🚨 CISA KEV 2[−]
9 Jan KEVCISA Warns of Apache Superset Vulnerability ExploitationCISA has added a critical-severity Apache Superset flaw (CVE-2023-27524) to its Known Exploited Vulnerabilities catalog. The post CISA Warns of Apache Superset Vulnerability Exploitation appeared first on SecurityWeek .SECURITYWEEK.COM
9 Jan KEVCISA warns agencies of fourth flaw used in Triangulation spyware attacksThe U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla. [...]BLEEPINGCOMPUTER.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 52[−]
9 JanEnterprises with Kyocera printers open to path traversal attacksMulti-function printer (MFP) devices and software provider Kyocera Document Solutions has a path traversal vulnerability in its web-based device manager tool used for managing large printer fleets in mid-to-large sized enterprises, according to Trustwave. Tracked as CVE-2023-5091…CSOONLINE.COM
9 JanCacti Blind, SQL Injection Flaw, Enables Remote Code ExecutionCacti, the performance and fault management framework, has been discovered with a blind SQL injection vulnerability, which could reveal Cacti database contents or trigger remote code execution. The CVE for this vulnerability has been assigned with CVE-2023-51448, and the severity…GBHACKERS.COM
9 JanApache OFBiz 0-day sees thousands of daily exploit attemptssubmitted by c0mmando to netsec 1 points | 1 comments https://www.theregister.com/2024/01/08/apache_ofbiz_zeroday/ SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. The near-maximum severity zero-day vuln in OFB…THEREGISTER.COM
9 JanCVE-2024-20666 BitLocker Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20674 Windows Kerberos Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20677 Microsoft Office Remote Code Execution VulnerabilityA security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no …MSRC.MICROSOFT.COM
9 JanCVE-2024-20676 Azure Storage Mover Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20654 Microsoft ODBC Driver Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20657 Windows Group Policy Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20658 Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20680 Windows Message Queuing Client (MSMQC) Information DisclosureInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20682 Windows Cryptographic Services Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20683 Win32k Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20690 Windows Nearby Sharing Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20691 Windows Themes Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20694 Windows CoreMessaging Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2022-35737 MITRE: CVE-2022-35737 SQLite allows an array-bounds overflowInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20696 Windows Libarchive Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20697 Windows Libarchive Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20698 Windows Kernel Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20699 Windows Hyper-V Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20700 Windows Hyper-V Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-21305 Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-21307 Remote Desktop Client Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-21313 Windows TCP/IP Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-21325 Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20672 .NET Core and Visual Studio Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-0056 Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-0057 NET, .NET Framework, and Visual Studio Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20652 Windows HTML Platforms Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20653 Microsoft Common Log File System Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20655 Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20656 Visual Studio Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20660 Microsoft Message Queuing Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20661 Microsoft Message Queuing Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20662 Windows Online Certificate Status Protocol (OCSP) Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20663 Windows Message Queuing Client (MSMQC) Information DisclosureInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20664 Microsoft Message Queuing Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-21316 Windows Server Key Distribution Service Security Feature BypassInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20681 Windows Subsystem for Linux Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20686 Win32k Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20687 Microsoft AllJoyn API Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-20692 Microsoft Local Security Authority Subsystem Service Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-21306 Microsoft Bluetooth Driver Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-21309 Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-21310 Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-21311 Windows Cryptographic Services Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-21312 .NET Framework Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-21314 Microsoft Message Queuing Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-21318 Microsoft SharePoint Server Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 JanCVE-2024-21319 Microsoft Identity Denial of service vulnerabilityInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 33[−]
