🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
9 DecISMG Editors: Ugly Health Data Breach Trends in 2023Also: Top Threat Actors Are Targeting Hospitals; Remembering Steve Katz In the latest weekly update, editors at ISMG discuss the rampant rise in healthcare sector attacks and breaches in 2023, the most common vulnerabilities and targets, and remember the life of the Steve Katz, t…DATABREACHTODAY.CO.UK
9 DecCVE-2023-45866: Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOSsubmitted by L4s to secops 13 points | 2 comments https://github.com/skysafe/reblog/tree/main/cve-2023-45866 CVE-2023-45866: Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS::undefinedGITHUB.COM
⚠️ VULNERABILITY DISCLOSURE 7[−]
9 DecCyber threats to electionsResources to learn more about cyber threats to elections and mitigate their impactsCYBER.GC.CA
9 DecResearchers Automated Jailbreaking of LLMs With Other LLMsResearchers have developed an automated machine learning technique, called TAP, that can quickly exploit vulnerabilities in large language models (LLMs) and make them produce harmful and toxic responses.HELPNETSECURITY.COM
9 DecHackers Hit Erris Water in Stance Over IsraelCybercriminals targeted a private group water scheme in the Erris area, causing disruption to 180 homeowners and highlighting the vulnerability of critical infrastructure to politically motivated cyber-attacks.WESTERNPEOPLE.IE
9 DecSLAM Attack: New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUsResearchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The attack is an end-to-end exploit for…THEHACKERNEWS.COM
9 DecResearchers Unveal GuLoader Malware's Latest Anti-Analysis TechniquesThreat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. "While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscatio…THEHACKERNEWS.COM
9 DecMaximizing Your Purchasing Power: A Source For Validated KnowBe4 ReviewsOne of the key strategies to maximize your purchasing power is to research products and compare total cost of ownership. Take the time to do research and gather data about the platforms you are interested in.KNOWBE4.COM
9 DecWordPress POP Chain Flaw Exposes Over 800M+ Websites to AttackA critical remote code execution vulnerability has been patched as part of the WordPress 6.4.2 version. This vulnerability exists in the POP chain introduced in version 6.4, which can be combined with a separate Object Injection, resulting in the execution of arbitrary PHP code o…GBHACKERS.COM
📢 SECURITY ADVISORIES 11[−]
9 DecEurope Reaches Deal on AI Act, Marking a Regulatory FirstEuropean Union Will Enact Comprehensive Regulations on AI EU officials announced a compromise over a regulation on artificial intelligence in the works since 2021, making the trading bloc first in the world to comprehensively regulate the nascent technology. Europe understands "t…DATABREACHTODAY.CO.UK
9 DecSupporting CISA - The 'Focal Point of Our Defensive Efforts'On Nov. 8, Tenable Chairman and CEO Amit Yoran wrote a letter to Congress in support of CISA. In this episode of "Cybersecurity Insights," Yoran calls the agency the "primary focal point of our defensive efforts" and discusses why the country needs to stay unified on defeating cy…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 6[−]
9 DecFBI to Evaluate Bids to Delay Reporting Cybersecurity EventsSEC Says Large Companies Must Report Material Incidents to Investors as of Dec. 18 The FBI outlined procedures for publicly traded companies to invoke a delay in reporting material cybersecurity incidents to investors as required under a U.S. SEC rule. Regulators allow companies …DATABREACHTODAY.CO.UK
9 DecCentral Virginia Transit System Affected by Cyber IncidentThe Greater Richmond Transit Company (GRTC) experienced a cyberattack over the Thanksgiving holiday, resulting in a temporary disruption to their computer network. The Play ransomware gang has claimed responsibility for the attack.THERECORD.MEDIA
9 DecRussian Star Blizzard New Evasion Techniques to Hijack Email AccountsHackers target email accounts because they contain valuable personal and financial information. Successful email breaches enable threat actors to:- Cybersecurity researchers at Microsoft Threat Intelligence team recently unveiled that the Russian state-sponsored actor, Star Blizz…GBHACKERS.COM
9 DecKaneva - 3,901,179 breached accountsIn July 2016, now defunct website Kaneva, the service to "build and explore virtual worlds", suffered a data breach that exposed 3.9M user records. The data included email addresses, usernames, dates of birth and salted MD5 password hashes.HAVEIBEENPWNED.COM
9 DecGemplex - 4,563,166 breached accountsIn February 2021, the Indian streaming platform Gemplex suffered a data breach that exposed 4.6M user accounts. The impacted data included device information, names, phone numbers, email addresses and bcrypt password hashes.HAVEIBEENPWNED.COM
9 DecEurope Reaches a Deal on the World’s First Comprehensive AI RulesResearchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons. The post Europe Reaches a Deal on the World’s First Comprehensive AI Rules appeared first on SecurityWeek .SECURITYWEEK.COM
🕵️ THREAT INTELLIGENCE 2[−]
9 DecISMG Editors: Call for Cooperation at Black Hat Europe 2023Highlights From the Conference on Improving Public-Private Sector Collaboration In this special edition at Black Hat Europe 2023 in London, three ISMG editors cover the highlights of the conference, including a resounding call for better collaboration between government agencies …DATABREACHTODAY.CO.UK
9 DecOnDemand | Threat Actor Mapping: Finding the Achilles Heel in Sophisticated AttackersDATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 2[−]
9 DecCyber Threats to Canada’s Democratic Process: 2023 updateReport on global cyber threats to elections and their implications for Canada.CYBER.GC.CA
🎙️ PODCASTS 1[−]
9 DecIsrael-Hamas War: 'We All Know Someone That Lost Someone'After the latest Israel-Hamas war began, Kollender found herself trying to return to her homeland, but "no airline was flying to or from Israel," she said. In this episode of CyberEd.io's podcast series "Cybersecurity Insights," she discussed her personal views about the Israel-H…DATABREACHTODAY.CO.UK
📡 INFOSEC NEWS 13[−]
9 DecHow a CEO Runs a Company in WartimeYossi Appleboum, CEO of Sepio Systems in Israel, discusses the international support for Israel in the Israel-Hamas war and what his employees are doing to support the war effort, how the war is affecting Sepio Systems' performance and how generative AI can be "not a tool but a m…DATABREACHTODAY.CO.UK
9 DecAutoSpill attack steals credentials from Android password managersSecurity researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. [...]BLEEPINGCOMPUTER.COM
9 DecBypassing Major EDRs Using Pool Party Process Injection TechniquesThe technique utilizes Windows thread pools and includes a chain of three primitives for memory allocation, writing malicious code, and executing it, making it more flexible than existing process injection techniques.SECURITYAFFAIRS.COM
9 DecNew 5G Modem Flaws Affect iOS Devices and Android Models from Major BrandsThe set of vulnerabilities, collectively known as 5Ghoul, impacts USB and IoT modems as well as smartphones running Android and iOS, affecting 714 smartphones from 24 brands.THEHACKERNEWS.COM
9 DecAndroid Barcode Scanner App Exposes User PasswordsThe Android app Barcode to Sheet, with over 100k downloads, has left sensitive user data exposed due to an open instance, including plaintext enterprise data and weakly hashed passwords.SECURITYAFFAIRS.COM