🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
19 Dec8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread MalwareThe threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a remote code execution bug that could be exp…THEHACKERNEWS.COM
19 DecResearchers Disclose Zero-Click Exploit for Microsoft OutlookThe vulnerabilities, CVE-2023-35384 and CVE-2023-36710, allow an attacker to bypass security measures and execute code on a victim's machine by tricking Outlook into downloading a specially crafted sound file.TECHTARGET.COM
19 DecHackers Actively Exploiting ActiveMQ Vulnerability to Install MalwareAttackers have been exploiting the Apache ActiveMQ Vulnerability (CVE-2023-46604) to steal data and install malware constantly. Using the Apache ActiveMQ remote code execution vulnerability, the Andariel threat group was found to be installing malware last month. Their prima…GBHACKERS.COM
19 Dec36 million people affected by data breach at Xfinitysubmitted by c0mmando to netsec 2 points | 0 comments https://therecord.media/millions-affected-by-xfinity-data-breach Cable TV and internet service provider Xfinity says a breach linked to a widespread vulnerability in Citrix technology exposed data of about nearly 36 million pe…THERECORD.MEDIA
19 DecHackers steal data from millions of Xfinity customers via Citrix Bleed vulnerabilityComcast’s residential cable unit, Xfinity, has been hit by a cybersecurity breach in which hackers exploiting a critical vulnerability dubbed Citrix Bleed accessed the confidential information of nearly 36 million customers. The vulnerability is embedded in certain Citrix network…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 31[−]
19 DecHow cybersecurity roles are changing and what to look for when hiringOrganizations globally are grappling with the impact of constant technological changes and the need to keep up with the ongoing evolution of cybersecurity capabilities. This is directly impacting individuals already working in the industry, as well as the skills that companies se…CSOONLINE.COM
19 Decxorbot: A Stealthy Botnet Family That Defies DetectionXorbot utilizes encryption and decryption algorithms, borrowed from the Mirai source code, to encrypt communication with its command and control server and store sensitive information.NSFOCUSGLOBAL.COM
19 DecUS Regulators Warn of AI Risk to Financial SystemsThe Financial Stability Oversight Council has classified artificial intelligence as an "emerging vulnerability" in the financial system, acknowledging both its potential for innovation and the risks it poses.BANKINFOSECURITY.COM
19 DecPro-Israel hacktivist group brings down 70% of gas stations in IranIsrael-aligned hacktivist group, group Gonjeshke Darande -- also known as Predatory Sparrow -- has claimed responsibility for a cyberattack against Iran's gas stations, which has disrupted 70% of them, according to reports . The attack disrupted Iran’s fuel distribution system, d…CSOONLINE.COM
19 DecInsights from the CISA Healthcare and Public Health Sector Risk and Vulnerability AssessmentThe external assessment did not identify any significant vulnerabilities that would allow easy access to the organization's network, but the internal assessment revealed multiple weaknesses that led to domain compromise.CISA.GOV
19 DecMicrosoft Windows 10 security support extension no excuse to put off patching, asset reviewMicrosoft has acknowledged that more time is needed for users to migrate to Windows 11, officially announcing that when Windows 10 support comes to an end in October 2025 there will be a means to allow consumers and businesses to purchase extended Windows support patches. The com…CSOONLINE.COM
19 DecNew SMTP Smuggling Attack Lets Hackers Send Spoofed EmailsSMTP (Simple Mail Transfer Protocol) smuggling is a technique where attackers exploit the inconsistencies in how proxy servers or firewalls analyze and handle the SMTP traffic. Threat actors can smuggle malicious payloads or evade detection by exploiting these inconsistenci…GBHACKERS.COM
