUKI Webinar | Unprivilege the Attacker: Preventing Endpoint-Originating Attacks with Least PrivilegeDATABREACHTODAY.CO.UK
9 NovOpenAI Reveals ChatGPT is Being Targeted with DDoS AttacksThe Russia-linked hacker group Anonymous Sudan claimed responsibility for the DDoS attacks, targeting OpenAI due to its support for Israel and alleged bias in ChatGPT against Palestine.INFOSECURITY-MAGAZINE.COM
9 NovMicrosoft shares temp fix for broken Windows Server 2022 VMsMicrosoft publicly acknowledged a known issue causing Windows Server 2022 virtual machine (VM) blue screens and boot failures on VMware ESXi hosts. [...]BLEEPINGCOMPUTER.COM
9 NovLive Webinar | Improve your cyber defenses and boost your cyber insurabilityDATABREACHTODAY.CO.UK
9 NovCloudflare website down, showing ‘We’re sorry’ Google errorsCloudflare is investigating an ongoing outage causing 'We're sorry" Google errors to be shown on the company's website. [...]BLEEPINGCOMPUTER.COM
9 NovCloudflare website downed by DDoS attack claimed by Anonymous SudanCloudflare is investigating an ongoing outage causing 'We're sorry" Google errors to be shown on the company's website. [...]BLEEPINGCOMPUTER.COM
9 NovTop 10 DevOps Blunders and How to Sidestep ThemIntegrating the necessary DevOps practices, tools, and cultures in an organization is difficult, even for experts. Learn how to recognize these challenges and transform them into valuable lessons when navigating the world of DevOps.TRENDMICRO.COM