9 JanVulnerability Assessmentssubmitted by MSgtRedFox to cybersecurity 1 points | 0 comments cross-posted from: infosec.pub/post/6670956 I’m curious what tools, SaaS, or other solutions are being used for vulnerability assessments? DOD calls it ACAS, which is just an acronym for required assessment program of…INFOSEC.PUB
9 JanSecurity Control Frameworkssubmitted by MSgtRedFox to cybersecurity 1 points | 0 comments cross-posted from: infosec.pub/post/6671372 I’m not a vendor, I’m just curious what experience people have with implementing security control frameworks? DOD uses DISA STIGs. Else uses CIS benchmarks, or self develope…INFOSEC.PUB
9 JanSurge in Open Source Malware Stealing Login Credentials & Sensitive DataOver the decade, Python has been dominating the programming languages and consistently growing with open-source love. Numerous popular Python projects exist that are used by millions of users. However, besides this, in recent times, it’s been noted that open-source malware …GBHACKERS.COM
9 JanIncorporating Mobile Threat Defense into Your Device Management EcosystemIn recent years, we have seen a significant shift in the global workforce. With the proliferation of high-speed internet and advanced communication tools, remote work has become the new norm for countless professionals. This transition hasn’t just been about convenience; it…GBHACKERS.COM
9 JanProtecting Windows networks: Get back to basics for the new yearIt’s a new year, which tends to suggest it’s time to embrace new solutions or software or methods for protecting a Windows network. In fact, that’s a misleading instinct. It’s far better to go back to basics in our networks, which often get neglected as we layer on more s…CSOONLINE.COM
9 JanAlert: New Vulnerabilities Discovered in QNAP and Kyocera Device ManagerA security flaw has been disclosed in Kyocera’s Device Manager product that could be exploited by bad actors to carry out malicious activities on affected systems. "This vulnerability allows attackers to coerce authentication attempts to their own resources, such as a m…THEHACKERNEWS.COM
9 JanResearchers Disclose New Lumma Stealer Campaign Distributed via YouTubeFortiGuard Labs researchers discovered an attack campaign involving the Lumma Stealer malware spreading through hijacked YouTube channels. Threat actors compromise accounts, upload videos disguised as legitimate cracked software sharing, and redirect users to malicious URLs via i…CYWARE.COM
9 JanSensitive Files of Swiss Air Force Stolen in the Hack of Ultra Intelligence & CommunicationsThe breach, carried out by the BlackCat ransomware gang, resulted in the theft of around 30 gigabytes of sensitive data, including a contract between the Swiss Department of Defence and Ultra Intelligence & Communications for nearly $5 million.SECURITYAFFAIRS.COM
9 JanPIN-Stealing Android MalwareThis is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN : The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock,…SCHNEIER.COM
9 JanUpdate: Apache OFBiz Zero-Day Sees Thousands of Daily Exploit AttemptsThe authentication bypass flaw in OFBiz allows attackers to remotely execute arbitrary code and access sensitive information. Upgrading to OFBiz version 18.12.11 is crucial to patch both this zero-day vulnerability and another equally serious hole.THEREGISTER.COM
9 JanSaudi Ministry of Industry and Mineral Resources Exposed Sensitive Data for 15 MonthsThe Saudi Ministry of Industry and Mineral Resources (MIM) had a sensitive environment file exposed for 15 months, potentially allowing attackers to gain unauthorized access and launch ransomware attacks.SECURITYAFFAIRS.COM
9 JanLoanDepot Takes Systems Offline Following Ransomware AttackMortgage lending firm LoanDepot has disclosed a cyberattack resulting in data encryption and system disruptions. The post LoanDepot Takes Systems Offline Following Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
9 JanTurkish Hackers Exploiting Poorly Secured MS SQL Servers Across the GlobePoorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access. “The analyzed threat campaign appears to end in one of two ways, either th…THEHACKERNEWS.COM
