🚨 CISA KEV 2[−]
10 Jan KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-29357 Microsoft SharePoint Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious c…CISA.GOV
10 Jan KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-21887 Ivanti Connect Secure and Policy Secure Command Injection Vulnerability CVE-2023-46805 Ivanti Connect Secure and Policy Secure Authenti…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
10 Jan KEVCISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under AttackThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerab…THEHACKERNEWS.COM
10 JanSQLi Vulnerability in Cacti Could Lead to Remote Code ExecutionThe vulnerability, CVE-2023-51448, requires an authenticated attacker with specific permissions or the exploitation of another vulnerability to access and exploit the Cacti database.HELPNETSECURITY.COM
10 JanUnauthenticated RCE in Adobe Coldfusion – CVE-2023-26360submitted by L4s to secops 1 points | 0 comments https://blog.securelayer7.net/unauthorized-rce-in-adobe-coldfusion/ Unauthenticated RCE in Adobe Coldfusion – CVE-2023-26360::Explore the intricacies of CVE-2023-26360, an unauthenticated Remote Code Execution (RCE) vulnerability i…SECURELAYER7.NET
10 JanIvanti Releases Security Update for Connect Secure and Policy Secure GatewaysIvanti has released a security update to address an authentication bypass vulnerability (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887) in all supported versions (9.x and 22.x) of Connect Secure and Policy Secure gateways. A cyber threat actor could exploi…CISA.GOV
⚠️ VULNERABILITY DISCLOSURE 21[−]
10 JanMicrosoft January 2024 Patch Tuesday, (Wed, Jan 10th)Microsoft today surprised with a light patch Tuesday. We only received 48 patches for Microsoft products and four for Chromium, affecting Microsoft Edge. Only two of the 48 patches are rated critical; none had been disclosed or exploited before today. The update also include…ISC.SANS.EDU
10 JanMicrosoft's January 2024 Windows Update Patches 48 New VulnerabilitiesMicrosoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly know…THEHACKERNEWS.COM
10 JanHackers Using Weaponized PDF Files to Deliver Qakbot MalwareQakbot is a sophisticated banking trojan and malware that primarily targets financial institutions. This sophisticated malware steals sensitive information such as:- While hackers exploit Qakbot to conduct:- Qakbot malware returns after the “Duck Hunt” bust. Not only …GBHACKERS.COM
10 JanBeware! Hackers Using YouTube Channels to Deliver Lumma MalwareHackers use YouTube channels to deliver malware due to the huge user base of the platform. By using YouTube channels, hackers disguise their malicious content as:- Besides this, the popularity of YouTube also gives the threat actors the ability to evade general security measures.…GBHACKERS.COM
10 JanKyocera Printers Open to Path Traversal AttacksResearchers have discovered a path traversal vulnerability in Kyocera's Device Manager, a product used for managing large printer fleets. Exploiting the vulnerability requires the attacker to be logged onto the network.BANKINFOSECURITY.COM
10 JanMicrosoft January 2024 Patch Tuesday Fixes 49 Flaws, 12 RCE BugsMicrosoft's January 2024 Patch Tuesday includes security updates for 49 flaws and 12 remote code execution vulnerabilities. Two critical vulnerabilities were fixed, including a Windows Kerberos Security Feature Bypass and a Hyper-V RCE.BLEEPINGCOMPUTER.COM
10 Jan12 best cybersecurity podcasts as recommended by the professionalsCybersecurity podcasts can provide valuable insights into the current state of the industry as well as provide tips and best practices that CISOs can incorporate into their own security strategies. Additionally, they can be a great way for security leaders to stay connected to th…CSOONLINE.COM
10 JanCISA Flags Six Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under AttackOne of the vulnerabilities affects Apache Superset, a data visualization software, and allows remote code execution. The other vulnerabilities impact Adobe ColdFusion, Apple products, D-Link DSL-2750B devices, and Joomla.THEHACKERNEWS.COM
10 JanFree Decryptor Released for Black Basta and Babuk's Tortilla Ransomware VictimsA decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities …THEHACKERNEWS.COM
10 JanKyocera Device Manager Vulnerability Exposes Enterprise CredentialsAn improper input validation flaw in Kyocera Device Manager allows attackers to capture credentials, compromise accounts. The post Kyocera Device Manager Vulnerability Exposes Enterprise Credentials appeared first on SecurityWeek .SECURITYWEEK.COM
10 JanTurkish ransomware campaign hacks into weak MSSQL servers: reportPoorly secured Microsoft SQL servers in the US, EU, and LATAM are being attacked by financially motivated Turkish threat actors in an ongoing campaign to deliver MIMIC ransomware payloads, according to a Securonix research. The financial cyberthreat campaign named RE#TURGENCE gai…CSOONLINE.COM