19 DecXfinity Customer Data Compromised in Attack Exploiting CitrixBleed VulnerabilityComcast’s Xfinity says customer data, including credentials, were compromised in an attack exploiting the CitrixBleed vulnerability The post Xfinity Customer Data Compromised in Attack Exploiting CitrixBleed Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecComcast says hackers stole data of close to 36 million Xfinity customersComcast has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 million Xfinity customers. This vulnerability, known as “CitrixBleed,” is found in Citrix networking devices often used by big corporations and ha…TECHCRUNCH.COM
19 DecUS Agencies Release Security Guidance on Managing SBOMs and Open Source SoftwareThe report provides guidance on open source software adoption, including criteria for selection, risk assessment, licensing, export control, maintenance, vulnerability response, and secure software delivery.MERITALK.COM
19 DecAuthorities claim seizure of notorious ALPHV ransomware gang’s dark web leak siteAn international group of law enforcement agencies have seized the dark web leak site of the notorious ransomware gang known as ALPHV, or BlackCat. “The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against ALPHV Blac…TECHCRUNCH.COM
19 DecNovel SMTP Smuggling Technique Slips Past DMARC, Email ProtectionsAttackers can exploit SMTP smuggling to send spoofed emails with fake sender addresses, bypassing email security checks and putting organizations and individuals at risk for targeted phishing attacks.DARKREADING.COM
19 DecCyberheistNews Vol 13 #51 Phishing Is Still the No. 1 Attack Vector, With Huge 144% Malicious URL SpikeKNOWBE4.COM
19 Dec KEVXfinity Discloses Massive Data Breach Affecting Over 35 Million PeopleThe breach occurred after attackers exploited a critical vulnerability, known as Citrix Bleed, that had been actively exploited as a zero-day since August 2023. The company has asked users to reset their passwords.BLEEPINGCOMPUTER.COM
19 DecXfinity Customer Data Compromised In Attack Exploiting CitrixBleed VulnerabilityPACKETSTORMSECURITY.COM
19 DecThe lion’s share of CIOs cyber budgets must go to cloud security platformsCIO's cybersecurity budget allocations are too spread out across a myriad of single solutions. Vendors convince CIOs they need the latest product to halt new attacks when in actuality the addition of yet another disparate cybersecurity tool leads to blind spots. Cyber budgets get…CSOONLINE.COM
19 DecFBI Takes Down BlackCat Ransomware, Releases Free Decryption ToolThe U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that victims can use to regain access to files locked by the malware. Court documents show that the U.S. Federal Bureau of Inves…THEHACKERNEWS.COM
19 DecCISA Releases Seven Industrial Control Systems AdvisoriesCISA released seven Industrial Control Systems (ICS) advisories on December 19, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-353-01 Subnet Solutions Inc. PowerSYSTEM Center ICSA-23-353-02 E…CISA.GOV
19 DecFBI warrant reveals ‘confidential source’ helped AlphV/Blackcat ransomware takedownsubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/fbi-warrant-reveals-confidential-source-helped-alphv-ransomware-takedown An FBI search warrant unsealed PDF Tuesday in the Southern District of Florida revealed that the FBI had help from a “confidentia…THERECORD.MEDIA
19 DecHacktivists say they shut down Iran's gasoline pumpssubmitted by c0mmando to netsec 1 points | 1 comments https://www.theregister.com/2023/12/18/hacktivists_shut_down_irans_petrol/ Hacktivists reportedly disrupted services at about 70 percent of Iran’s gas stations in a politically motivated cyberattack. Iran’s oil minister Javad …THEREGISTER.COM
19 DecMicrosoft Discovers Critical RCE Flaw in Perforce Helix Core ServerFour vulnerabilities, including a critical one, have been discovered in the widely used Perforce Helix Core Server, posing a significant risk to organizations in the gaming, government, military, and technology sectors.BLEEPINGCOMPUTER.COM
19 DecMaking Service Meshes Work for People - Idit Levine - ASW #267Service meshes create the opportunity to make security a team sport. They can improve observability and service identity. Turning monoliths into micro services sounds appealing, but maybe not every monolith needs to be broken up. We'll also talk about the maturity and design choi…YOUTUBE.COM