9 JanMonths long AsyncRAT campaign targeted key US infrastructure employeesFor the past 11 months a threat group has been targeting employees in various companies with phishing emails that distribute an open-source trojan program called AsyncRAT. The targets included companies managing key infrastructure in the US. According to AT&T’s Alien Labs cyb…CSOONLINE.COM
9 JanShadow APIs are opening organizations to attacks: ReportOrganizations lacking visibility on the application programming interfaces ( APIs ) they use has resulted in the APIs becoming more complex to manage and protect against abuse, according to a report by Cloudflare. The report based on the traffic patterns observed by Cloudflare’s …CSOONLINE.COM
9 JanOnline Services Down for German Craft Associations Following ‘Security Incident’The cyberattack has forced the affected Chambers to disconnect from the network and take their systems offline, causing disruption to vocational training and other online services.THERECORD.MEDIA
9 Jan KEVHigh-Severity Vulnerabilities Patched in QNAP QTS, Video Station, QuMagie, Netatalk ProductsWhile there is no evidence that the flaws have been exploited in the wild, it's recommended that users take steps to update their installations to the latest version to mitigate potential risks.SECURITYWEEK.COM
9 JanCISA Releases One Industrial Control Systems AdvisoryCISA released one Industrial Control Systems (ICS) advisory on January 9, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-348-01 Cambium ePMP 5GHz Force 300-25 Radio (Update A) CISA encourages…CISA.GOV
9 JanCriminal IP and Tenable Partner for Swift Vulnerability DetectionCyber Threat Intelligence (CTI) search engine Criminal IP has established a technical partnership with Tenable. Learn more from Criminal IP about how this partnership can assist in real-time vulnerability and maliciousness scans. [...]BLEEPINGCOMPUTER.COM
9 JanTurkish Hackers Exploiting Poorly Secured MS SQL Servers Across the GlobeThe RE#TURGENCE campaign, linked to actors of Turkish origin, utilizes brute-force attacks, shell commands, and post-exploitation tools to gain access and carry out malicious activities.THEHACKERNEWS.COM
9 JanHackers disrupt Beirut airport with anti-Hezbollah messagesubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/beirut-airport-hack-information-screens-baggage-screening Flight information display screens at Beirut’s international airport were hacked over the weekend to display politically motivated messages, and…THERECORD.MEDIA
9 JanBangladesh official alleges cyberattack ‘from Ukraine and Germany’ targeted electionsubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/bangladesh-election-information-app-alleged-cyberattack An official at the Bangladesh Election Commission has claimed that a cyberattack “from Ukraine and Germany” caused an election information app to …THERECORD.MEDIA
9 JanWiper malware found in analysis of Iran-linked attacks on Albanian institutionssubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/albania-parliament-telecoms-airline-cyberattacks-wiper-malware During the wave of attacks on Albanian organizations earlier in December, Iran-linked hackers used wiper malware that researchers are calli…THERECORD.MEDIA
9 JanPro-Ukraine hackers claim breach of Russian internet providersubmitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/ukraine-blackjack-hackers-sbu-claim-breach-russia-M9com The pro-Ukrainian hacker group Blackjack is claiming that it breached a Moscow internet provider to seek revenge for a Russian cyberattack on Ukra…THERECORD.MEDIA
9 JanNew decryptor for Babuk Tortilla ransomware variant releasedsubmitted by c0mmando to netsec 1 points | 0 comments https://blog.talosintelligence.com/decryptor-babuk-tortilla/ In cooperation with Dutch Police and Avast, Cisco Talos recovered a decryptor for encrypted files from systems affected by the Babuk ransomware variant known as Tort…TALOSINTELLIGENCE.COM
9 JanJenkins Brute Force Scans, (Tue, Jan 9th)Our honeypots saw a number of scans for "/j_acegi_security_check" the last two days. This URL has not been hit much lately, but was hit pretty hard last March. The URL is associated with Jenkins, and can be used to brute force passwords.
ISC.SANS.EDU
9 JanMicrosoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-VPatch Tuesday: Redmond patches critical, remote code execution vulnerabilities haunting Windows Kerberos and Windows Hyper-V. The post Microsoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-V appeared first on SecurityWeek .SECURITYWEEK.COM
9 JanMicrosoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugsToday is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities. [...]BLEEPINGCOMPUTER.COM
9 JanCritical Patches Issued for Microsoft Products, January 09, 2024Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, o…CISECURITY.ORG
