95Articles
7Categories
2023-11-27Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
27 NovDell Command Configure Vulnerability Let Attackers Compromise Vulnerable SystemsIt has been discovered that there is a high-severity vulnerability in Dell Command Configure that could potentially be exploited by malicious users to compromise the system. The vulnerability has been given a CVSS base score of 7.3 and has been classified as CVE-2023-43086. It is…GBHACKERS.COM
27 NovNukeSped Malware Exploiting Apache ActiveMQ VulnerabilityThe Andariel threat group has been discovered installing malware via the exploitation of the Apache ActiveMQ remote code execution vulnerability classified as CVE-2023-46604. The group is known to be either a subsidiary of Lazarus or in an active partnership with the Lazarus thre…GBHACKERS.COM
27 NovScans for ownCloud Vulnerability (CVE-2023-49103), (Mon, Nov 27th)Last week, ownCloud released an advisory disclosing a new vulnerability, CVE-2023-49103 [1]. The vulnerability will allow attackers to gain access to admin passwords. To exploit the vulnerability, the attacker will use the "graphapi" app to access the output of "phpinfo…ISC.SANS.EDU
27 NovVulns expose ownCloud admin passwords, sensitive datasubmitted by c0mmando to netsec 1 points | 1 comments https://www.theregister.com/2023/11/27/three_major_vulnerabilities_in_owncloud/ ownCloud has disclosed three critical vulnerabilities, the most serious of which leads to sensitive data exposure and carries a maximum severity s…THEREGISTER.COM
⚠️ VULNERABILITY DISCLOSURE 17[−]
27 NovRise of the cyber CPA: What it means for CISOsNew rules from the Association of International Certified Public Accountants require prospective CPAs to choose one of three disciplines "to demonstrate deeper skills and knowledge," according to the association's CEO, Susan Coffey. One of those disciplines is cybersecurity as pa…CSOONLINE.COM
27 NovNorth Korean Hackers Exploiting Zero-day Vulnerabilities & Supply ChainsThe DPRK has been a great threat to organizations in recent times. Their attack methods have been discovered with several novel techniques involving different scenarios. Their recent attack method was associated with fake candidates and employers for supply chain attacks. A recen…GBHACKERS.COM
27 NovEast Texas Hospital Network Affected by Potential Cybersecurity IncidentThe East Texas healthcare system is just the latest hospital group that has been forced to turn ambulances away because of an apparent cybersecurity incident. The cyber incident at UT Health East Texas began on Thursday.EDITION.CNN.COM
27 NovA year after ChatGPT’s debut, is GenAI a boon or the bane of the CISO’s existence?It has been a full year since OpenAI's ChatGPT found its way into the vernacular of the day, quickly followed by Google's Bard and other generative AI offerings. Before you could say Rumpelstiltskin, it seemed employees, contractors, customers, and partners were all flexing their…CSOONLINE.COM
27 NovSecret White House Warrantless Surveillance ProgramThere seems to be no end to warrantless surveillance : According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyz…SCHNEIER.COM
27 NovUK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day FlawsUK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks. The post UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws appeared first on SecurityWeek .SECURITYWEEK.COM
27 NovDPRK Hackers Exploit MagicLine4NX Zero-day in Supply Chain AttacksNorth Korea, DPRK threat actors, have been reportedly involved in several supply-chain attacks to gain unauthorized access to the intranet of an organization. One of the software exploited by the DPRK threat actors was the MagicLine4NX security authentication program, which conta…GBHACKERS.COM
27 NovLazarus Group Exploit MagicLine4NX Flaw to Launch Supply Chain AttacksThe NCSC and South Korea’s NIS issued a joint warning against the Lazarus hacking group leveraging a zero-day flaw in the MagicLine4NX software. The zero-day exploit allowed Lazarus to conduct a series of supply-chain attacks, starting with a watering hole attack on a media outle…CYWARE.COM
27 NovArdent hospital ERs disrupted in 6 states after ransomware attackArdent Health Services, a healthcare provider operating 30 hospitals across five U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday. [...]BLEEPINGCOMPUTER.COM
27 NovReptar: a vulnerability in Intel processors | Kaspersky official blogReptar, a vulnerability in Intel processors. What it involves and who it threatens (spoiler — primarily cloud providers).KASPERSKY.COM
