⚠️ VULNERABILITY DISCLOSURE 4[−]
18 NovOver a Dozen Exploitable Vulnerabilities Found in AI/ML ToolsThe Huntr bug bounty platform has discovered multiple vulnerabilities in popular AI/ML tools, including H2O-3, MLflow, and Ray, which could lead to system takeover and data theft.SECURITYWEEK.COM
18 NovVisual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3)submitted by L4s to secops 1 points | 0 comments https://www.sonarsource.com/blog/vscode-security-markdown-vulnerabilities-in-extensions/ Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3)::We took a look at the security of the most popular code…SONARSOURCE.COM
18 NovBusKill (Open-Source Hardware Dead Man Switch) Announces Bitcoin Black Friday Dealsubmitted by maltfield to cybersecurity -2 points | 1 comments https://buskill.in/bitcoin-black-friday-2023/ In celebration of Bitcoin Black Friday 2023 , we’re offering a 10% discount on all BusKill cables sold between Nov 18 to Dec 03. BusKill Bitcoin Black Friday Sale - Our De…BUSKILL.IN
18 NovExploit for CrushFTP RCE chain released, patch nowA proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 5[−]
🔥 INCIDENT REPORTING 10[−]
18 NovSecurity Firm COO Hacked Hospitals to Drum Up BusinessAtlanta Man Pleads Guilty, Is Ordered to Pay $818,000 Restitution, May Avoid Prison The chief operating officer of an Atlanta-based cybersecurity firm has pleaded guilty and agreed to pay restitution of more than $818,000 in a federal criminal case in which he admitted hacking a …DATABREACHTODAY.CO.UK
18 NovMultiple Colleges, K-12 Schools Facing Outages After CyberattacksSchools like North Carolina Central University and Glendale Community College experienced significant disruptions to their IT systems, leading to the temporary suspension of online courses and the interruption of critical processes.THERECORD.MEDIA
18 NovStanley Steemer Hack Breached Data of Almost 67K CustomersThe breach went undetected for almost a month, highlighting the importance of proactive monitoring and timely detection of suspicious activities to prevent data breaches.CYBERSECURITYDIVE.COM
18 NovYamaha and WellLife Network Confirm Cyber Incidents After Ransomware Gang Claims AttacksJapanese manufacturer Yamaha Motor and healthcare organization WellLife Network have both confirmed being victims of cyberattacks. The ransomware group responsible for the attacks, possibly the INC gang, has been targeting various industries.THERECORD.MEDIA
18 NovMore Than 330,000 Medicare Recipients Affected by MOVEit BreachThe breach highlights the importance of implementing the "Secure By Design" initiative and ensuring that software used by organizations is secure to prevent supply chain attacks.THERECORD.MEDIA
18 NovBloomberg Crypto X Account Snafu Leads to Discord Phishing AttackThe official Twitter account for Bloomberg Crypto was hacked and used to redirect users to a phishing website. The hackers created a fake Bloomberg Discord server and prompted visitors to verify their accounts through a deceptive link.BLEEPINGCOMPUTER.COM
18 NovRansomware Recovery Could Take Months at British LibraryThe British Library has confirmed that it was targeted in a ransomware attack on October 28. The attack caused a major technology outage, impacting phone lines, on-site services, access to digital collections, and its website.INFOSECURITY-MAGAZINE.COM
18 Nov8Base Group Deploying New Phobos Ransomware Variant via SmokeLoaderThe threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks. The findings come from Cisco Talos, which has recorded an increase in activity carried out by cybercriminals. “Most of the group’s Phobo…THEHACKERNEWS.COM
18 NovHealthcare startups scramble to assess fallout after Postmeds data breach hits millions of patientsMore than two million people across the United States will receive notice that their personal and sensitive health information was stolen earlier this year during a cyberattack at Postmeds, the parent company of online pharmacy startup Truepill. For some of those affected, itR…TECHCRUNCH.COM
18 NovCashwarp vs. Reptar | Rackspace | BlackCat | Bots | Aaran Leyland & More! – SWN343This week, Doug Talks: Cashwarp vs. Reptar, Rackspace, BlackCat, Bots, Aaran Leyland, and More on the security weekly news. →Full Show Notes: https://securityweekly.com/swn343 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our website: https://www.sec…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 7[−]