10 JanAdobe Substance 3D Stager Let Attacker Execute Arbitrary CodeAdobe has released a security update that fixes “Important-severity” vulnerabilities in its Substance 3D Stager product. The successful exploitation of these issues could result in a memory leak and arbitrary code execution in the current user’s context. Adobe S…GBHACKERS.COM
10 JanMirai-based NoaBot botnet deploys cryptominer on Linux serversA new botnet has been slowly growing over the past year by brute-forcing SSH logins and deploying cryptomining malware on Linux servers. The main bot client is based on the old Mirai worm whose source code has been available for years, but researchers have also seen the same grou…CSOONLINE.COM
10 JanFlaw in AI Plugin Exposes 50,000 WordPress Sites to Remote AttackThe vulnerability permits any unauthenticated user to upload arbitrary files, including potentially malicious PHP files, which could lead to remote code execution on the affected system.INFOSECURITY-MAGAZINE.COM
10 JanDDoS Attack Traffic Surged in 2023, Cloudflare FindsDistributed denial of service (DDoS) attacks reached an all-time high in 2023, with a significant increase in the number and intensity of attacks, driven by the exploitation of vulnerabilities like the HTTP/2 Rapid Reset.CYBERSECURITYDIVE.COM
10 Jan KEVIvanti warns of Connect Secure zero-days exploited in attacksIvanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. [...]BLEEPINGCOMPUTER.COM
10 JanWe Are Almost 3! Cloud Security Podcast by Google 2023 ReflectionsSo, we ( Tim and Anton , the crew behind the podcast ) wanted to post another reflections blog based on our Cloud Security Podcast by Google being almost 3 (we will be 3 years old on Feb 11, 2024, to be precise), kind of similar to this one . But we realized we don’t have enough …MEDIUM.COM
10 JanCisco says critical Unity Connection bug lets attackers get rootCisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices. [...]BLEEPINGCOMPUTER.COM
10 JanCybercriminals Bully Cancer Patients With Swatting ThreatExtortion Demands, Lawsuits Pile Up After Fred Hutchinson Cancer Center Hack Cybercriminals are extorting some patients and threatening them with swatting in the wake of a recent cyberattack on a Seattle cancer center. The incident, stemming from a Citrix Bleed exploit, has trigg…DATABREACHTODAY.CO.UK
10 JanVolexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-DaysIvanti confirms active zero-day exploits, ships pre-patch mitigations, but says comprehensive fixes won't be available until January 22. The post Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days appeared first on SecurityWeek .SECURITYWEEK.COM
10 JanMandiant's X account hacked by crypto Drainer-as-a-Service gangCybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack." [...]BLEEPINGCOMPUTER.COM
📋 SECURITY BULLETINS 2[−]
10 JanAndroid’s January 2024 Security Update Patches 58 VulnerabilitiesAndroid’s first security update of 2024 resolves high-severity elevation of privilege and information disclosure vulnerabilities. The post Android’s January 2024 Security Update Patches 58 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
10 JanWindows 10 KB5034441 security update fails with 0x80070643 errorsWindows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 9[−]
10 JanFujitsu, facing heat over UK Post Office scandal, continues to rake in billions from government dealsJapanese tech giant Fujitsu is facing growing pressure from U.K. political quarters over its role in a scandal that saw hundreds of post office owners prosecuted for accounting discrepancies. But as Fujitsu has emerged as a leading protagonist in a saga that has endured for nearl…TECHCRUNCH.COM
10 JanJobs | QNAP | NIST | Spectral Blur | Stuxnet | Swatting | Volkswagen | Jason Wood & More! – SWN352This week Doug talks: Jobs, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood, and more are on this edition of the Security Weekly News. →Full Show Notes: https://securityweekly.com/swn352 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Vi…YOUTUBE.COM
10 JanAnecdotes Raises $25 Million for Enterprise GRC PlatformAnecdotes has raised $25 million in Series B funding, which brings the total investment to $55 million, for its compliance platform. The post Anecdotes Raises $25 Million for Enterprise GRC Platform appeared first on SecurityWeek .SECURITYWEEK.COM
10 JanEU lawmakers under pressure to fully disclose dealings with child safety tech maker, ThornMore trouble for European Union lawmakers in a controversial area of tech policymaking — namely the bloc’s proposed legislation to apply surveillance technologies, such as client-side scanning, to digital messaging to try to detect child sexual abuse material (CSAM). This w…TECHCRUNCH.COM
10 JanEU Commission Examines OpenAI, Microsoft RelationshipCommission Says Close Company Connections Make Conditions Ripe for Merger Inquiry The European Commission took preliminary steps toward investigating Microsoft's financial interest in ChatGPT maker OpenAI under the trading bloc's antitrust regulation. The Tuesday announcement mar…DATABREACHTODAY.CO.UK
