🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
22 NovExploit for Critical Windows Defender Bypass Goes PublicA proof-of-concept exploit has been released for a critical zero-day vulnerability in Windows SmartScreen. The vulnerability, identified as CVE-2023-36025, allows attackers to bypass Windows Defender SmartScreen checks and execute malicious code.DARKREADING.COM
22 Nov KEVUpdate: Citrix Provides Additional Measures to Address Citrix BleedThe CVE-2023-4966 vulnerability has been actively exploited by threat actors since late August, allowing them to hijack authenticated sessions and bypass strong authentication measures.SECURITYAFFAIRS.COM
22 NovLockBit ransomware affiliates actively exploiting Citrix Bleed vulnerabilityNew cyber security advisory warns of active exploitation of CVE-2023-4966 which affects Citrix NetScaler web ADC and NetScaler Gateway appliancesCSHUB.COM
22 NovCVE-2023-1389: A New Means to Expand Botnets, (Wed, Nov 22nd)[This is a Guest Diary by Jonah Latimer, an ISC intern as part of the SANS.edu BACS program]
ISC.SANS.EDU
22 NovFlaw in Citrix software led to the recent cyberattack on Boeing: ReportVulnerability in Citrix's software, known as Citrix Bleed, was exploited by a ransomware group, LockBit 3.0, to attack aviation giant Boeing and other organizations. Last month, Russia-based ransomware group LockBit 3.0 claimed responsibility for the attack on Boeing . Subsequent…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 19[−]
22 NovCyber Security Today, Nov. 22, 2023 -Boeing division hacked through NetScaler vulnerability, and moreThis episode reports on unpatched holes that are being exploited by threat actors, and moreCYBERSECURITYTODAY.LIBSYN.COM
22 NovWindows Hello auth bypassed on Microsoft, Dell, Lenovo laptopsSecurity researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors. [...]BLEEPINGCOMPUTER.COM
22 NovNew botnet malware exploits two zero-days to infect NVRs and routersA new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices. [...]BLEEPINGCOMPUTER.COM
22 NovOpen-source Blender project battling DDoS attacks since SaturdayBlender has confirmed that recent site outages have been caused by ongoing DDoS (distributed denial of service) attacks that started on Saturday. [...]BLEEPINGCOMPUTER.COM
22 NovNCSC Announces New Standard for Indicators of CompromiseThe UK's National Cyber Security Centre (NCSC) has released its first RFC for the Internet Engineering Task Force (IETF), focusing on indicators of compromise (IoCs), which are observable artifacts associated with attackers.INFOSECURITY-MAGAZINE.COM
22 NovLumma Stealer can Allegedly Restore Expired Google Authentication CookiesWhile the effectiveness of this feature is yet to be verified by security researchers or Google, the existence of similar claims by another malware suggests that there may be an exploitable vulnerability in session cookies.BLEEPINGCOMPUTER.COM
22 NovThe Shifting Sands of the War Against Cyber ExtortionRansomware gangs are employing various tactics to force victims to pay, including DDoS attacks and regulatory complaints, while some ransomware operators are introducing new rules to ensure larger ransom amounts and increased payout likelihood.HELPNETSECURITY.COM
22 NovCitrix, Gov Agencies Issue Fresh Warnings on CitrixBleed VulnerabilityAdministrators are urged to patch the recent CitrixBleed NetScaler vulnerability as LockBit starts exploiting it. The post Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
22 NovAT&T to form standalone cyber security services businessNew venture will offer select security software solutions, associated managed security operations and security consulting resourcesCSHUB.COM
22 NovNew Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello LoginA new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws were discovered by researchers at hardware and software product security a…THEHACKERNEWS.COM
22 NovLockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break InMultiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. The joint advisory c…THEHACKERNEWS.COM
22 NovMozilla Releases Security Updates for Firefox and ThunderbirdMozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and app…CISA.GOV
22 NovAdobe Releases Security Updates for ColdFusionOn Nov. 14, 2023, Adobe released security updates addressing vulnerabilities affecting unpatched ColdFusion software. Exploitation of some of these vulnerabilities may allow a malicious cyber actor to take control of an affected system. CISA urges organizations to review Adobe Co…CISA.GOV