27 NovWelltok's MOVEit Hack Affects Nearly 8.5 Million, So FarAbout 2 Dozen Welltok Health Plan Clients Affected in File Transfer Software Hack The tally of individuals whose health data was compromised in a hack on MOVEit file transfer software used by Welltok, a provider of online wellness resources to dozens of health plans, has soared t…DATABREACHTODAY.CO.UK
27 NovLeader of Killnet 'unmasked' by Russian state mediasubmitted by c0mmando to netsec 1 points | 0 comments https://go.theregister.com/feed/www.theregister.com/2023/11/27/leader_of_prorussia_ddos_crew/ Cybercriminals working out of Russia go to great lengths to conceal their real identities, and you won’t ever find the state trying …GO.THEREGISTER.COM
27 NovPennsylvania water authority hit with cyberattack allegedly tied to pro-Iran groupsubmitted by c0mmando to netsec 2 points | 0 comments https://therecord.media/water-authority-pennsylvania-cyberattack-pro-iran-group A water authority in Pennsylvania reportedly suffered a cyberattack, prompting officials to reassure people in the area that drinking water has no…THERECORD.MEDIA
27 NovMultiple hospitals divert ambulances after ransomware attack on parent companysubmitted by c0mmando to netsec 3 points | 0 comments https://therecord.media/ardent-health-services-ransomware-hospitals-divert-ambulances Hospitals in several states are facing issues due to a ransomware attack on parent company Ardent Health Services, which confirmed on Monday…THERECORD.MEDIA
27 Nov1% Leadership - Andy Ellis - BSW #329Most leadership books suffer from one of two critical failures (and sometimes both). The book might be a hagiography: telling you the biography of some amazing leaders, pretending there is one secret trick that will let you emulate that leader. Or the lesson of book should have b…YOUTUBE.COM
27 NovIndiHome - 12,629,245 breached accountsIn mid-2021, reports emerged of a data breach of Indonesia's telecommunications company, IndiHome . Over 26M rows of data alleged to have been sourced from the company was posted to a popular hacking forum and contained 12.6M unique email addresses alongside names, IP addresses, …HAVEIBEENPWNED.COM
27 NovHospital Chain Hit With Ransomware AttackArdent Health Services Operates 30 Hospitals, 200 Other Care Facilities in 6 States Tennessee-based Ardent Health Services, which operates dozens of hospitals and other healthcare facilities in several states, said on Monday that it is dealing with a ransomware attack that has fo…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 9[−]
27 NovKonni Group Uses Weaponized Word Documents to Deliver RAT MalwareIn the ever-evolving cybersecurity domain, the resurgence of NetSupport RAT, a Remote Access Trojan (RAT), has raised concerns among security professionals. This sophisticated malware, initially developed as a legitimate remote administration tool, has been repurposed by maliciou…GBHACKERS.COM
27 NovHow Biden's AI Executive Order Will Affect HealthcarePresident Joe Biden's recent executive order for artificial intelligence encourages investment in AI while setting a vision for a regulatory framework to address issues involving AI technology safety, bias and other concerns in healthcare, said attorney Wendell Bartnick of the la…DATABREACHTODAY.CO.UK
27 NovNew 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan GovernmentThe attack chain involves the PAExec remote administration tool, an alternative to PsExec that's used as a launchpad to create a scheduled task that masquerades as 'MicrosoftsUpdate' which subsequently is configured to execute a Windows batch script.THEHACKERNEWS.COM
27 NovHow Generative AI Will Reshape the Financial Services SectorWipro Americas 2 CEO Suzanne Dann on How Generative AI Can Address Risk, Compliance Generative AI can improve operational efficiencies, enhance risk and compliance and elevate the client experience for financial services firms, said Wipro's Suzanne Dann. Wipro embraced generative…DATABREACHTODAY.CO.UK
27 NovUkraine says it hacked Russian aviation agency, leaks dataUkraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. [...]BLEEPINGCOMPUTER.COM
27 NovResilience in a Time of Uncertainty: National Chemical Security During the CFATS LapseBut 2023 is not a normal November for CISA Chemical Security. This summer, Congress allowed the Chemical Facility Anti-Terrorism Standards program’s statutory authority to expire, leaving our nation without a regulatory chemical security program for the first time in 15 years.CISA.GOV
🔥 INCIDENT REPORTING 22[−]