10 JanEU Enhances Cybersecurity Requirements for AgenciesCyber Regulation Requires EU Agencies to Assess Risks and Report Incidents The European Union adopted regulations on cyber hygiene intended to beef up cybersecurity at EU government agencies amid concerns that trading bloc institutions have failed to keep pace with mounting digit…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 19[−]
10 JanSEC Chair Says Account on X Was HackedThe SEC said that a post on X, announcing that the securities regulator had approved the trading of exchange-traded funds holding bitcoin was fake, and that the agency’s account had been “compromised.” The post SEC Chair Says Account on X Was Hacked appeared first on SecurityWeek…SECURITYWEEK.COM
10 JanData Breach Hits US Department of Transportation, Aviation Records CompromisedThe breach allegedly leaked 5.8 million flight logs from 2015, containing sensitive information. The motive behind the attack is unclear, but it raises concerns about cybersecurity measures in government agencies.THECYBEREXPRESS.COM
10 JanBritish Library: Finances are Healthy Amid Cyber RebuildThe British Library has refuted reports that the recovery costs for its recent ransomware attack will reach nearly $9 million. The library said that the final costs are still unconfirmed and no additional funding bids have been made.THEREGISTER.COM
10 JanSEC Twitter Hacked to Push Fake News of Bitcoin ETF ApprovalThe incident highlights concerns over the security of the SEC's social media accounts and the need for better protections against market manipulation through false tweets.THEREGISTER.COM
10 JanThreat Actor Poses as Security Researcher Offering to Delete Data Stolen by Ransomware AttackersOrganizations hit by ransomware face uncertainty regarding the deletion of stolen data, leading to a new form of extortion where a fake security researcher offers to hack into the ransomware group's server infrastructure for a fee.HELPNETSECURITY.COM
10 JanGetting off the Attack Surface Hamster Wheel: Identity Can HelpIT professionals have developed a sophisticated understanding of the enterprise attack surface – what it is, how to quantify it and how to manage it. The process is simple: begin by thoroughly assessing the attack surface, encompassing the entire IT environment. Identify al…THEHACKERNEWS.COM
10 JanIf You Prepare, a Data Security Incident Will Not Cause an Existential CrisisEffective data security incident response requires building trust and clear role definition within the company and with external partners. Practicing decision-making with limited information is key to maintaining calm during cybersecurity crises.HELPNETSECURITY.COM
10 JanPro-Ukraine Hackers Claim Breach of Russian Internet ProviderThis incident highlights the ongoing cyberwar between Ukraine and Russia, with Ukrainian hackers allegedly cooperating with security services to target Russian organizations.THERECORD.MEDIA
10 JanShinyHunters member gets 3 years in prison for breaching 60 firmsThe U.S. District Court in Seattle sentenced ShinyHunters member Sebastien Raoult to three years in prison and ordered a restitution of $5,000,000. [...]BLEEPINGCOMPUTER.COM
10 JanHacker Claims to Breach Indian ISP Hathway and Leaks Four Million Users' KYC DataThe leaked data includes the personal information of over 41 million Hathway customers, but analysis suggests that the actual number of impacted accounts is around 4 million.HACKREAD.COM
10 JanApple AirDrop Hacked by China to Gain Access to Private InformationAirDrop was introduced in iOS 7, which allows Apple users to transmit files between iOS and macOS systems. Moreover, this does not require an internet connection or a phone book contact for the receiver to receive files. However, it has been reported that malicious actors have ab…GBHACKERS.COM
10 JanSEC’s Twitter account hacked to say Bitcoin ETFs approved. Politicians and lawyers demand investigation into security breachThe official Twitter account of the US Securities and Exchange Commission (SEC) was hacked yesterday, with scammers posting an unauthorised message to its 660,000+ followers. The false message - which has since been deleted - claimed that the SEC had approved the listing and trad…BITDEFENDER.COM
10 JanParaguay Warns of Black Hunt Ransomware Attacks After Tigo Business BreachLast week, Tigo Business, a division of Paraguay's largest mobile carrier, suffered a cyberattack that impacted their cloud and hosting services. While it did not confirm the attack, reports suggest that it was targeted by the Black Hunt ransomware.BLEEPINGCOMPUTER.COM
10 JanHMG Healthcare Says Data Breach Impacts 40 FacilitiesThe compromised information includes names, contact information, dates of birth, health information, medical treatment details, Social Security numbers, and employee records. The post HMG Healthcare Says Data Breach Impacts 40 Facilities appeared first on SecurityWeek .SECURITYWEEK.COM
