58Articles
8Categories
2023-11-23Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
23 Nov KEVCisco Patched Products Vulnerable to HTTP/2 Rapid Reset AttackA new high-severity vulnerability has been discovered in multiple Cisco products, which could potentially allow HTTP/2 Rapid Reset Attack. This vulnerability enables a novel distributed denial of service (DDoS) attack technique. This vulnerability was assigned with CVE-2023-44487…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 13[−]
23 NovCISA Urges Patching as Hackers Exploit 'Looney Tunables' BugKinsing Threat Actor Observed Targeting Vulnerable Cloud Environments With New Flaw The Cybersecurity and Infrastructure Security Agency is requiring federal agencies to patch Linux devices on their networks and urging private sector organizations to do the same after security re…DATABREACHTODAY.CO.UK
23 NovAustralia Unveils AU$587M Strategy to Defeat CybercrimeAustralia Envisions Cybersecurity Leadership in the Pacific With New Strategy The Australian government says it will mandate ransomware reporting by businesses, boost law enforcement capacity and fund startups with innovative cybersecurity solutions under a strategy unveiled Mond…DATABREACHTODAY.CO.UK
23 NovFounder Sam Altman Back as OpenAI CEO Under Revamped BoardEx-Salesforce CEO Taylor to Chair Initial 3-Member Board; Altman, Brockman Kept Off The nonprofit behind ChatGPT reinstated co-founder Sam Altman as its chief executive following a tumultuous 106 hours that saw OpenAI burn through two interim CEOs. Most of the board members respo…DATABREACHTODAY.CO.UK
23 NovOpen-Source Blender Project Battling DDoS Attacks Since SaturdayDue to the incident, users may experience difficulties accessing Blender's services and sites, and should be cautious of downloading from third-party sources to avoid malware infections.BLEEPINGCOMPUTER.COM
23 NovNew InfectedSlurs Mirai-based Botnet Exploits Two Zero-DaysA new Mirai-based botnet called InfectedSlurs has been discovered by Akamai, using two zero-day vulnerabilities to infect routers and video recorder devices. First observed in October 2023, the botnet is believed to be active since at least 2022.SECURITYAFFAIRS.COM
23 NovMirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS AttacksAn active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service (DDoS) botnet. “The payload targets routers and network video recorder (NVR) d…THEHACKERNEWS.COM
23 NovExposed Kubernetes Secrets Allow Hackers to Access Sensitive EnvironmentsKubernetes is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications. Besides this, hackers often target Kubernetes due to its widespread adoption, making it a valuable attack vector for compromising an…GBHACKERS.COM
23 NovWindows Hello Fingerprint Authentication Exploited on Microsoft, Dell, & Lenovo LaptopsMicrosoft Windows Hello Fingerprint authentication was evaluated for security over its fingerprint sensors embedded in laptops. This led to the discovery of multiple vulnerabilities that would allow a threat actor to bypass the Windows Hello Authentication completely. The researc…GBHACKERS.COM
23 NovParaSiteSnatcher: How Malicious Chrome Extensions Target BrazilWe detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.TRENDMICRO.COM
23 NovCyberattacks on Israel intensify as the war against Hamas rages: Check PointThe ongoing conflict between Israel and Hamas has led to a significant increase in cyberattacks, which continue to intensify as the war prolongs, in Israel, according to Check Point software. "We have seen an increase of approximately 20% in cyberattacks in Israel during the war,…CSOONLINE.COM
23 NovAlert: New WailingCrab Malware Loader Spreading via Shipping-Themed EmailsDelivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as WailingCrab. "The malware itself is split into multiple components, including a loader, injector, downloader and backdoor, and successful requests to C2-controlled serve…THEHACKERNEWS.COM
23 NovNorth Korean Hacking Alert Sounded by UK and South KoreaSupply Chain Attacks: Hackers Target Zero-Days in Widely Used Software, Alert Warns North Korean state-affiliated hackers are continuing to exploit zero-days in popular software applications as part of global supply chain attack campaigns for espionage and financial theft purpose…DATABREACHTODAY.CO.UK
23 NovBreach Roundup: Filipinos Under Fire From 'Mustang Panda'Also, Kansas Courts Say Ongoing Outage Traces to Attack; Confidential Data Stolen This week's data breach roundup: Chinese-affiliated hackers target the Philippine government; Kansas Courts confirm data theft; officials warn of exploited flaws in Sophos, Oracle and Microsoft soft…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 12[−]
