🚨 CISA KEV 1[−]
30 Nov KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-6345 Google Skia Integer Overflow Vulnerability CVE-2023-49103 ownCloud graphapi Information Disclosure Vulnerability These types of vulnerab…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
30 NovProphetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today, (Thu, Nov 30th)Last week, Jonah Latimer posted here about traffic he saw to his own EC2 web honeypot exploiting %%cve:2023-1389%%. I found this looking at new URL strings to our honepot network, and so for on 29 Nov 23, there have been about 300 detections for this vulnerabi…ISC.SANS.EDU
30 NovQlik Sense Vulnerabilities Exploited in Ransomware AttacksQlik Sense vulnerabilities CVE-2023-41266, CVE-2023-41265 and CVE-2023-48365 exploited for initial access in Cactus ransomware attacks. The post Qlik Sense Vulnerabilities Exploited in Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
30 NovApple Patches WebKit Flaws Exploited on Older iPhonesApple's security response team warns that flaws CVE-2023-42916 and CVE-2023-42917 were already exploited against versions of iOS before iOS 16.7.1. The post Apple Patches WebKit Flaws Exploited on Older iPhones appeared first on SecurityWeek .SECURITYWEEK.COM
30 NovMultiple Vulnerabilities Affecting Web-Based Court Case and Document Management SystemsCISA has assisted a researcher with coordinating the disclosure of multiple researcher-discovered vulnerabilities affecting web-based case and document management systems used by multiple state, county, and municipal courts. Affected systems include products from Tyler Technologi…CISA.GOV
⚠️ VULNERABILITY DISCLOSURE 31[−]
30 NovAI and LLMs - Think of the Children - Josh More - PSW #808What will the future bring with respect to AI and LLMs? Josh has spent some time thinking about this and brings us some great resources. We'll discuss how to get students involved with AI in a safe and ethical manner. How can we use AI to teach people about cybersecurity? What to…YOUTUBE.COM
30 NovAI, LLMs and Some Hardware Hacking - Matthew Carpenter - PSW #808Our good friend Matt Carpenter joins us to share his thoughts on what's going on in the world of AI and LLMs. Matt is also a hacker specializing in hardware and the crew has some amazing hardware hacking topics to discuss (as usual). Segment Resources: https://garymarcus.substack…YOUTUBE.COM
30 Nov KEVOkta security breach affected all customer support system userssubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/okta-security-breach-all-support-users All Okta customer support system users were impacted by a security breach announced last month, the company’s chief security officer said Wednesday — revealing tha…THERECORD.MEDIA
30 NovHow to maintain a solid cybersecurity posture during a natural disasterIt's common knowledge that natural disasters are increasingly threatening more and more of the world and in places that were once thought of as safe from the ravages of nature. According to the US National Oceanic and Atmospheric Administration, there were 25 billion-dollar-plus …CSOONLINE.COM
30 NovAttackers could abuse Google’s SSO integration with Windows for lateral movementAttackers are always looking for new ways to expand their access inside corporate networks once they hack into a machine or a user account. Recent research by security firm Bitdefender shows how attackers can gain access to Google Workspace and Google Cloud services by stealing a…CSOONLINE.COM
30 NovNorth Korean Hackers Attacking macOS Using Weaponized DocumentsHackers often use weaponized documents to exploit vulnerabilities in software, which enables the execution of malicious code. All these documents contain malicious code or macros, often disguised as familiar files, which help hackers gain unauthorized access and deliver malware t…GBHACKERS.COM
30 NovZyxel Command Injection Flaws Let Attackers Run OS CommandsThree Command injection vulnerabilities have been discovered in Zyxel NAS (Network Attached Storage) products, which could allow a threat actor to execute system commands on successful exploitation of these vulnerabilities. Zyxel NAS (Network Attached Storage) devices provide fas…GBHACKERS.COM
30 NovEx-Motorola Tech Pleads Guilty to Cybercrime, Passport FraudWhile he mostly tried to cover his tracks by using what prosecutors described as "anonymized" Amazon Web Services IP addresses for the scam, law enforcement were able to trace his actions to a Comcast IP address and his Massport email address.THEREGISTER.COM