18 NovOpenAI Fires CEO Sam Altman for Lying to Board of DirectorsCTO Mira Murati Becomes Interim CEO; President Greg Brockman Ousted as Chairman The organization behind ChatGPT carried out a shocking firing of its high-profile chief executive for being "not consistently candid in his communications with the board." OpenAI's board said Friday t…DATABREACHTODAY.CO.UK
18 NovUK Privacy Watchdog Pursues Clearview AI Fine After ReversalICO Seeks Permission to Challenge Ruling Vacating 7.5 Million-Pound Fine Britain's privacy watchdog on Friday said it will continue fighting to impose a fine on Clearview AI for allegedly violating the privacy rights of Britons after a tribunal sided with the facial recognition c…DATABREACHTODAY.CO.UK
18 NovAT&T Forms Joint Venture for Managed Cybersecurity BusinessWillJam Ventures Standing Up Joint Venture With AT&T for Managed Cybersecurity Unit AT&T will split its managed cybersecurity services practice from its core connectivity business by standing up a joint venture with Chicago-area investor WillJam Ventures. AT&T will mo…DATABREACHTODAY.CO.UK
18 NovRussian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted AttacksRussian cyber espionage actors affiliated with the Federal Security Service (FSB) have been observed using a USB propagating worm called LitterDrifter in attacks targeting Ukrainian entities. Check Point, which detailed Gamaredon's (aka Aqua Blizzard, Iron Tilden, Primitive Bear,…THEHACKERNEWS.COM
18 NovKubernetes Security on AWS: A Practical GuideKubernetes security is safeguarding your Kubernetes clusters, the applications they host, and the infrastructure they rely on from threats. As a container orchestration platform, Kubernetes is incredibly powerful but presents a broad attack surface for potential adversaries. Kube…GBHACKERS.COM
18 NovChatGPT-Maker OpenAI Fires CEO Sam Altman, the Face of the AI Boom, for Lack of Candor With CompanyOpen AI pushed out its co-founder and CEO Sam Altman after a review found he was “not consistently candid in his communications” with the board of directors. The post ChatGPT-Maker OpenAI Fires CEO Sam Altman, the Face of the AI Boom, for Lack of Candor With Company appeared firs…SECURITYWEEK.COM
18 NovIndustry Reels from Sam Altman Firing, OpenAI Return RumoredTech Investors, Execs Stunned By Altman's OpenAI Exodus, Which May Be Short-Lived Technology investors and executives are reeling from OpenAI's shocking firing of co-founder and CEO Sam Altman, though there's a chance the split may be short-lived. 'Whatever offense Altman committ…DATABREACHTODAY.CO.UK
🎙️ PODCASTS 1[−]
18 NovHow State Governments Can Regulate AI and Protect PrivacyRegulating AI is "like regulating Jell-O," said Massachusetts risk counsel Jenny Hedderman, but states are looking at regulating "areas of harm" rather than AI as a whole. In this episode of "Cybersecurity Insights," Hedderman discusses privacy, third-party vendor risk, and lawye…DATABREACHTODAY.CO.UK
📡 INFOSEC NEWS 7[−]
18 NovLive Webinar | Guardians of Cybersecurity: Guide to Fortifying Defenses, Navigating Cyber Insurance and AIDATABREACHTODAY.CO.UK
18 NovQuasar RAT Delivered Through Updated SharpLoader, (Sat, Nov 18th)SharpLoader is a very old project! I found repositories on Gitlab that are 8 years old[1]! Its purpose is to load and uncompress a C# payload from a remote web server or a local file to execute it. There exists also a Powershell versio…ISC.SANS.EDU
18 NovWindows 10 to let admins control how optional updates are deployedMicrosoft announced a new policy that allows admins to control how optional updates are deployed on Windows 10 enterprise endpoints on their networks. [...]BLEEPINGCOMPUTER.COM
18 NovFCC adopts new rules to protect against SIM-swapping attacksThe Federal Communications Commission (FCC) has revealed new rules to shield consumers from criminals who hijack their phone numbers in SIM swapping attacks and port-out fraud. [...]BLEEPINGCOMPUTER.COM
18 NovGoogle shares plans for blocking third-party cookies in ChromeGoogle has officially announced plans to gradually eliminate third-party cookies, a key aspect of its Privacy Sandbox initiative. [...]BLEEPINGCOMPUTER.COM
18 NovFCC adopts new rules to protect consumers from SIM-swapping attacksThe Federal Communications Commission (FCC) has revealed new rules to shield consumers from criminals who hijack their phone numbers in SIM swapping attacks and port-out fraud. [...]BLEEPINGCOMPUTER.COM