19 DecMr Cooper now says 15M people's data exposed in cyberattacksubmitted by c0mmando to netsec 1 points | 1 comments https://www.theregister.com/2023/12/18/mr_cooper_breach_disclosure/ Mortgage lender Mr Cooper has now admitted almost 14.7 million people’s private information, including addresses and bank account numbers, were stolen in an e…THEREGISTER.COM
19 DecQakbot returns: FBI-led takedown lasts just 3 monthssubmitted by c0mmando to netsec 1 points | 1 comments https://www.theregister.com/2023/12/19/qakbot_returns/ Multiple sources are confirming the resurgence of Qakbot malware mere months after the FBI and other law enforcement agencies shuttered the Windows botnet. Microsoft Threa…THEREGISTER.COM
19 DecLedger JS library poisoned to steal $650K+ from walletssubmitted by c0mmando to netsec 1 points | 1 comments https://www.theregister.com/2023/12/16/ledger_crypto_conect_kit/ Cryptocurrency wallet maker Ledger says someone slipped malicious code into one of its JavaScript libraries to steal more than half a million dollars from victim…THEREGISTER.COM
19 DecHow the FBI seized BlackCat (ALPHV) ransomware’s serversAn unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. [...]BLEEPINGCOMPUTER.COM
19 Dec#StopRansomware: ALPHV BlackcatSUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically …CISA.GOV
19 DecInterpol operation arrests 3,500 cybercriminals, seizes $300 millionAn international law enforcement operation codenamed 'Operation HAECHI IV' has led to the arrest of 3,500 suspects of various lower-tier cybercrimes and seized $300 million in illicit proceeds. [...]BLEEPINGCOMPUTER.COM
19 DecOutlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCEAkamai researchers document more vulnerabilities and patch bypasses leading to zero-click remote code execution in Microsoft Outlook. The post Outlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCE appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecBlackCat Ransomware Raises Ante After FBI DisruptionThe U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released a decryption tool that h…KREBSONSECURITY.COM
19 Dec KEVReport Says CISA is Failing to Identify High-Risk ExploitsCISA Failed to Include High-Risk Vulnerabilities in Known Exploit List, Report Says The Cybersecurity and Infrastructure Security Agency maintains an exhaustive list that the U.S. cyber agency describes as "the authoritative source of vulnerabilities that have been exploited in t…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 17[−]
19 DecDouble-Extortion Play Ransomware Strikes 300 Organizations WorldwideThe threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. "Play ransomware actors employ a double-extortion model, encrypting systems after…THEHACKERNEWS.COM
19 DecCISA Urges Manufacturers to Eliminate Default Passwords to Thwart Cyber ThreatsManufacturers are advised to follow Secure by Design principles, provide unique setup passwords or disable them after a preset time period, and implement phishing-resistant multi-factor authentication methods to mitigate these risks.THEHACKERNEWS.COM
19 DecTech Device Manufacturers Urged by CISA to Remove Default PasswordsRecently, the Cybersecurity and Infrastructure Security Agency (CISA) has requested technology device manufacturers to take measures to eliminate default passwords due to the threats posed by IRGC actors. This step has been taken to ensure the security of tech devices and prevent…GBHACKERS.COM
19 DecRansomware Attack on Westpole Disrupted Digital Services for Italian Public AdministrationOne of Westpole's customers, PA Digitale, which serves 1300 public administrations including 540 municipalities, was targeted. The incident has led to manual operations for some services and may affect salary payments.SECURITYAFFAIRS.COM
19 DecFBI, CISA, and ACSC Release Joint Advisory on Play RansomwareThe Play ransomware group has been targeting businesses and critical infrastructure in North America, South America, and Europe since June 2022. They use a double-extortion model, encrypting systems after exfiltrating data.CISA.GOV