30 NovCISA Warns Hackers Exploiting Wastewater Systems Management Logic ControllersIn a disconcerting turn of events, cyber threat actors have set their sights on Unitronics programmable logic controllers (PLCs) embedded in Water and Wastewater Systems (WWS). This perilous trend casts a looming shadow over the nation’s critical infrastructure, with …GBHACKERS.COM
30 NovGoogle’s RETVec Open Source Text Vectorizer Bolsters Malicious Email DetectionGoogle shows how RETVec, a new and open source text vectorizer, can improve the detection of phishing attacks, spam and other harmful content. The post Google’s RETVec Open Source Text Vectorizer Bolsters Malicious Email Detection appeared first on SecurityWeek .SECURITYWEEK.COM
30 NovCACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted AttacksA CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments. "This campaign marks the first documented instance [...] where th…THEHACKERNEWS.COM
30 NovOkta confirms recent hack affected all customers within the affected systemIdentity and access management company, Okta, has revealed last month's security incident within its support case management system has affected all users, contrary to earlier reports of it compromising the data of only one percent of users. In a November 21 update on the inciden…CSOONLINE.COM
30 NovTop Four Security Tips for Cyber Safety on National Computer Security DayTo celebrate National Computer Security Day , which is recognized on November 30 every year, KnowBe4 encourages all IT and security professionals to train their workforce how to stay safe from cybersecurity threats as the organization’s last line of defense.KNOWBE4.COM
30 NovZyxel Security Advisory for Authentication Bypass and Command Injection Vulnerabilities in NAS productsThree Command injection vulnerabilities have been discovered in Zyxel NAS (Network Attached Storage) products, which could allow a threat actor to execute system commands on successful exploitation of these vulnerabilities.ZYXEL.COM
30 NovCISA Warns of Unitronics PLC Exploitation Following Water Utility HackIn the case of the Municipal Water Authority of Aliquippa, CISA noted that the attackers likely accessed the ICS device “by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet”.SECURITYWEEK.COM
30 NovDistributed denial of service attacks - prevention and preparation - ITSAP.80.110All organizations rely on network resources and are potential targets of a DDoS attack.CYBER.GC.CA
30 NovCISA Releases Four Industrial Control Systems AdvisoriesCISA released four Industrial Control Systems (ICS) advisories on November 30, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-334-01 Delta Electronics DOPSoft ICSA-23-334-02 Yokogawa STARDOM …CISA.GOV
30 NovGood news, startups: Q3 software results are changing the tech narrativeNew data from Salesforce, Zuora, Okta, Nutanix and Snowflake makes it plain that several tech sectors are doing better than a lot of people expected. © 2023 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
30 NovHackers Using Weaponized Invoice to Deliver LUMMA MalwareHackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious links within seemingly legitimate payment requests. This tactic aims to deceive recipients into opening the invoice, leading to:- Cybersecurity researchers at Percepti…GBHACKERS.COM
30 NovExtracting GPT’s Training DataThis is clever : The actual attack is kind of silly. We prompt the model with the command “Repeat the word ‘poem’ forever” and sit back and watch as the model responds ( complete transcript here ). In the (abridged) example above, the model emits a real em…SCHNEIER.COM
30 NovCactus ransomware exploiting Qlik Sense flaws to breach networksCactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to get initial access on corporate networks. [...]BLEEPINGCOMPUTER.COM
30 NovApple fixes two new iOS zero-days in emergency updatesApple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. [...]BLEEPINGCOMPUTER.COM
30 Nov68% of US Websites Exposed to Bot AttacksAs per DataDome’s report shared with Hackread.com ahead of publication on Tuesday, 72.3% of e-commerce websites and 65.2% of classified ad websites failed the bot tests, whereas 85% of DataDome’s fake Chrome bots remained undetected.HACKREAD.COM
30 NovApple Patches Exploited WebKit Vulnerabilitiues in iOS/iPadOS/macOS, (Thu, Nov 30th)Apple today released patches for two WebKit vulnerabilities affecting macOS, iPadOS and iOS. I would expect standalone Safari updates for older macOS versions in the future. At this point, only the most recent operating system versions received patches.