27 NovJam Tangan - 434,784 breached accountsIn July 2021, the online Indonesian watch store, Jam Tangan (AKA Machtwatch), suffered a data breach that exposed over 400k customer records which were subsequently posted to a popular hacking forum. The data included email and IP addresses, names, phone numbers, physical address…HAVEIBEENPWNED.COM
27 NovMOVEit Hack : Over 185,000 AutoZone Users Personal Data HackedAutoZone Inc., a US retailer of automotive parts and accessories, warned customers that their data had been compromised as a result of the Clop MOVEit file transfer attacks. Personal information, such as the names and social security numbers of 185,000 individuals, was impacted d…GBHACKERS.COM
27 NovGulf Air Exposed to Data Breach, 'Vital Operations Not Affected'The agency quoted the company as saying that "as a result of this illegal breach some information from the company's email system and customers' database could be compromised."REUTERS.COM
27 NovCyber Security Today, Nov. 27, 2023 - Ransomware gang posts data stolen from Canadian Point of sale provider, and moreThis episode reports on the latest ransomware attacks, and details of how a gang that scams people selling used products online worksCYBERSECURITYTODAY.LIBSYN.COM
27 NovGeneral Electric Investigates Claims of Cyberattack, Data TheftAs proof of the breach, the threat actor shared screenshots of what they claim is stolen GE data, including a database from GE Aviations that appears to contain information on military projects. GE confirmed that they are investigating the claim.BLEEPINGCOMPUTER.COM
27 NovGE investigates alleged data breach into confidential projects: ReportHackers associated with a group named CyberNiggers have claimed that they have breached General Electric and accessed information related to confidential military projects that the company was working on. Last week, IntelBroker, a member of the CyberNiggers criminal group, claime…CSOONLINE.COM
27 NovFidelity National Financial Takes Down Systems Following CyberattackFidelity National Financial is experiencing service disruptions after systems were taken down to contain a cyberattack. The post Fidelity National Financial Takes Down Systems Following Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
27 NovKyberSwap Says $54.7 Million in Cryptocurrency Stolen During AttackThe company is now trying to recover the funds but argued that the incident “stands out as one of the most sophisticated in the history of DeFi.” The company advised users to “promptly withdraw their funds.”THERECORD.MEDIA
27 NovCybersecurity tool investments are rising in Asia-Pacific as Cyberattacks growInvestments in cybersecurity tools have been on the rise in the Asia-Pacific region, owing to the increased prevalence of cyberattacks. It is projected that the market will grow at a CAGR of 16.4% by 2032. The market for cyber warfare has been growing rapidly and was valued at $3…GBHACKERS.COM
27 NovMunicipal Water Authority of Aliquippa Hacked by Iranian-backed Cyber GroupThe machine that was hacked uses a system called Unitronics, which contains software or has components that are Israeli-owned. The system has since been disabled. Authorities stressed that there is no known risk to the drinking water or water supply.CBSNEWS.COM
27 NovHenry Schein Again Restoring Systems After Ransomware Group Causes More DisruptionHealthcare solutions giant Henry Schein is once again restoring systems after ransomware group claims it re-encrypted files. The post Henry Schein Again Restoring Systems After Ransomware Group Causes More Disruption appeared first on SecurityWeek .SECURITYWEEK.COM
27 NovEthyrial: Echoes of Yore hacked! 17,000 game accounts “lost”Multi-player online role-playing videogame "Ethyrial: Echoes of Yore" has suffered a ransomware attack which saw the deletion of every player's account and the loss of all characters. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
27 NovPortneuf Medical Center Latest In a String of CyberattacksThe hospital’s IT team is working to determine the impact of the outage and restore access to the network. Meanwhile, the healthcare provider is following established downtime protocols, revealed a spokesperson for Portneuf Medical Center.EASTIDAHONEWS.COM
27 NovSlovenia's largest power provider HSE hit by ransomware attackSlovenian power company Holding Slovenske Elektrarne (HSE) has suffered a ransomware attack that compromised its systems and encrypted files, yet the company says the incident did not disrupt electric power production. [...]BLEEPINGCOMPUTER.COM