19 DecCyber Risk Management Starts with Risk Quantification - Padraic O'Reilly - BSW #332Cyber has been an historically hermetic practice. A dark art. Full of mysteries and presided over by magicians both good and bad. This is a bit of an exaggeration, yet there is some truth to it. Many in our industry knew that the SEC was evaluating the role that cyber risk manage…YOUTUBE.COM
19 DecCISA and FBI Release Advisory on ALPHV Blackcat AffiliatesToday, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), #StopRansomware: ALPHV Blackcat , to disseminate known ALPHV Blackcat affiliates’ tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified thr…CISA.GOV
🔥 INCIDENT REPORTING 22[−]
19 DecUpdate: October Cyberattack Leaked Data of 14.7 Million People, Mortgage Giant Mr. Cooper SaysThe accessed data included sensitive details such as names, addresses, phone numbers, Social Security numbers, and bank account numbers of individuals associated with mortgage loans serviced by Mr. Cooper.THERECORD.MEDIA
19 DecAlleged LockBit Operator to Face New Cybercrime Charges in CanadaA Canadian-Russian man, Mikhail Vasiliev, who is facing extradition to the United States for his alleged involvement in the LockBit ransomware group, is now facing new cybercrime charges in Ontario.THERECORD.MEDIA
19 DecWhat the SEC Weighed in Finalizing the Cyber Disclosure RulesThe SEC does not aim to manage security but wants better disclosures. The final rule requires the disclosure of material cybersecurity incidents, but does not require specific technical details to avoid providing a roadmap for future attacks.CYBERSECURITYDIVE.COM
19 DecApparel Giant VF Corporation Reports Cyberattack on First Day of SEC Disclosure RuleVF Corporation, one of the largest apparel companies in the world, reported a cyberattack to the U.S. Securities and Exchange Commission (SEC) on the first day of a new cyber incident reporting rule.THERECORD.MEDIA
19 DecMr. Cooper Data Breach Impacts 14.7 Million IndividualsMr. Cooper has confirmed that personal and bank account information was compromised in a recent cyberattack. The post Mr. Cooper Data Breach Impacts 14.7 Million Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecGovernments Issue Warning After Play Ransomware Hits Hundreds of OrganizationsUS and Australian government agencies warn organizations of the Play ransomware group’s double-extortion tactics. The post Governments Issue Warning After Play Ransomware Hits Hundreds of Organizations appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecIran Hit by Major Cyberattack Targeting Nation's Fuel SupplyGas stations in Iran experienced widespread disruptions due to a cyberattack claimed by the group Predatory Sparrow, which has previously targeted Iranian critical infrastructure.BANKINFOSECURITY.COM
19 Dec2022 Election Not Impacted by Chinese, Russian Cyber Activity: DOJ, DHSHackers, including from Russia and China, launched cyberattacks and collected information, but it did not impact the integrity and security of the 2022 US election. The post 2022 Election Not Impacted by Chinese, Russian Cyber Activity: DOJ, DHS appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecHackers Abusing GitHub to Evade Detection and Control Compromised HostsThreat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. "Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDr…THEHACKERNEWS.COM
19 DecAnti-ransomware startup Halcyon lands fresh $40M tranche2023 proved to be a be a challenging year on the ransomware front after a brief lull in 2022. According to data from cryptocurrency tracing firm Chainalysis, victims had paid ransomware groups well over $400 million combined as of July 2023. Statista, meanwhile, reports that a wh…TECHCRUNCH.COM
19 DecWeb injections are back on the rise: 40+ banks affected by new malware campaignWeb injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive i…SECURITYINTELLIGENCE.COM
19 DecFBI disrupts Blackcat ransomware operation, creates decryption toolThe Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. [...]BLEEPINGCOMPUTER.COM