23 NovElection Integrity Fears in Europe Provoke Joint ExerciseCybersecurity and Deepfakes Are Major Concerns European electoral and cybersecurity authorities on Tuesday held a joint exercise assessing plans to hold an incident-free election, weeks after trading bloc cybersecurity agency ENISA said the election is at risk from deepfake image…DATABREACHTODAY.CO.UK
23 NovKiteworks' Maytech Acquisition Reaffirms Commitment to UK MarketKiteworks has announced its merger with Maytech, combining their data privacy and compliance solutions with data file transfer capabilities. The acquisition strengthens Kiteworks' position in the UK market.DARKREADING.COM
23 NovBoeing Breach Exposes Cyber Extortionist Threat — Ultra Unlimitedsubmitted by Ultra_Unlimited to cybersecurity 1 points | 0 comments https://www.ultra-unlimited.com/blog/boeing-breachULTRA-UNLIMITED.COM
🔥 INCIDENT REPORTING 8[−]
23 NovUpdate: Kansas Courts Confirm Data Theft, Ransom Demand After CyberattackThe incident affected multiple systems, including eFiling, electronic payment, and case management systems. The affected services are still offline. The incident also involved a data breach, with hackers threatening to leak stolen data.BLEEPINGCOMPUTER.COM
23 NovCyberattackers Leaked Data of 27,000 NYC Bar Association MembersThe Clop ransomware gang claimed responsibility for the attack, highlighting the increasing threat posed by ransomware groups to bar associations and other organizations.THERECORD.MEDIA
23 NovNew Relic Notifies Customers of a Cyber IncidentThe company has not provided any specific details about the nature of the incident, but customers are advised to monitor their accounts for suspicious activity. It is unclear whether all or a few selected New Relic customers are at risk.THEREGISTER.COM
23 Nov6 Steps to Accelerate Cybersecurity Incident ResponseModern security tools continue to improve in their ability to defend organizations’ networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible…THEHACKERNEWS.COM
23 NovUpdate: Welltok Data Breach Exposes Data of 8.5 Million US PatientsThe breach occurred after a file transfer program used by the company was hacked. Welltok works with health service providers, maintaining online wellness programs and holding databases with patient data.BLEEPINGCOMPUTER.COM
23 NovSmashing Security podcast #349: Ransomware gang reports its own crime, and what happened at OpenAI?Who gets to decide who should be CEO of OpenAI? ChatGPT or the board? Plus a ransomware gang goes a step further than most, reporting one of its own data breaches to the US Securities and Exchange Commission. All this and more is discussed in the latest edition of the "Smashing S…GRAHAMCLULEY.COM
23 NovCryptohack Roundup: Heco Loses $87 Million to Hack AttackAlso: Kronos Loses $25 Million via API Breach; Regulators Charge Kraken This week's cryptocurrency hack roundup features hackers stealing $87 million from Heco, Kronos reporting $25 million stolen via an API breach, regulators filing charges against Kraken, feds charging three pe…DATABREACHTODAY.CO.UK
23 NovKonni Group Using Russian-Language Malicious Word Docs in Latest AttacksA new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts. The activity has been attributed to a threat actor called Konni, which is assessed to share…THEHACKERNEWS.COM
🕵️ THREAT INTELLIGENCE 12[−]
23 NovMicrosoft Warns of North Korean Attack on CyberLink Impacting Devices Around the WorldMicrosoft has discovered a supply chain attack carried out by North Korean hackers. The attack involved attaching a malicious file to a legitimate software installer. The attack was attributed to the hacking group known as Diamond Sleet.THERECORD.MEDIA
23 NovN. Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain AttackA North Korean state-sponsored threat actor tracked as Diamond Sleet is distributing a trojanized version of a legitimate application developed by a Taiwanese multimedia software developer called CyberLink to target downstream customers via a supply chain attack. "This malicious …THEHACKERNEWS.COM
23 Nov117 Vulnerabilities Discovered in Microsoft 365 AppsMicrosoft 365 Apps is a suite of productivity tools that includes the following apps and services offered by Microsoft through a subscription service:- Hackers often target these applications because they are widely used in business environments, providing a large potential attac…GBHACKERS.COM
23 NovMillion-Dollar Crypto Scam that Leaves Investors Empty-handedIn the fast-paced world of cryptocurrency, the ever-looming threat of Rug Pulls has once again taken center stage. Check Point’s Threat Intel Blockchain system, a vigilant guardian of the blockchain realm, recently uncovered a meticulously executed scheme that swindled near…GBHACKERS.COM