27 NovThe crazy world of ransomwareHere's a bit of fun. A video of me talking for twenty minutes about ransomware - specifically some of the more bonkers stories from the world of ransomware.GRAHAMCLULEY.COM
27 NovRhysida Ransomware Group Claimed China Energy HackThe ransomware group claims to have stolen a substantial trove of ‘impressive data’ and is auctioning it for 50 BTC. The gang announced to publicly release the data over the seven days following the announcement.SECURITYAFFAIRS.COM
27 NovRivers Casino Joins the Club of Hacked CasinosRivers Casino Des Plaines is the most profitable casino in the state of Illinois. Currently, there is no information on who is behind the attack. The number of people potentially affected by the breach is also unknown.PANDASECURITY.COM
27 NovCyberattack on legal tech provider causing widespread disruption to UK law firmsCTS, a U.K.-based provider of managed IT services for law firms and the professional services industry, is experiencing a cybersecurity incident that is causing ongoing widespread disruption across the legal sector. In a statement on its website, the Cheshire-headquartered CTS co…TECHCRUNCH.COM
27 NovRansomware ‘catastrophe’ at Fidelity National Financial causes panic with homeowners and buyersLast Tuesday, Fidelity National Financial, or FNF, a real estate services company that bills itself as the “leading provider of title insurance and escrow services, and North America’s largest title insurance company,” announced that it had experienced a cyberattack. Since …TECHCRUNCH.COM
27 NovHealthcare giant Henry Schein hit twice by BlackCat ransomwareAmerican healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October. [...]BLEEPINGCOMPUTER.COM
27 NovRansomware attack on indie game maker wiped all player accountsA ransomware attack on the "Ethyrial: Echoes of Yore" MMORPG last Friday destroyed 17,000 player accounts, deleting their in-game items and progress in the game. [...]BLEEPINGCOMPUTER.COM
27 NovZscaler Taps Generative AI to Measure Risk, Predict BreachesZscaler Brings Generative AI to Data Protection Bundles, Debuts Standalone AI Tools Zscaler infused generative AI features into its data protection bundles and is introducing AI-powered products that quantify risk and predict breaches, said CEO Jay Chaudhry. The cloud security fi…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 25[−]
27 NovDefending Azure Active Directory (Entra ID): Unveiling Threats Through Hunting Techniquessubmitted by L4s to secops 1 points | 0 comments https://www.rezonate.io/blog/defending-azure-active-directory/? Defending Azure Active Directory (Entra ID): Unveiling Threats Through Hunting Techniques::Azure Active Directory stands as one of the most popular and widely-used clo…REZONATE.IO
27 NovISC Stormcast For Monday, November 27th, 2023 https://isc.sans.edu/podcastdetail/8752, (Mon, Nov 27th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
27 NovPentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous WeaponsThe U.S. military is increasing use of AI technology that will fundamentally alter the nature of war. The post Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons appeared first on SecurityWeek .SECURITYWEEK.COM
27 NovDarkGate Malware-as-a-Service Evolved as Complete ToolkitDarkGate is a complete toolkit, first discovered in 2018, that provides attackers with extensive capabilities to access target systems completely. On underground cybercrime forums, an actor known as RastaFarEye develops and sells the software as Malware-as-a-Service (MaaS). The m…GBHACKERS.COM
27 NovGUEST ESSAY: Steps to leveraging ‘Robotic Process Automation’ (RPA) in cybersecurityIn cybersecurity, keeping digital threats at bay is a top priority. A new ally in this battle is robotic process automation (RPA.) This technology promises to simplify tasks, boost accuracy and quicken responses. Related: Gen-A’s impact on DevSecOps Robotic process … …LASTWATCHDOG.COM
27 NovHackers Hijack Industrial Control System at US Water UtilityMunicipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or water supply. The post Hackers Hijack Industrial Control System at US Water Utility appeared first on SecurityWeek .SECURITYWEEK.COM
27 NovMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 2 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
27 NovA New Telekopye Bots That Tricks Users to Steal Payment DetailsPhishing bots are a tool used by hackers to fool people into disclosing private information such as- With the help of these automated tools, threat actors easily create deceptive, harmful emails and websites, which makes it easier for them to take advantage of vulnerabilities and…GBHACKERS.COM