ISC.SANS.EDU
30 NovBreach Roundup: Ukraine Hacks Russian Aviation AgencyAlso, Cyberattack Targets Japan's Space Agency JAXA This week, Ukraine's intelligence service hacked Russian aviation agency, a cyberattack targeted Japan's space agency, Google addressed another zero-day, a French-led operation dismantled a Ukrainian ransomware group, and spywar…DATABREACHTODAY.CO.UK
30 NovConti-linked ransomware takes in $107 million in ransoms: ReportBlack Basta, a r ansomware campaign thought to be the brainchild of people linked to the infamous Conti malware gang, has been paid more than $100 million in the past year and a half, infecting 329 known victims. According to a report published this week by blockchain analytics f…CSOONLINE.COM
30 NovOkta Delays New Products, Projects 90 Days to Boost SecurityPush Comes After Okta Said Hacker Had Stolen Every Customer Support User's Details Okta has paused product development and internal projects for 90 days to beef up its security architecture and operations for applications, hardware and third-party vendors. Okta will move to stren…DATABREACHTODAY.CO.UK
30 NovLogoFAIL bugs in UEFI code allow planting bootkits via imagesMultiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver bootkits. [...]BLEEPINGCOMPUTER.COM
30 NovLogoFAIL attack can install UEFI bootkits through bootup logosMultiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver bootkits. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 8[−]
30 NovCISA Debuts ‘Secure by Design’ Alert SeriesNew CISA alerts shed light on the harm occurring when software vendors fail to implement secure by design principles. The post CISA Debuts ‘Secure by Design’ Alert Series appeared first on SecurityWeek .SECURITYWEEK.COM
30 NovNIST Says Federal Agencies Struggling to Achieve Zero TrustAgencies Face Array of Implementation Challenges While Racing Toward 2024 Deadline A National Institute of Standards and Technology official said agencies are facing a variety of challenges in implementing enterprisewide zero trust architectures, from a lack of insight into their…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 23[−]
30 NovGo Ninja - 4,999,001 breached accountsIn December 2019, the now defunct German gaming website Go Ninja suffered a data breach that exposed 5M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes. More than 4M of the email addresses appeared to have been g…HAVEIBEENPWNED.COM
30 NovQueensland Passes Mandatory Data Breach Notice LawsThe bill also aligns state privacy law more closely with national privacy principles and reforms the Right to Information framework to reduce barriers to citizens accessing government-held information.INNOVATIONAUS.COM
30 NovRhysida Ransomware Group Hacked King Edward VII’s HospitalThe ransomware group claims to have stolen a substantial trove of ‘sensitive data’ and is auctioning it for 10 BTC. As usual, the Rhysida ransomware operators plan to sell the stolen data to a single buyer.SECURITYAFFAIRS.COM
30 NovBlack Basta Ransomware Group Makes $100m Since 2022It’s long been suspected that Black Basta is an offshoot of Conti, a prolific ransomware group that ceased operations at the time Black Basta began. The new analysis from Corvus highlighted a significant crossover in targeted sectors.INFOSECURITY-MAGAZINE.COM
30 Nov2 Municipal Water Facilities Report Falling To Hackers In Separate BreachesPACKETSTORMSECURITY.COM
30 NovDollar Tree Impacted by ZeroedIn Data Breach Affecting 2 Million IndividualsZeroedIn says personal information of 2 million individuals was compromised in an August 2023 data breach that impacts customers such as Dollar Tree. The post Dollar Tree Impacted by ZeroedIn Data Breach Affecting 2 Million Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
30 NovDollar Tree Hit by Third-Party Data Breach Impacting Two Million PeopleDollar Tree's service provider, Zeroed-In, suffered a security incident between August 7 and 8, 2023. As part of this cyberattack, the threat actors managed to steal data containing the personal information of Dollar Tree and Family Dollar employees.BLEEPINGCOMPUTER.COM