9 JanKyocera Printers Open to Path Traversal AttacksPath Traversal Flaw Allows Malicious Actors to Exploit Kyocera's Device Manager Researchers found a path traversal vulnerability in Kyocera's Device Manager product, which is used for overseeing large printer fleets in mid- to large-sized enterprises. Attackers could exploit the …DATABREACHTODAY.CO.UK
9 JanFortinet Releases Security Updates for FortiOS and FortiProxyFortinet has released a security update to address a vulnerability in FortiOS and FortiProxy software. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the FG-IR-23-315 FortiOS & FortiP…CISA.GOV
9 JanMicrosoft Releases Security Updates for Multiple ProductsMicrosoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s January Security Update …CISA.GOV
📋 SECURITY BULLETINS 3[−]
9 JanAdobe Patches Code Execution Flaws in Substance 3D StagerPatch Tuesday: Adobe patches six security flaws in the Substance 3D Stager product and warned of code execution risks on Windows and macOS. The post Adobe Patches Code Execution Flaws in Substance 3D Stager appeared first on SecurityWeek .SECURITYWEEK.COM
9 JanSiemens, Schneider Electric Release First ICS Patch Tuesday Advisories of 2024Industrial giants Siemens and Schneider Electric publish a total of 7 new security advisories addressing 22 vulnerabilities. The post Siemens, Schneider Electric Release First ICS Patch Tuesday Advisories of 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
9 Jan2024’s first Patch Tuesday steps lightlyFour dozen fixes and a handful of advisories make for the quietest January since 2020SOPHOS.COM
📢 SECURITY ADVISORIES 10[−]
9 JanReimagining Risk in the Emerging Cloud: A GRC Perspective - Solomon Ugah - CSP #156More and more services and products are being cloud-delivered. This leads to a concentration of risk in the hands of a few industry players and a few jurisdictions. It means risk needs to be addressed and thought about differently. Join us as we discuss managing cloud risk from a…YOUTUBE.COM
9 JanJobs, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood – SWN #352Join us live at 12pm ET as we discuss Jobs and Money, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood, and more on this Edition of the Security Weekly News. → Watch Live Here: securityweekly.com/live → Subscribe to our podcasts: https://securityweekly.com/sub…YOUTUBE.COM
9 JanJobs, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood - SWN #352Jobs and Money, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood, and more on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-352YOUTUBE.COM
🔥 INCIDENT REPORTING 23[−]
9 JanBangladesh Official Alleges Cyberattack ‘From Ukraine and Germany’ Targeted ElectionThe cyberattack may have been a distributed denial of service (DDoS) attack. Prior to the election, both political parties accused foreign states of attempting to influence the vote.THERECORD.MEDIA
9 JanRansomware Attack on Toronto Zoo Had No Impact on Animal WellbeingThe Toronto Zoo's operations and animal well-being were not impacted by a recent ransomware attack on its systems. The zoo does not store credit card information but is investigating if the attack affected guest and donor records.BLEEPINGCOMPUTER.COM
9 JanNetgear, Hyundai Latest X Accounts Hacked To Push Crypto DrainersHackers are increasingly targeting verified Twitter accounts of businesses and government organizations to promote cryptocurrency scams and steal assets from unsuspecting users.BLEEPINGCOMPUTER.COM
9 JanUpdate: LockBit Claims November Attack on New Jersey Hospital That Disrupted Patient CareThe attack caused network outages and disrupted patient care, resulting in canceled appointments and rescheduled surgeries. The LockBit ransomware gang has now threatened to leak 7TB of stolen data from the hospital.THERECORD.MEDIA
9 JanMidwives clinic takes nine months to deliver news of data breachClients of a pregnancy care clinic in Ontario have had their personal information exposed to hackers. I'm sure I don't need to tell anyone who has made use of the services of a midwife, that a lot can happen in nine months... Read more in my article on the Hot for Security blog.BITDEFENDER.COM
9 JanRhysida Ransomware Gang Takes Credit for Christmas Attack on Global Lutheran OrganizationThe attack was carried out by the Rhysida ransomware gang, who also claimed responsibility for attacking the Lutheran World Federation, a member of the WCC. The WCC's systems went down on December 26, 2023.THERECORD.MEDIA
9 JanNew York Clinic Must Pay $450K Fine, Spend $1.2M on SecurityThe Refuah Health Center in New York has been fined up to $450,000 and required to invest over $1 million in improving its data security following a ransomware attack in 2021.BANKINFOSECURITY.COM