27 NovUS, UK Cybersecurity Agencies Publish AI Development GuidanceNew guidance from US and UK cybersecurity agencies provides recommendations for secure AI system development. The post US, UK Cybersecurity Agencies Publish AI Development Guidance appeared first on SecurityWeek .SECURITYWEEK.COM
27 NovHacktivism: What’s in a Name… It May be More Than You ExpectHacktivism is evolving. It is important for both the law and cyber defenders to understand the current and potential activity of hacktivism to better understand how it should be treated. The post Hacktivism: What’s in a Name… It May be More Than You Expect appeared first on Secur…SECURITYWEEK.COM
27 NovLemmy security bug: data leak to ISPs when users view a threadsubmitted by soloActivist to cybersecurity 3 points | 0 comments cross-posted from: links.hackliberty.org/post/454425 When I visit this post: jlai.lu/post/2250911 the embedded short abstract intro to the article is “403 Blocked www.lecho.be” When I try visiting the link directly …INFOSEC.PUB
27 NovWhy IT teams should champion AI in the workplace, and deploy secure AI tools safely to their teamsGraham Cluley Security News is sponsored this week by the folks at Glide. Thanks to the great team there for their support! AI technology is quickly finding it’s footing in the workplace. IT teams need to lead the charge on AI adoption at their companies to ensure it happens safe…GRAHAMCLULEY.COM
27 NovUdderly Insecure: Researchers Spot Cow-Tracking Collar FlawsIoT Hackers Could Inject Data to Fool 'Smart' Farmers and Vets About Animal Welfare Not even dairy cows appear to be safe from internet of things flaws, researchers report after reverse-engineering health-monitoring collars for cows and finding they could eavesdrop on and alter d…DATABREACHTODAY.CO.UK
27 NovCritical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication BypassThree critical vulnerabilities in ownCloud could lead to sensitive information disclosure and authentication and validation bypass. The post Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass appeared first on SecurityWeek .SECURITYWEEK.COM
27 Nov1% Leadership with Andy Ellis – BSW #329Join us live at 2pm ET as we discuss 1% Leadership with Andy Ellis. Most #leadership books suffer from one of two critical failures (and sometimes both). The book might be a hagiography: telling you the biography of some amazing leaders, pretending there is one secret trick that …YOUTUBE.COM
27 NovEvilSlackbot: A Slack Attack Frameworksubmitted by L4s to secops 1 points | 0 comments https://github.com/Drew-Sec/EvilSlackbot EvilSlackbot: A Slack Attack Framework::A Slack bot phishing framework for Red Teaming exercises - GitHub - Drew-Sec/EvilSlackbot: A Slack bot phishing framework for Red Teaming exercisesGITHUB.COM
27 NovHow to Handle Retail SaaS Security on Cyber MondayIf forecasters are right, over the course of today, consumers will spend $13.7 billion. Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text…THEHACKERNEWS.COM
27 Nov1% Leadership | Leadership & Communications - BSW #329This week, we are kick things off with an interview with Andy Ellis, Operating Partner at YL Ventures, about 1% Leadership. Then we discuss our Leadership and Communications articles for this week. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: …YOUTUBE.COM
27 NovInitial Access Broker Activity Doubles in One Year’s TimeNew data sheds light on just how active the Initial Access Broker (IAB) business is, and the growth uncovered doesn’t bode well for potential victim organizations.KNOWBE4.COM
27 NovHuntress Finds Business Email Compromise (BEC) Increases In Q3, 2024Huntress has released a report finding that business email compromise (BEC) attacks have risen in the third quarter of 2023.KNOWBE4.COM
27 NovAnother CISO Scapegoat as SEC Welcomes CISOs to the Big Leagues - BSW #329In the leadership and communications section, Clorox Scapegoats Cyber Chief, Rewards Board After Crisis, The SEC To CISOs: Welcome To The Big Leagues, SolarWinds: SEC lacks 'competence' to regulate cybersecurity, and more! Visit https://www.securityweekly.com/bsw for all the late…YOUTUBE.COM
27 NovHave I Been Squatted? — Check if your domain has been typosquattedsubmitted by L4s to secops 1 points | 0 comments https://www.haveibeensquatted.com/ Have I Been Squatted? — Check if your domain has been typosquatted::A fast domain and typosquatting discovery toolHAVEIBEENSQUATTED.COM