19 DecHalcyon Raises $40 Million for Anti-Ransomware PlatformHalcyon has raised $40 million in an oversubscribed Series B funding round for its anti-ransomware and cyber resilience platform. The post Halcyon Raises $40 Million for Anti-Ransomware Platform appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecBehind the Scenes of Matveev's Ransomware Empire: Tactics and TeamCybersecurity researchers have shed light on the inner workings of the ransomware operation led by Mikhail Pavlovich Matveev, a Russian national who was indicted by the U.S. government earlier this year for his alleged role in launching thousands of attacks across the w…THEHACKERNEWS.COM
19 DecHoliday Scams Include Thousands of Impersonation Phishing Domains per BrandMidstride in this year’s holiday shopping, it’s important to realize just how many websites exist that impersonate legitimate online retailers. More importantly, your users need to know how to spot these types of attacks before falling victim.KNOWBE4.COM
19 DecFBI Seizes BlackCat Infrastructure; Group Has New DomainUS authorities seized dark web infrastructure of the BlackCat ransomware-as-a-service group although the Russian-speaking threat actor said it reestablished operations. The data leak site of the ransomware group, also known as Alphv, as well as its Tox instant messaging account, …DATABREACHTODAY.CO.UK
19 DecUS Gov Disrupts BlackCat Ransomware Operation; FBI Releases Decryption ToolThe US government announced the disruption of the notorious BlackCat ransomware-as-a-service operation and released a decryption tool to help organizations recover hijacked data. The post US Gov Disrupts BlackCat Ransomware Operation; FBI Releases Decryption Tool appeared first o…SECURITYWEEK.COM
19 DecFBI: ALPHV ransomware raked in $300 million from over 1,000 victimsThe ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation (FBI). [...]BLEEPINGCOMPUTER.COM
19 DecIowa Medical Center Latest Victim of Transcription Firm HackLawsuits Keep Stacking Up Against Perry Johnson and Associates An Iowa medical center is among the latest healthcare entities reporting to federal regulators a breach tied to a data theft hack on medical transcription vendor Perry Johnson and Associates earlier this year. Meanwhi…DATABREACHTODAY.CO.UK
19 DecBlackCat Ransomware 'Unseizing' a Dark Web StuntRansomware Group Declares Nothing Off Limits Outside of CIS Countries The BlackCat ransomware as service operation's putative "unseizing" of its leak site from the FBI is a stunt made possible by way the dark web handles address resolution, security researchers said Monday. The s…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 22[−]
19 DecISC Stormcast For Tuesday, December 19th, 2023 https://isc.sans.edu/podcastdetail/8784, (Tue, Dec 19th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
19 DecQakBot Malware Emerges with New Tactics, Attacking Hospitality IndustryQakBot (aka Qbot) primarily targets financial institutions since it is a sophisticated banking trojan and malware. This malware can facilitate more malicious acts, such as the following, by infecting Windows systems and stealing confidential data, such as banking credentials:- Be…GBHACKERS.COM
19 DecNew Malvertising Campaign Distributing PikaBot Disguised as Popular SoftwareThe malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the …THEHACKERNEWS.COM
19 DecOpenAI Is Not Training on Your Dropbox Documents—TodayThere’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Here’s CNBC . Here’s Boing Boing . Some articles are more nuanced , but there’s still a lot of confusion . It seems not to be true. Dropbox isn&…SCHNEIER.COM
19 DecIranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across AfricaThe Iranian nation-state actor known as MuddyWater has leveraged a newly discovered command-and-control (C2) framework called MuddyC2Go in its attacks on the telecommunications sector in Egypt, Sudan, and Tanzania. The Symantec Threat Hunter Team, part of Broadcom, is&n…THEHACKERNEWS.COM
19 DecEvery “Thing” Everywhere All at OnceEvery asset in an organization’s inventory that is not accounted for and protected is a potential attack vector that an attacker can use to gain access or move undetected. The post Every “Thing” Everywhere All at Once appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecHow Microsoft might have lured unsuspecting end-users into the hands of criminalssubmitted by L4s to secops 1 points | 0 comments https://www.eye.security/blog/how-microsoft-might-have-lured-unsuspecting-end-users-into-the-hands-of-criminals How Microsoft might have lured unsuspecting end-users into the hands of criminals::We found a serious error in Microsof…EYE.SECURITY