9 JanBosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production LinesHackers can take complete control of Bosch Rexroth nutrunners, installing ransomware or altering settings to cause financial impact and brand damage. The post Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines appeared first on SecurityWe…SECURITYWEEK.COM
9 JanRansomware Gang Claims Attack on Capital HealthThe LockBit ransomware gang claims to have stolen over 7 terabytes of data from hospital system Capital Health. The post Ransomware Gang Claims Attack on Capital Health appeared first on SecurityWeek .SECURITYWEEK.COM
9 JanContinuity in Chaos: Applying Time-Tested Incident Response to Modern CybersecurityDespite the drastically newer and more complex technology, many of the core incident response principles remain the exact same and we should never forget the fundamentals. The post Continuity in Chaos: Applying Time-Tested Incident Response to Modern Cybersecurity appeared first …SECURITYWEEK.COM
9 JanNew Decryptor for Babuk Tortilla Ransomware Variant ReleasedCisco Talos, in collaboration with Dutch Police and Avast, recovered a decryptor for the Babuk Tortilla ransomware variant, allowing users to quickly recover their encrypted files.TALOSINTELLIGENCE.COM
9 JanParaguay warns of Black Hunt ransomware attacks after Tigo Business breachThe Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company's business division. [...]BLEEPINGCOMPUTER.COM
9 JanTurkish Hackers Target Microsoft SQL Servers in Americas, EuropeResearchers at Securonix warn that Turkish threat actors are targeting organizations in the Americas and Europe with ransomware campaigns. The post Turkish Hackers Target Microsoft SQL Servers in Americas, Europe appeared first on SecurityWeek .SECURITYWEEK.COM
9 JanDecryptor for Babuk ransomware variant released after hacker arrestedResearchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator. [...]BLEEPINGCOMPUTER.COM
9 JanAI aides nation-state hackers but also helps US spies to find them, says NSA cyber directorNation state-backed hackers and criminals are using generative AI in their cyberattacks, but U.S. intelligence is also using artificial intelligence technologies to find malicious activity, according to a senior U.S. National Security Agency official. “We already see crimin…TECHCRUNCH.COM
9 JanHackers target Microsoft SQL servers in Mimic ransomware attacksA group of financially motivated Turkish hackers targets Microsoft SQL (MSSQL) servers worldwide to encrypt the victims' files with Mimic (N3ww4v3) ransomware. [...]BLEEPINGCOMPUTER.COM
9 JanRansomware victims targeted by fake hack-back offersSome organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. [...]BLEEPINGCOMPUTER.COM
9 JanFidelity National Financial says hackers stole data on 1.3 million customersReal estate services giant Fidelity National Financial has confirmed hackers stole data on 1.3 million of its customers during a November cyberattack that knocked the company offline for a week. FNF said in a filing Tuesday with federal regulators: “We determined that an un…TECHCRUNCH.COM
9 JanFallout Mounting From Recent Major Health Data HacksPost-Breach List of Affected Individuals Growing; More Lawsuits Filed Fallout is mounting, and new developments are emerging in several high-profile health data hacks. Data breaches reported in recent weeks and months at a medical transcription vendor, a hospital chain and a law …DATABREACHTODAY.CO.UK
9 JanUS SEC’s X account hacked to announce fake Bitcoin ETF approvalThe X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. [...]BLEEPINGCOMPUTER.COM
9 JanCyber insurance requirements: What’s in store for 2024As the threat landscape evolves and the cost of data breaches increase, so will cyber insurance requirements from carriers. Cyber Risk Specialist Vince Kearns shares his 4 predictions for 2024.TRENDMICRO.COM
🕵️ THREAT INTELLIGENCE 23[−]
9 JanBrowser Certificate Stores and QWACssubmitted by MSgtRedFox to cybersecurity 1 points | 0 comments Let’s talk about root certificate management and the EU proposed QWACs. Steve Gibson of the security now podcast weighed in with opposition to the EUs proposed QWACs certs and cited a few other prominent figures also …INFOSEC.PUB
9 JanISC Stormcast For Tuesday, January 9th, 2024 https://isc.sans.edu/podcastdetail/8802, (Tue, Jan 9th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
9 JanAccenture Buys 6point6 to Expand Cyber PortfolioAccenture, a global professional services company, has made a strategic move in the U.K. market by acquiring 6point6, a leading technology consultancy specializing in cloud, data, and cybersecurity. This acquisition, announced on October 31, 2023, significantly enhances Acc…GBHACKERS.COM
9 JanBeware! YouTube Videos Promoting Cracked Software Distribute Lumma StealerThreat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. “These YouTube videos typically feature content related to cracked applications, presenting users wit…THEHACKERNEWS.COM