27 NovUS, UK Cyber Agencies Spearhead Global AI Security GuidanceGlobal Cybersecurity Agencies Say 'Secure by Design' Is Key to AI Threat Mitigation Nearly two dozen national cybersecurity organizations on Sunday urged AI developers to embrace "secure by design" and other preventive measures aimed at keeping hackers out from the mushrooming wo…DATABREACHTODAY.CO.UK
27 NovChimera | Aliquippa | FNF | Lazarus | DARPA | Namedrop | Google | Aaran Leyland & More! – SWN344This week, Doug Talks: Chimera, Aliquippa, FNF, Lazarus, DARPA, Namedrop, Google, Aaran Leyland, and More on the security weekly news. →Full Show Notes: https://securityweekly.com/swn344 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our website: http…YOUTUBE.COM
27 NovAI and LLMs - Think of the Children | AI, LLMs and Some Hardware Hacking | News - PSW8086:00pm ET - Josh More 7:00pm ET - Matthew Carpenter 8:00pm ET - Security News This week, we start things off with an interview with Josh More, President & Peon at Eyra Security, about AI and LLMs - Think of the Children. Then we discuss AI, LLMs and Some Hardware Hacking with Mat…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
📡 INFOSEC NEWS 17[−]
27 NovU.S., U.K., and Global Partners Release Secure AI System Development GuidelinesThe U.K. and U.S., along with international partners from 16 other countries, have released new guidelines for the development of secure artificial intelligence (AI) systems. "The approach prioritizes ownership of security outcomes for customers, embraces radical transparency and…THEHACKERNEWS.COM
27 NovModern Attack Surface Management for Cloud TeamsToday’s attack surface requires modern processes and security solutions. Explore the tenants of modern attack surface management (ASM) and what Cloud teams need to look for in an ASM solution.TRENDMICRO.COM
27 NovThe Dark Side of AI: Large-Scale Scam Campaigns Made Possible by Generative AIGenerative artificial intelligence technologies such as OpenAI’s ChatGPT and DALL-E have created a great deal of disruption across much of our digital lives. Creating credible text, images and even audio, these AI tools can be used for both good and ill. That includes their appli…SOPHOS.COM
27 NovExperts Uncover Passive Method to Extract Private RSA Keys from SSH ConnectionsA new study has demonstrated that it's possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established. The Secure Shell (SSH) proto…THEHACKERNEWS.COM
27 NovGoogle Drive users angry over losing months of stored dataGoogle Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023. [...]BLEEPINGCOMPUTER.COM
27 NovLeveraging Wazuh to combat insider threatsEffective strategies for mitigating insider threats involve a combination of detective and preventive controls. Such controls are provided by the Wazuh SIEM and XDR platform. [...]BLEEPINGCOMPUTER.COM
27 NovGuidelines for secure AI system developmentGuidelines for secure AI system development to help AI system developmentCYBER.GC.CA
27 NovMicrosoft deprecates Defender Application Guard for OfficeMicrosoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an alternative. [...]BLEEPINGCOMPUTER.COM
27 NovCloud Security Predictions at AWS re:Invent 2023Heading to AWS re:Invent 2023? Don’t miss out on our talk with Melinda Marks, ESG Practice Director for Cybersecurity, about cloud detection and response (CDR) and what’s trending in cloud security.TRENDMICRO.COM
27 NovCloud Security Predictions at AWS re:Invent 2023Heading to AWS re:Invent 2023? Don’t miss out on our talk with Melinda Marks, ESG Practice Director for Cybersecurity, about cloud detection and response (CDR) and what’s trending in cloud security.TRENDMICRO.COM
27 NovUkraine detains Victor Zhora, former top government cyber officialLast week, the Ukrainian government fired two of its top cybersecurity officials, who are accused of embezzlement. Now, one of them has been detained. Ukraine’s senior cabinet official Taras Melnychuk announced the firings in a public post on Telegram last week. The two officials…TECHCRUNCH.COM
27 Nov‘Tis the season to be wary: 12 steps to ruin a cybercriminal's dayThe holiday shopping season may be the time to splurge, but it’s a also favorite time of year for cybercriminals to target shoppers with phony deals, phishing scams and other threatsWELIVESECURITY.COM
27 NovSensor Intel Series: Top CVEs in October 2023Despite an overall downward trend, an old favorite comes back into play.F5.COM
27 NovSensor Intel Series: Top CVEs in October 2023Despite an overall downward trend, an old favorite comes back into play.F5.COM