23 NovHackers pose as officials to steal secrets and cryptocurrency for North KoreaThe Kimsuky hacking gang has been accused of impersonating South Korean officials and journalists in a plot to steal cryptocurrency for the North Korean regime. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
23 Nov4 of the top 10 password strength tools are giving people bad password advice, and they don't care.submitted by L4s to secops 13 points | 8 comments https://projectblack.io/blog/trusted-by-millions-yet-so-wrong/ 4 of the top 10 password strength tools are giving people bad password advice, and they don’t care.::Think your password is strong? Ever trusted a password strength to…PROJECTBLACK.IO
23 NovNullcon Goa 2023 - 18 videossubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/6a73691c-5900-4ba0-9c1e-fbf1ecdf32eb.png Nullcon Goa 2023 playlist Schedule from the website Nullcon came into existence in 2010 and is managed and marketed by Payatu Technologies Pvt Ltd. W…INFOSEC.PUB
23 NovNullcon Berlin 2023 - 16 videossubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/ac1e34ee-49d2-4cbe-ac99-d7a3bf3f6914.png Nullcon Berlin 2023 Playlist Schedule from the website Nullcon came into existence in 2010 and is managed and marketed by Payatu Technologies Pvt Ltd…INFOSEC.PUB
23 NovMySQL Security Best Practices Guide – 2024MySQL stands out for its reliability and efficiency among the various database systems available. However, as with any technology that holds valuable data, MySQL databases are a lucrative target for cybercriminals. This makes MySQL security not just an option but a necessity. Thi…GBHACKERS.COM
23 NovCybersecurity Tool Investment Set to Surge in Asia-PacificMarket Watchers Forecast Large Rise in Offensive and Defensive Tool Adoption The Asia-Pacific region will dramatically increase its investment in offensive and security tools over the next decade, amid a worsening threat landscape and rising losses, experts predict. Telemetry dat…DATABREACHTODAY.CO.UK
23 NovBreaking into Cyber – Perspective from a High School - Tim Cathcart - ESW VaultHigh School students represent the very beginning of the pipeline for the Cyber industry. What are the attitudes and perspectives of these young people? How can we attract the best and brightest into our industry? Visit https://www.securityweekly.com/esw for all the latest episod…YOUTUBE.COM
23 NovBroadcom Planning to Complete Deal for $69 Billion Acquisition of VMWare After Regulators Give OKBroadcom has cleared all regulatory hurdles and plans to complete its $69 billion acquisition of cloud technology company VMware. The post Broadcom Planning to Complete Deal for $69 Billion Acquisition of VMWare After Regulators Give OK appeared first on SecurityWeek .SECURITYWEEK.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
23 NovBlack Friday 2023: Get 25% off the Zero2Automated malware analysis courseThe popular Zero2Automated malware analysis and reverse-engineering course has a Black Friday 2023 through Cyber Monday sale, where you can get 25% off sitewide, including gift certificates and courses. [...]BLEEPINGCOMPUTER.COM
23 Nov$9 million seized from “pig butchering” scammers who preyed on lonely heartsUS authorities have seized almost $9 million worth of cryptocurrency linked to a gang engaged in cryptocurrency investment fraud and romance scams. Read more in my article on the Tripwire State of Security blog.TRIPWIRE.COM
🎙️ PODCASTS 2[−]
23 NovProtocol Isolation: The Key to Securing OT EnvironmentsThis podcast delves into the concept of protocol isolation - a security measure that isolates network protocols and the assets to which they are connected. Grant Burst of Wallix addresses the challenges of implementing protocol isolation and provides practical solutions for secur…DATABREACHTODAY.CO.UK
23 NovTransatlantic Cable podcast, episode 325 | Kaspersky official blogEpisode 325 of the Kaspersky podcast looks at AI generated music, hacker arrested for helping drug dealers & more. SEO tags: QR, Artificial Intelligence, AI music, Google, YouTube, podcast, hackers,KASPERSKY.COM
📡 INFOSEC NEWS 7[−]
23 NovIntroducing Sophos DNS ProtectionEarly access is expected to run through January 2024, so get started today.SOPHOS.COM
23 NovHow to update Android without bugs, data loss, security risks or other nuisances | Kaspersky official blogAndroid updates: pros, cons, tips for safe installationKASPERSKY.COM
23 NovTelekopye: Chamber of Neanderthals’ secretsInsight into groups operating Telekopye bots that scam people in online marketplacesWELIVESECURITY.COM