22 NovPhishing Attacks Expected to More Than Double During the Black Friday and Cyber Monday Shopping WeekAnother day, another warning about holiday scams! Lookout Inc., a data-centric cloud security company, is warning employees and businesses that phishing attacks are expected to more than double this week , based on historical data. With more corporate data residing in the cloud a…KNOWBE4.COM
22 NovExploring Weaknesses in Private 5G NetworksDive into the world of private 5G networks and learn about a critical security vulnerability that could expose IoT devices to attacks from external networks.TRENDMICRO.COM
22 NovBatten down the hatches: it’s time to harden every facet of your Windows networkOnce upon a time, a Windows workstation could be hardened merely by running a series of scripts or a set of group policies. The security team could review guidance around security configurations from Microsoft, the US National Institute of Standards and Technology (NIST), or the …CSOONLINE.COM
22 Nov9 in 10 organizations have embraced zero-trust security globallyNearly 90% organizations have begun embracing zero-trust security, but many still have a long way to go, according to a report by multinational technology company Cisco. The report, based on a survey of 4,700 global information security professionals, found that 86.5% have starte…CSOONLINE.COM
22 NovAustralia’s cybersecurity strategy focuses on protecting small businesses and critical infrastructureThe Australian federal government has released the 2023-2030 Australian Cyber Security Strategy with a focus on protecting the country’s most vulnerable citizens and businesses. At first glance, the strategy covers a lot of ground, and the government will need to work hard and fa…CSOONLINE.COM
📢 SECURITY ADVISORIES 1[−]
22 NovCyber security advisory warns of emerging ransomware variant RhysidaCISA, FBI and MS-ISAC publish joint cyber security advisory revealing Rhysida’s indicators of compromise and tactics, techniques and proceduresCSHUB.COM
🔥 INCIDENT REPORTING 12[−]
22 NovKansas courts confirm data theft, ransom demand after cyberattackThe Kansas Judicial Branch has published an update on a cybersecurity incident it suffered last month, confirming that hackers stole sensitive files containing confidential information from its systems. [...]BLEEPINGCOMPUTER.COM
22 NovWelltok data breach exposes data of 8.5 million US patientsHealthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. [...]BLEEPINGCOMPUTER.COM
22 NovMicrosoft: Lazarus hackers breach CyberLink in supply chain attackMicrosoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. [...]BLEEPINGCOMPUTER.COM
22 NovCompanies are Getting Smarter About Cyber IncidentsAccording to experts, companies are increasingly prioritizing system backups and restoration capabilities to avoid paying ransoms during cyber incidents. Companies must also report cyber incidents and notify affected individuals.CYBERSECURITYDIVE.COM
22 Nov185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZoneCar parts giant AutoZone says nearly 185,000 individuals were impacted by a data breach caused by the MOVEit hack. The post 185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone appeared first on SecurityWeek .SECURITYWEEK.COM
22 NovKansas Officials Blame 5-Week Disruption of Court System on ‘Sophisticated Foreign Cyberattack’Cybercriminals hacked into the Kansas court system, stole sensitive data and threatened to post it on the dark web in a ransomware attack that has hobbled access to records. The post Kansas Officials Blame 5-Week Disruption of Court System on ‘Sophisticated Foreign Cyberattack’ a…SECURITYWEEK.COM
22 NovData breach at US nuclear energy firm leaks sensitive employee informationExposed data includes Social Security numbers and bank account information of Idaho National Laboratory workers.CSHUB.COM
22 NovRhysida ransomware group claims crippling British Library cyber attackEmerging ransomware group claims to have stolen data from the British LibraryCSHUB.COM
22 NovPlay ransomware being sold as-a-serviceMultiple Play (aka PlayCrypt) ransomware attacks detected using nearly identical tactics, techniques and proceduresCSHUB.COM
22 NovBlackCat ransomware gang attacks corporations, public entities in malvertising c...Russian-speaking affiliate of notorious ransomware group tracked using Google Ads to spread Nitrogen malwareCSHUB.COM