30 NovClaiming Zoom Rooms Service Accounts to Gain Access to TenantsThe finding highlights the potential misuse of service accounts to gain unauthorized access to SaaS systems. Abusing the bug enabled attackers to predict service account email addresses, hijack the accounts, and collect sensitive information.APPOMNI.COM
30 NovBlack Basta Ransomware Group Received Over $100 Million From 90 VictimsThe Black Basta ransomware group has infected over 300 victims and received more than $100 million in ransom payments. The post Black Basta Ransomware Group Received Over $100 Million From 90 Victims appeared first on SecurityWeek .SECURITYWEEK.COM
30 NovTransatlantic Cable podcast, episode 326 | Kaspersky official blogEpisode 326 of the Kasperksy podcast looks at data breaches, US police return $9M from hackers, homes in limbo after cyber-attack and more!KASPERSKY.COM
30 NovNew Jersey, Pennsylvania Hospitals Affected by CyberattacksThe company’s IT team said it is working to restore hospital systems and data but noted that its emergency rooms are still open to those in need of care. Some elective surgeries have been moved to later dates.THERECORD.MEDIA
30 NovAfter a week-long outage, Fidelity National Financial confirms cyberattack is now ‘contained’Fidelity National Financial, or FNF, one of the largest real estate services companies in the United States, said it “contained” a recent cyberattack that engulfed its many subsidiaries and customers in a state of chaos for more than a week. In a filing with the U.S. Securities a…TECHCRUNCH.COM
30 NovStaples confirms cyberattack behind service outages, delivery issuesAmerican office supply retailer Staples took down some of its systems earlier this week after a cyberattack to contain the breach's impact and protect customer data. [...]BLEEPINGCOMPUTER.COM
30 NovEx-Motorola worker phished former employer to illegally hack network and steal dataA 28-year-old maj has pleaded guilty to charges that he illegally hacked the network of his former company, telecoms firm Motorola, after he successfully tricked current staff into handing over their login credentials. Read more in my article on the Tripwire State of Security blo…TRIPWIRE.COM
30 NovCryptohack Roundup: KyberSwap Hacker Demands ControlAlso: Treasury Calls for Stronger Sanctions Powers; Aerodrome, Velodrome Hacks This week, a KyberSwap hacker demanded total control, the U.S. Treasury called for additional tools to sanction crypto baddies, the Aerodrome and Velodrome DeFi platforms' front ends were hacked, a sca…DATABREACHTODAY.CO.UK
30 NovThanksgiving Hack on North Carolina City Caused Leak of Employee DataThe attack on Hendersonville is the latest incident affecting a North Carolina government institution since the state became the first in the nation to ban payments to ransomware gangs.THERECORD.MEDIA
30 NovCapital Health Hospitals hit by cyberattack causing IT outagesCapital Health hospitals and physician offices across New Jersey are experiencing IT outages after a cyberattack hit the non-profit organization's network earlier this week. [...]BLEEPINGCOMPUTER.COM
30 NovOkta hackers stole data on all customer support users in major breachsubmitted by moormaan to cybersecurity 3 points | 0 comments https://www.cnbc.com/2023/11/29/okta-hackers-stole-data-on-all-customer-support-users-company-says.html Hackers who compromised Okta’s customer support system stole data from all of the cybersecurity firm’s customer sup…CNBC.COM
30 NovUpdate: Staples Confirms Cyberattack Behind Service Outages, Delivery IssuesAdditionally, there are unconfirmed reports that Staples employees have been instructed to avoid logging into Microsoft 365 using single sign-on (SSO) and that call center employees have been sent home for two consecutive days.BLEEPINGCOMPUTER.COM
30 NovCapital Health in NJ Is Responding to a Cyberattack2 Hospitals, Medical Groups Still Caring for Patients But Some Services Unavailable New Jersey-based hospital group Capital Health is dealing with a network outage, caused by a cyberattack earlier this week, which is affecting some patient services. Capital Health is at least the…DATABREACHTODAY.CO.UK
30 NovNY AG Warns of ID Theft Risk in Medical Transcription HackCrouse Health Reveals It's Among PJ&A Clients Hit by Incident Affecting Millions New York regulators are warning millions of individuals of identity theft risks involving a data theft at a medical transcriber that has now affected patients of at least two major healthcare gro…DATABREACHTODAY.CO.UK