9 JanMultiple QNAP High-Severity Flaws Let Attackers Execute Remote CodeQNAP has released multiple security advisories for addressing several high, medium, and low-severity vulnerabilities in multiple products, including QTS, QuTS hero, Netatalk, Video Station, QuMagie, and QcalAgent. QNAP has also stated all the affected products and their versions …GBHACKERS.COM
9 JanCybersecurity Funding Dropped 40% in 2023: AnalysisThe volume of cybersecurity transactions increased in 2023 compared to 2022, but the total amount of funding decreased significantly. The post Cybersecurity Funding Dropped 40% in 2023: Analysis appeared first on SecurityWeek .SECURITYWEEK.COM
9 JanBest Practices for Moving Sensitive Data into the Cloud | Leadership & Communications - BSW #333This week, we are kick things by discussing Best Practices for Moving Sensitive Data into the Cloud, with Mike Scott, CISO at Immuta. Then we discuss our Leadership and Communications articles for this week. Visit https://www.securityweekly.com/bsw for all the latest episodes! Sh…YOUTUBE.COM
9 JanGuarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid ThemNavigating the cloud security landscape is no walk in the park. It requires IT professionals like you to not only tackle traditional security threats, such as managing data access and mitigating vendor risks, but also confront virtualization risks and tackle issues unique to the …KNOWBE4.COM
9 JanCybersecurity trends: IBM’s predictions for 2024From world events to the economy, 2023 was an unpredictable year. Cybersecurity didn’t stray far from this theme, delivering some unexpected twists. As organizations begin planning their security strategies for 2024, now is the time to look back on the year before and extra…SECURITYINTELLIGENCE.COM
9 JanCyberheistNews Vol 14 #02 AI Breaks Free: New Insights Into The Latest Chatbot Jailbreak HackKNOWBE4.COM
9 JanCountering Online Fraud With Gen AI SafeguardsnSure.ai CEO Alex Zeltcer Says Attackers Use Deceptive Tactics to Engage in Fraud Alex Zeltcer, CEO and co-founder at nSure.ai, believes more companies are using AI and gen AI to create synthetic data that will be used to identify fraudulent groups who target online shoppers and …DATABREACHTODAY.CO.UK
9 JanAlert: Water Curupira Hackers Actively Distributing PikaBot Loader MalwareA threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. “PikaBot’s operators ran phishing campaigns, targeting victims via its two components — a loader and a core module — which enabled …THEHACKERNEWS.COM
9 JanWhat's in Store for 2024? - ASW #268We kick off the new year with a discussion of what we're looking forward to and what we're not looking forward to. Then we pick our favorite responses to "appsec in three words" and set our sights on a new theme for 2024. Visit https://www.securityweekly.com/asw for all the lates…YOUTUBE.COM
9 Jan23andMe Blames Users, Abusing Google's OAuth2, Rustls Performance, AI Goes OSINT - ASW #26823andMe shifts blame to users for poor password practices, abusing Google's OAuth2 through a MultiLogin endpoint, Rustls is memory safe and fast, AI enters OSINT, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.co…YOUTUBE.COM
9 JanDevOps Configuration Management Tier Discussionsubmitted by MSgtRedFox to cybersecurity 1 points | 0 comments Does your choice of configuration management tool (Ansible, SALT, Puppet, Chef, etc) control tier 0 assets? (Authentication/directory servers, network equipment, etc) Do you consider your CM tool tier 0? If so, do you…INFOSEC.PUB
9 JanUsing honeytokens to detect (AiTM) phishing attacks on your Microsoft 365 tenantsubmitted by L4s to secops 1 points | 0 comments https://zolder.io/using-honeytokens-to-detect-aitm-phishing-attacks-on-your-microsoft-365-tenant/ Using honeytokens to detect (AiTM) phishing attacks on your Microsoft 365 tenant::Phishing attacks are rapidly increasing against Mic…ZOLDER.IO
9 JanOrganizations Undercount APIs by One-Third, Experts WarnAPI Requests Comprise 57% of Global Dynamic HTTP Traffic, Cloudflare Reports As the use of application programming interfaces to connect software components continues to surge, many organizations lack visibility into precisely how many APIs they're operating, if they're secured o…DATABREACHTODAY.CO.UK
9 JanDelinea Acquires Authomize to Tackle Identity-Based ThreatsDelinea acquires Israeli startup Authomize to add identity threat detection and response (IDTR) technologies to its product portfolio. The post Delinea Acquires Authomize to Tackle Identity-Based Threats appeared first on SecurityWeek .SECURITYWEEK.COM
9 JanCybercriminals Celebrate the Holidays with Dark Web Data Dumps, Dubbed “Leaksmas”Millions of data records and GBs of data from organizations around the globe were made freely available to cybercriminals to coincide with dates around Christmas of 2023.KNOWBE4.COM