22 NovNorth Korea-backed hackers target CyberLink users in supply-chain attackNorth Korean state-backed hackers are distributing a malicious version of a legitimate application developed by CyberLink, a Taiwanese software maker, to target downstream customers. Microsoft’s Threat Intelligence team said on Wednesday North Korean hackers had compromised Cyber…TECHCRUNCH.COM
22 NovFidelity National Financial shuts down network in wake of cybersecurity incidentFidelity National Financial, or FNF, a Fortune 500 company that provides title insurance and settlement services for the mortgage and real estate industries, announced on Tuesday that it was the victim of a “cybersecurity incident that impacted certain FNF systems.” The company f…TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 20[−]
22 NovApple to Add Manual Authentication to iMessageSignal has had the ability to manually authenticate another account for years. iMessage is getting it : The feature is called Contact Key Verification, and it does just what its name says: it lets you add a manual verification step in an iMessage conversation to confirm that the …SCHNEIER.COM
22 NovWindows Hello Fingerprint Authentication Bypassed on Popular LaptopsResearchers from Blackwing Intelligence and Microsoft's MORSE have discovered a way to bypass fingerprint authentication on three popular laptops with Windows Hello, namely the Dell Inspiron 15, Lenovo ThinkPad T14s, and Microsoft Surface Pro X.SECURITYWEEK.COM
22 NovResearchers Discover Dangerous Exposure of Sensitive Kubernetes SecretsResearchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking supply chain attack bomb.” The post Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets…SECURITYWEEK.COM
22 NovWindows Hello Fingerprint Authentication Bypassed on Popular LaptopsResearchers have tested the fingerprint sensors used for Windows Hello on three popular laptops and managed to bypass them. The post Windows Hello Fingerprint Authentication Bypassed on Popular Laptops appeared first on SecurityWeek .SECURITYWEEK.COM
22 NovSam Altman is Back as OpenAI CEO Just Days After Being Removed, Along With a New BoardSan Francisco-based OpenAI has reached an agreement in principle for Sam Altman to return to OpenAI as CEO with a new initial board. The post Sam Altman is Back as OpenAI CEO Just Days After Being Removed, Along With a New Board appeared first on SecurityWeek .SECURITYWEEK.COM
22 NovMicrosoft Offers Up to $20,000 for Vulnerabilities in Defender ProductsMicrosoft invites researchers to new bug bounty program focused on vulnerabilities in its Defender products. The post Microsoft Offers Up to $20,000 for Vulnerabilities in Defender Products appeared first on SecurityWeek .SECURITYWEEK.COM
22 NovHumans Are Notoriously Bad at Assessing RiskWhen too much subjectivity is mixed into risk assessment, it can produce a risk picture that is not an accurate representation of reality. The post Humans Are Notoriously Bad at Assessing Risk appeared first on SecurityWeek .SECURITYWEEK.COM
22 NovNorth Korean Hackers Pose as Job Recruiters and Seekers in Malware CampaignsNorth Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U.S. and other parts of the world. The activity clusters have been cod…THEHACKERNEWS.COM
22 NovNew Data Covers How the Retail Market is at Greater Risk of Industry-Specific CyberthreatsA new analysis of the retail market’s threat landscape discusses the challenges faced by this industry and what threat tactics are being used to take advantage of retail’s cyber weaknesses.KNOWBE4.COM
22 NovDigital Skimming Increases by 50%, Just in Time for the Holiday SeasonSecurity researchers identify growth in the use of an ongoing cyberskimming campaign that involves compromising legitimate website checkout code.KNOWBE4.COM
22 NovVisa Warns of Increased Phishing Scams During Holiday SeasonVisa Payment Fraud Disruption (PFD) expects phishing attacks to increase between November 2023 and January 2024. Findings in its Holiday Edition Threats Report outline the popular fraud tactics predicted this holiday season.KNOWBE4.COM
22 NovNorth Korean Hackers Posed as Job Recruiters and SeekersTwo ongoing efforts, Contagious Interview and Wagemole, have been identified to target job-seeking activities connected to North Korean Hackers and state-sponsored threat actors. Threat actors use the interview process in “Contagious Interview” to trick developers int…GBHACKERS.COM