30 NovAI and Ransomware dominate the news cycles - ESW #341Nine out of the ten funding articles mention AI - they're either using it in their products, or protecting AI use cases (particularly GenAI and LLM use). We discuss Broadcom's closing of the VMware acquisition, how they operate similarly to private equity firms, and how it's most…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 24[−]
30 NovDICOM Protocol Vulnerabilities and Attack Surfacesubmitted by L4s to secops 1 points | 0 comments https://claroty.com/team82/research/dicom-demystified-exploring-the-underbelly-of-medical-imaging DICOM Protocol Vulnerabilities and Attack Surface::undefinedCLAROTY.COM
30 NovISC Stormcast For Thursday, November 30th, 2023 https://isc.sans.edu/podcastdetail/8758, (Thu, Nov 30th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
30 NovU.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean HackersThe U.S. Treasury Department on Wednesday imposed sanctions against Sinbad, a virtual currency mixer that has been put to use by the North Korea-linked Lazarus Group to launder ill-gotten proceeds. "Sinbad has processed millions of dollars' worth of virtual currency from Lazarus …THEHACKERNEWS.COM
30 NovMost Popular Websites Still Allow Users To Have Weak PasswordsThe latest analysis shows that tens of millions of people are creating weak passwords on three of the four most popular websites in the world, which do not fulfill the minimum required standards. Researchers also found that 12% of websites had no limitations at all for the length…GBHACKERS.COM
30 NovHundreds of Malicious Android Apps Target Iranian Mobile Banking UsersZimperium has identified over 200 information-stealing Android applications targeting mobile banking users in Iran. The post Hundreds of Malicious Android Apps Target Iranian Mobile Banking Users appeared first on SecurityWeek .SECURITYWEEK.COM
30 NovNorth Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency HacksThreat actors from the Democratic People's Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country. "Even though movement in and out of and within…THEHACKERNEWS.COM
30 NovUS-Seized Crypto Currency Mixer Used by North Korean Lazarus HackersThe U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed that the North Korean hacker group Lazarus was using it to launder funds that had been stolen. Millions of dollars worth of virtual currency from Lazarus Group thefts, such as the …GBHACKERS.COM
30 NovUS Sanctions Cryptocurrency Mixer Sinbad for Aiding North Korean HackersUS Treasury sanctions Sinbad, saying the cryptocurrency mixer is laundering funds for North Korean hacking group Lazarus. The post US Sanctions Cryptocurrency Mixer Sinbad for Aiding North Korean Hackers appeared first on SecurityWeek .SECURITYWEEK.COM
30 NovPalo Alto Networks Unveils New Rugged Firewall for Industrial EnvironmentsPalo Alto Networks has launched a new rugged firewall for industrial environments and announced several OT security improvements. The post Palo Alto Networks Unveils New Rugged Firewall for Industrial Environments appeared first on SecurityWeek .SECURITYWEEK.COM
30 NovYour KnowBe4 Fresh Content Updates from November 2023Check out the 49 new pieces of training content added in November, alongside the always fresh content update highlights, events and new features.KNOWBE4.COM
30 NovMeta Takes Action Against Multiple Foreign Influence CampaignsMeta removed three foreign influence operations from the Facebook platform during Q3, 2023. Two were Chinese in origin, and one was Russian, the company says. The post Meta Takes Action Against Multiple Foreign Influence Campaigns appeared first on SecurityWeek .SECURITYWEEK.COM
30 NovAnnouncing Our 2023 Partner Award WinnersOur Palo Alto Networks 2023 Partner Award Winners spotlight on those who went above and beyond, achieving excellence in various aspects of our partnership. The post Announcing Our 2023 Partner Award Winners appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