9 JanRed Flags for Phishing: Verizon Outlines Common Scams to Watch Out ForVerizon has published an article outlining various forms of social engineering attacks, including SMS/text messaging phishing (smishing), voice phishing (vishing), and spear phishing (targeted attacks, often via email). Verizon warns users to be on the lookout for the following r…KNOWBE4.COM
9 JanGUEST ESSAY: The case for using augmented reality (AR) and virtual reality (VR) to boost trainingAugmented reality (AR) and virtual reality (VR) technologies provide intriguing opportunities for immersive and interactive experiences in cybersecurity training. Related: GenAI’ impact on DevSecOps Here’s how these technologies can bridge learning gaps in cybersecuri…LASTWATCHDOG.COM
9 JanPAM Provider Delinea Acquires Israeli Startup AuthomizeCompany Makes Bid for Multi-Cloud Security California privileged access management vendor Delinea announced Tuesday its acquisition of Israeli startup Authomize in a bid to extend its reach in the growing identity market. Delinea will incorporate Authomize cross-cloud identity ca…DATABREACHTODAY.CO.UK
9 JanOpenAI: Gen AI 'Impossible' Without Copyrighted MaterialCopyright Probes Continue to Trouble AI Developers ChatGPT maker OpenAI acknowledged that it would be "impossible" to develop generative artificial intelligence systems without using copyrighted material. The company defended its use of copyrighted material, stating that current …DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 1[−]
9 JanDeceptive Cracked Software Spreads Lumma Variant on YouTubeA threat group is using YouTube channels to distribute a variant of Lumma Stealer, a malware that targets sensitive information, by uploading videos with malicious URLs disguised as cracked software installation guides.FORTINET.COM
📡 INFOSEC NEWS 15[−]
9 JanWhy Public Links Expose Your SaaS Attack SurfaceCollaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their software applications that allows users to do more. Links to files, repositories, and boards can be shared with anyone, anywhere. This en…THEHACKERNEWS.COM
9 JanGoogle Search bug shows blank page in Firefox for AndroidUsers of the Firefox browser for Android have been reporting that they are seeing a blank page when trying to load the main Google Search site. [...]BLEEPINGCOMPUTER.COM
9 JanNigerian Gets Ten Years for Laundering Scam FundsOlugbenga Lawal, 33, of Indianapolis, Indiana, was convicted in August last year of conspiring to commit money laundering, after three co-conspirators had already pleaded guilty to the same crime.INFOSECURITY-MAGAZINE.COM
9 JanUS DHS Solicits Synthetic Data Expertise for AI TrainingThe U.S. federal government is seeking synthetic data generators to train machine learning models and test systems in instances where real-world data is unavailable or poses privacy and security risks.BANKINFOSECURITY.COM
9 JanFTC bans X-Mode from selling phone location data, and orders firm to delete collected dataThe U.S. Federal Trade Commission has banned the data broker X-Mode Social from sharing or selling users’ sensitive location data, the federal regulator said Tuesday. The first of its kind settlement prohibits X-Mode, now known as Outlogic, from sharing and selling users’ s…TECHCRUNCH.COM
9 JanWindows 11 KB5034123 update released with security and Wi-Fi fixesMicrosoft has released the Windows 11 KB5034123 cumulative update for versions 23H2 and 22H2 to fix a variety of issues, including a potential Wi-Fi bug that was fixed in a KIR last month. [...]BLEEPINGCOMPUTER.COM
9 JanWindows 10 KB5034122 update released with fix for shut down bugMicrosoft has released the KB5034122 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes only a small number of fixes due to the holiday season. [...]BLEEPINGCOMPUTER.COM
9 JanFTC bans data broker from selling Americans’ location dataToday, the U.S. Federal Trade Commission (FTC) banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes. [...]BLEEPINGCOMPUTER.COM
9 JanChina claims it cracked Apple's AirDrop to find numbers, email addressesA Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. [...]BLEEPINGCOMPUTER.COM
9 JanEverything you need to know about VPNsYou’re watching a movie. A criminal is trying to evade a crime scene in a sports car on the highway. A helicopter is following the car from above. The car enters a tunnel with multiple exits and the helicopter loses track of the car. A VPN works just like the tunnel in this movie…TECHCRUNCH.COM
9 JanNigerian gets 10 years for laundering millions stolen from elderlyA Nigerian man was sentenced on Monday to 10 years and one month in prison for conspiring to launder millions stolen from elderly victims in internet fraud schemes. [...]BLEEPINGCOMPUTER.COM
9 JanLove is in the AI: Finding love online takes on a whole new meaningIs AI companionship the future of not-so-human connection – and even the cure for loneliness?WELIVESECURITY.COM