22 NovPoloniex Offered $10 Million Reward to Hacker for Return of $120 MillionPoloniex is a popular cryptocurrency exchange platform headquartered in the United States that provides a diverse range of digital assets for trading. The platform was established in January 2014 by Tristan D’Agosta, with a vision to make cryptocurrency trading easier and m…GBHACKERS.COM
22 NovDarkGate Gained Popularity for its Covert Nature and Antivirus EvasionDarkGate, a sophisticated Malware-as-a-Service (MaaS) offered by the enigmatic RastaFarEye persona, has surged in prominence. The malware is known for abusing Microsoft Teams and MSI files to compromise target systems. This Sekoia report delves into its ominous capabilities, exam…GBHACKERS.COM
22 NovInterview with Brian Snow - PSW VaultBrian Snow spent his first 20 years at NSA doing and directing research that developed cryptographic components and secure systems. Many cryptographic systems serving the U.S. government and military use his algorithms; they provide capabilities not previously available and span …YOUTUBE.COM
22 NovWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 0 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
22 NovNext Level Curl - 2023 Platform Summit - Daniel Stenberg - 32 minutessubmitted by ashar to security_cpe 2 points | 0 comments https://infosec.pub/pictrs/image/78cfb2d8-e703-494b-bd78-7b1164e70fe9.png Next Level Curl - Daniel Stenberg Everyone uses curl, the Swiss army knife of Internet transfers. Earlier this year we celebrated curl’s 25th birthda…INFOSEC.PUB
22 NovA Touch of Pwn: Attacking Windows Hello Fingerprint Authenticationsubmitted by L4s to secops 3 points | 0 comments https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/ A Touch of Pwn: Attacking Windows Hello Fingerprint Authentication::Blackwing Intelligence provides high-end security engineering, analysis, and research services for engine…BLACKWINGHQ.COM
22 NovDiamond Sleet supply chain compromise distributes a modified CyberLink installerMicrosoft has uncovered a supply chain attack by the threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp. This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
22 NovEx-NSO Execs Raise $35 Million for Dream SecurityDream Security has raised $35 million in a financing round led by existing investors Aleph and Dovi France's Group 11. It offers a range of products that assess and predict cyber threats, react in real-time, and create customized protective measures.EN.GLOBES.CO.IL
22 NovClearFake Campaign Expands to Target Mac Systems with Atomic StealerThe macOS information stealer known as Atomic is now being delivered to target via a bogus web browser update chain tracked as ClearFake. "This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not onl…THEHACKERNEWS.COM
22 NovHow Ducktail steals Facebook accounts | Kaspersky official blogHow attackers steal Facebook Ads and Business accounts with Ducktail malware (with infected archives and a malicious browser extension).KASPERSKY.COM
📡 INFOSEC NEWS 10[−]
22 NovThe Black Friday 2023 Security, IT, VPN, & Antivirus DealsBlack Friday 2023 is here, and great deals are live in computer security, software, online courses, system admin services, antivirus, and VPN software. [...]BLEEPINGCOMPUTER.COM
22 NovUS Authorities Trace and Return Nearly $9M Stolen by ScammersThe US Secret Service and various reporting portals tied the criminals' laundering efforts to multiple wallet addresses. The seized proceeds were returned in the stablecoin Tether.THEREGISTER.COM
22 NovAI Solutions Are the New Shadow ITAmbitious Employees Tout New AI Tools, Ignore Serious SaaS Security RisksLike the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot. Employees are covertly using AI with little regard for established IT and cybersecurity review p…THEHACKERNEWS.COM
22 NovNetflix Bug That Opened Smart TVs To Attacks Is Detailed, 4 Years LaterPACKETSTORMSECURITY.COM
22 NovSam Altman Is Back As OpenAI CEO Just Days After Being Removed, Along With A New BoardPACKETSTORMSECURITY.COM
22 NovAttack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code SigningThe Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.TRENDMICRO.COM
22 NovWhich DevOps Skills are the Hardest to Learn?DevOps professionals face expansive challenges, from learning complex technologies to developing and honing interpersonal skills. Read on to discover some of the most difficult skills the role demands.TRENDMICRO.COM
22 NovYour voice is my passwordAI-driven voice cloning can make things far too easy for scammers – I know because I’ve tested it so that you don’t have to learn about the risks the hard way.WELIVESECURITY.COM