30 NovThe Israel-Palestine Conflict is the Latest Example of Phishing Attacks Taking Advantage of Current EventsUsing something as simple as an attachment with an Israel/Palestine-related filename seems to be all it takes for new social engineering attacks disguised as donation confirmations.KNOWBE4.COM
30 NovCriminals Are Cautious About Adopting Malicious Generative AI ToolsResearchers at Sophos have found that the criminal market for malicious generative AI tools is still disorganized and contentious.KNOWBE4.COM
30 NovMajor Security Flaws in Zyxel Firewalls, Access Points, NAS DevicesZyxel patches at least 15 security flaws that expose users to authentication bypass, command injection and denial-of-service attacks. The post Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices appeared first on SecurityWeek .SECURITYWEEK.COM
30 NovThe Future is Quantum: How Emerging Tech will Secure Our Digital Destiny — Ultra Unlimitedsubmitted by Ultra_Unlimited to cybersecurity 1 points | 0 comments https://www.ultra-unlimited.com/blog/the-future-is-quantumULTRA-UNLIMITED.COM
30 NovNon-profits need security too | Cybercrime is Booming | News - ESW341This week, we kick things off with an interview with Kelley Misata, Chief Trailblazer at Sightline Security, about Non-profits need security too. Then, we discuss Cybercrime is booming: understanding why and what we can do about it with Keith Jarvis, Senior Security Researcher at…YOUTUBE.COM
30 NovNon-profits Need Security Too & Cyber Crime is Booming – Kelly Misata & Keith Jarvis – ESW #341Join us live at 3pm ET as we speak to Kelly Misata - Non-profits need security too. While non-profit doesn't mean "no budget" when it comes to #cybersecurity, a lot of smaller to mid-sized non-profits operate on a shoestring, with little to no money for cybersecurity talent or sp…YOUTUBE.COM
30 NovAssociated Press, ESPN, CBS among top sites serving fake virus alertsThreat actors dabbles in obfuscation and evasion techniques. However, as previously detailed by Confiant, they are using much more advanced tricks. Their JavaScript uses obfuscation with changing variable names, making identification harder.MALWAREBYTES.COM
30 NovNot all cybercriminals are evil geniusesI thought some of you might enjoy this. Here’s a video of a recent after-dinner talk I gave, exploring (in a hopefully fun way!) whether cybercriminals are quite as smart as we sometimes think they are. Are malicious hackers geniuses? Are they all evil? Be sure to subscribe…GRAHAMCLULEY.COM
30 NovUS govt sanctions North Korea’s Kimsuky hacking groupThe Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. [...]BLEEPINGCOMPUTER.COM
30 NovNon-profits need security too - Kelley Misata - ESW #341While non-profit doesn't mean "no budget" when it comes to cybersecurity, a lot of smaller to mid-sized non-profits operate on a shoestring, with little to no money for cybersecurity talent or spending. This is where Sightline Security steps in. Sightline's founder and CEO, Kelle…YOUTUBE.COM
30 NovUS Sanctions North Korean Cyber Unit After Satellite LaunchKimsuky Cyberespionage Unit Hit With Sanctions From US and Foreign Partners The United States on Thursday sanctioned North Korean cyberespionage threat actor Kimsuky, known for its social engineering campaigns against targets it suspects of holding intelligence on geopolitical ev…DATABREACHTODAY.CO.UK
30 NovThe Israel-Hamas Conflict is the Latest Example of Phishing Attacks Taking Advantage of Current EventsUsing something as simple as an attachment with an Israel/Hamas-related filename seems to be all it takes for new social engineering attacks disguised as donation confirmations.KNOWBE4.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
30 NovCyber security engagement hampered by information overloadAlert fatigue and digital deluge are affecting employees’ ability to spot cyber threatsCSHUB.COM
30 NovFjordPhantom Android malware uses virtualization to evade detectionA new Android malware named FjordPhantom has been discovered using virtualization to run malicious code in a container and evade detection. [...]BLEEPINGCOMPUTER.COM
30 NovHackers Using Weaponized Invoice To Deliver LUMMA MalwareCybersecurity analysts identified that the attacker, posing as a financial services company in this campaign, tricks the target with a fake invoice email. The attacker dodges detection using a fake page and a real link.PERCEPTION-POINT.IO