19 DecThe Rise in Attacks Requires Specialized Expertise – Breakaway 1=5Integrating AI allows partners to stay ahead of evolving risks and provide more robust security solutions. We help our partners develop these skills. The post The Rise in Attacks Requires Specialized Expertise – Breakaway 1=5 appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
19 DecSidewinder Hacker Group Using Weaponized Documents to Deliver MalwareSidewinder APT group’s sophisticated threat landscape reveals a skilled and persistent threat targeting the Nepalese Government entities. Their focus extends to South Asian governments, with researchers also identifying a recent complex attack on Bhutan. Cybersecurity…GBHACKERS.COM
19 DecTurngate Raises $5 Million to Shed Light on User ActivityTurngate has raised $5 million in seed funding to help organizations decipher users’ identities and track their activity. The post Turngate Raises $5 Million to Shed Light on User Activity appeared first on SecurityWeek .SECURITYWEEK.COM
19 DecFour Pieces of Transitional Advice: Incoming CISOs - Sean Zadig - CSP #153There’s been a boom of sudden CISOs for regulatory and practical reasons — forcing technical security leaders to transition. And the transition isn't easy. Join us, as Sean shares the lessons he has learned as he moved into the CISO role from technologist. As CISO Stories also fo…YOUTUBE.COM
19 DecNew Remote “Job” Scam Tells Victims They'll Get Paid For Liking YouTube VideosResearchers at Bitdefender warn that scammers are tricking victims with fake remote job opportunities. In this case, the scammers tell victims that they’ll get paid for liking YouTube videos.KNOWBE4.COM
19 DecEffective Security Strategy, Overlooked Leadership Attributes, and Fun Icebreakers - BSW #332In the leadership and communications section, Building an Effective Information Security Strategy, What Makes a Company Great at Producing Leaders?, 80 Fun Meeting Icebreakers Your Team Will Love, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Sho…YOUTUBE.COM
19 DecNagios and Abandoned Projects, Hacking Trains (to Fix Them), OAuth Threats, 5Ghoul - ASW #267Nagios gets a review from NCC Group, hackers hack some anti-fixing code to fix trains in Poland, abusing OAuth post-compromise, 5Ghoul flaws in 5G networks, MITRE teases a new threat model for embedded systems, a conversation on vuln scoring systems, and more! Visit https://www.s…YOUTUBE.COM
19 DecUnderstanding The Workings of Russian Hacker “Wazawaka”submitted by L4s to secops 1 points | 0 comments https://25491742.fs1.hubspotusercontent-eu1.net/hubfs/25491742/WAZAWAKA_TLPCLEAR_Report.pdf Understanding The Workings of Russian Hacker “Wazawaka”::undefined25491742.FS1.HUBSPOTUSERCONTENT-EU1.NET
19 DecLooking Ahead: Mobile Driver's Licenses for ID VerificationProve's Mary Ann Miller Discusses Innovative Approaches to Identity Verification Fraudsters can now easily create fake driver's licenses to scam banks and merchants. Moving to electronic identification that can be stored on mobile devices has the potential to unlock innovation in…DATABREACHTODAY.CO.UK
19 DecSanta, SEC, Google, Qakbot, VMWARE, AI, Turing, Voight-Kampff, Jason Wood, and more - SWN #350Santa, SEC, Google, Qakbot, VMWARE, AI, Turing, Voight-Kampff, Jason Wood, and more are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-350YOUTUBE.COM
19 DecHow Strata Identity and Microsoft Entra ID solve identity challenges in mergers and acquisitionsAlong with every merger and acquisition between two companies comes the need to combine and strengthen their IT infrastructure. There is an immediate and profound impact on the identity and access management postures of both companies. Learn how to protect your organization with …MICROSOFT.COM
19 DecOkta to Acquire Spera SecurityOkta Says Acquisition Will Expand Its Ability to Detect High-Risk Accounts Okta finalized an agreement to acquire Spera Security, saying the purchase will expand its ability to track risky accounts and access misconfigurations. Spera, a Tel Aviv startup, touts itself as a tool fo…DATABREACHTODAY.CO.UK
19 DecWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments ** Late post sorry!! ** - Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
19 DecOpenAI Formulates Framework to Mitigate 'Catastrophic Risks'A Preparedness Team Will Warn of Current, Future Dangers in the Firm's AI Models OpenAI on Monday released a framework it says will help assess and protect against the "catastrophic risks" posed by the "increasingly powerful" AI models it develops. "We believe the scientific stud…DATABREACHTODAY.CO.UK
19 DecAzure Serial Console Attack and Defense - Part 2This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders’ preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various tracing activities, such as us…MSRC.MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
19 Dec“Inhospitality” malspam campaign targets hotel industrySocial engineering drives password-stealing malware attack against the front deskSOPHOS.COM
19 DecNew Web injections campaign steals banking data from 50,000 peopleA new malware campaign that emerged in March 2023 used JavaScript web injections to try to steal the banking data of over 50,000 users of 40 banks in North America, South America, Europe, and Japan. [...]BLEEPINGCOMPUTER.COM
19 DecESET Threat Report H2 2023A view of the H2 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research expertsWELIVESECURITY.COM
🎙️ PODCASTS 1[−]
19 DecSharing stories on the CyberTuesday podcastSimon Whittaker, CEO of Vertical Structure, invited me onto the "CyberTuesday" show to share some stories and opinions from the world of cybersecurity. I couldn't resist also breaking into my Jason Statham impression at one point...GRAHAMCLULEY.COM
📡 INFOSEC NEWS 12[−]
19 DecMicrosoft is Working on a More Secure Print System for WindowsMicrosoft has introduced Windows Protected Print Mode (WPP) to enhance security and eliminate vulnerabilities in the Windows print system. These changes aim to reduce the attack surface and enhance user safety.HELPNETSECURITY.COM
19 DecA Season of Giving at SophosAs we enter the season of goodwill and 2023 draws to a close, Sophos teams across the globe have been getting involved in a range of charitable and volunteering activities.SOPHOS.COM
19 DecAre We Ready to Give Up on Security Awareness Training?Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is safe to say that employee security awareness training is one of the expenditure items, too. However, its effectiveness is an open question with people still …THEHACKERNEWS.COM
19 DecSimSpace raises $45M to simulate tech stacks for cyber trainingSimSpace, a startup that creates digital replicas of organizations’ tech and networking stacks for cybersecurity training, has raised $45 million in a funding round led by L2 Point Management. Bringing the company’s total raised to $70 million, the investment comes at…TECHCRUNCH.COM
19 DecWhat are they looking for? Scans for OpenID Connect Configuration, (Tue, Dec 19th)One of our honeypots received unusually many requests for an OpenID connect configuration file. This honeypot is configured a bit differently as it is more experimental to test new software, so the logs do not show up on our main site. Overall, there are only a few requests targe…ISC.SANS.EDU
19 DecNew Scam Involving Remote Jobs on Social Media PlatformsResearchers at Bitdefender Labs have uncovered a new scam involving remote jobs on social media platforms. Scammers are promising payment for simply liking YouTube videos.BITDEFENDER.COM
19 DecTerrapin attacks can downgrade security of OpenSSH connectionsAcademic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used. [...]BLEEPINGCOMPUTER.COM
19 DecMicrosoft confirms Windows 11 Wi-Fi issues, asks for user feedbackMicrosoft has confirmed that some Windows 11 devices experience Wi-Fi connectivity issues after installing recent cumulative updates. [...]BLEEPINGCOMPUTER.COM
19 DecSensor Intel Series: Top CVEs in November 2023We add two IoT CVEs and discuss the other sorts of traffic we see regularly.F5.COM
19 DecSensor Intel Series: Top CVEs in November 2023We add two IoT CVEs and discuss the other sorts of traffic we see regularly.F5.COM