🎙️ PODCASTS 1[−]
30 NovSmashing Security podcast #350: Think before you shrink! And our guest is fakedDon’t minimise your Teams Meeting video call too hastily, you might reveal your dirty secrets! Would you be prepared to pay for Facebook and Instagram? And who is being faked to promote cryptocurrency scams? All this and much more is discussed in the latest edition of the “Smashi…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 15[−]
30 NovOnDemand | Guardians of Cybersecurity: Guide to Fortifying Defenses, Navigating Cyber Insurance and AIDATABREACHTODAY.CO.UK
30 NovGoogle pledges $10 million to train cyber security students across EuropeNew European Cybersecurity Seminars program will advance cyber security skills development and trainingCSHUB.COM
30 Nov7 Uses for Generative AI to Enhance Security OperationsWelcome to a world where Generative AI revolutionizes the field of cybersecurity. Generative AI refers to the use of artificial intelligence (AI) techniques to generate or create new data, such as images, text, or sounds. It has gained significant attention in recent years due to…THEHACKERNEWS.COM
30 NovThis Free Solution Provides Essential Third-Party Risk Management for SaaSWing Security recently announced that basic third-party risk assessment is now available as a free product. But it raises the questions of how SaaS is connected to third-party risk management (TPRM) and what companies should do to ensure a proper SaaS-TPRM process is in place. In…THEHACKERNEWS.COM
30 NovGoogle Unveils RETVec - Gmail's New Defense Against Spam and Malicious EmailsGoogle has revealed a new multilingual text vectorizer called RETVec (short for Resilient and Efficient Text Vectorizer) to help detect potentially harmful content such as spam and malicious emails in Gmail. "RETVec is trained to be resilient against character-level manipulations…THEHACKERNEWS.COM
30 NovZyxel warns of multiple critical vulnerabilities in NAS devicesZyxel has addressed multiple security issues, including three critical ones that could allow an unauthenticated attacker to execute operating system commands on vulnerable network-attached storage (NAS) devices. [...]BLEEPINGCOMPUTER.COM
30 NovGood Governance: 'It's All Hygiene'In the constant struggle to manage the other five pillars - identify, protect, detect, respond and recover - security leaders often do not have governance at top of mind, said Netography CEO Martin Roesch, but he added, "Good governance is the root of having good security."DATABREACHTODAY.CO.UK
30 NovSecurity flaws in court record systems used in five US states exposed sensitive legal documentsWitness lists and testimony, mental health evaluations, detailed allegations of abuse, and corporate trade secrets. These are some of the sensitive legal court filings that security researcher Jason Parker said they found exposed to the open internet for anyone to access, and fro…TECHCRUNCH.COM
30 NovWhat security issues does WordPress have? | Kaspersky official blogThe security issues faced by the world's most popular CMS, and how to protect your WordPress-based site or online store from hackers.KASPERSKY.COM
30 NovBooking.com Customers Scammed in Novel Social Engineering CampaignThe scam is proving so fruitful that sales of Booking.com portal credentials are commanding sale prices of up to $2000 in two cybercrime forums, according to the researchers.INFOSECURITY-MAGAZINE.COM
30 NovGet 20% off Emsisoft's Enterprise Security EDR solution for the holidaysEmsisoft is having a holiday deal where you can get 20% off 1-year licenses of the Emsisoft Enterprise Security EDR solution through December 17th, 2023, with no license limits. [...]BLEEPINGCOMPUTER.COM
30 NovWhatsApp's new Secret Code feature hides your locked chatsWhatsApp has introduced a new Secret Code feature that allows users to hide their locked chats by setting a custom password. [...]BLEEPINGCOMPUTER.COM
30 NovExecutives behaving badly: 5 ways to manage the executive cyberthreatFailing to practice what you preach, especially when you are a juicy target for bad actors, creates a situation fraught with considerable riskWELIVESECURITY.COM