10 JanFidelity National Financial Details LoanCare Breach1.3 Million Customers Notified of Breach; BlackCat Ransomware Group Claimed Credit Financial services giant Fidelity National Financial has confirmed that a November 2023 hack attack compromised personal information pertaining to 1.3 million customers of its LoanCare subsidiary. …DATABREACHTODAY.CO.UK
10 JanPro-Ukraine hackers breach Russian ISP in revenge for KyivStar attackA pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. [...]BLEEPINGCOMPUTER.COM
10 JanFidelity National Financial: Hackers stole data of 1.3 million peopleFidelity National Financial (FNF) has confirmed that a November cyberattack (claimed by the BlackCat ransomware gang) has exposed the data of 1.3 million customers. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 27[−]
10 JanISC Stormcast For Wednesday, January 10th, 2024 https://isc.sans.edu/podcastdetail/8804, (Wed, Jan 10th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
10 JanHewlett Packard Enterprise to Acquire Juniper Networks for $14 BillionThis acquisition is expected to double HPE's networking business and expand its portfolio with AI-native networking offerings. The post Hewlett Packard Enterprise to Acquire Juniper Networks for $14 Billion appeared first on SecurityWeek .SECURITYWEEK.COM
10 JanWater Curupira Hackers Launch Pikabot Malware Attack on Windows MachinePikabot is a loader malware that is active in spam campaigns and has been used by the threat group Water Curupira, which has been paused from June to September 2023 after Qakbot’s takedown. However, the surge in Pikabot phishing campaigns was noted recently in Q4 2023, post…GBHACKERS.COM
10 JanFacial Scanning by Burger King in BrazilIn 2000, I wrote : “If McDonald’s offered three free Big Macs for a DNA sample, there would be lines around the block.” Burger King in Brazil is almost there , offering discounts in exchange for a facial scan. From a marketing video: “At the end of the yea…SCHNEIER.COM
10 JanDutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: ReportAn engineer recruited by intelligence services used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop. The post Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report appeared first on SecurityWeek .SECURITYWEEK.COM
10 JanChina Says State-Backed Experts Crack Apple’s AirDropChinese state-backed experts have found a way to identify people who use Apple's encrypted AirDrop messaging service, according to the Beijing municipal government. The post China Says State-Backed Experts Crack Apple’s AirDrop appeared first on SecurityWeek .SECURITYWEEK.COM
10 JanBlack Basta-Affiliated Threat Actor Water Curupira Spreads Pikabot via Spam CampaignPikabot, a loader malware similar to Qakbot, has been actively used in phishing campaigns by the Water Curupira threat actor, possibly as a replacement for Qakbot after its takedown.TRENDMICRO.COM
10 Jan KEVKnowBe4 Named a Leader in the Winter 2024 G2 Grid Report for Security Awareness TrainingWe are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence.KNOWBE4.COM
10 JanSAP’s First Patches of 2024 Resolve Critical VulnerabilitiesSAP has released patches for critical vulnerabilities in Business Application Studio, Web IDE, and Edge Integration Cell. The post SAP’s First Patches of 2024 Resolve Critical Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
10 JanHere’s Some Bitcoin: Oh, and You’ve Been Served!A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be first in which a federal court has recognized the… Read More »KREBSONSECURITY.COM
10 JanAI Is Changing Security — 5 Predictions from CortexWith critical developments at hand, we reached out to our own teams at Palo Alto Networks to get some candid opinions about the impacts of AI in cybersecurity. The post AI Is Changing Security — 5 Predictions from Cortex appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
10 JanWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
10 JanUS Securities and Exchange Commission Probes X Account HackValue of Bitcoin Rocketed Following Fake Post Claiming Spot Bitcoin ETFs Approved The U.S. Securities and Exchange Commission said it is probing the "compromise" of its X - formerly known as Twitter - social media accounts after a hacker broadcast a fake post claiming the agency …DATABREACHTODAY.CO.UK
10 JanDARKNET DIARIES EP 141: THE PIG BUTCHERsubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/019939f8-8122-4052-8243-d9586c486f89.png DARKNET DIARIES EP 141: THE PIG BUTCHER The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie…INFOSEC.PUB
10 JanCISO Tradecraft Podcast #163 - Operational Resiliencesubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/22b335ff-2666-459b-817e-3dd72390c8a4.png Join G Mark Hardy in this episode of the CISO Tradecraft podcast where he details how cyber protects revenue. He clarifies how cybersecurity is seen …INFOSEC.PUB
10 JanNoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto MiningA new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. “The capabilities of the new botnet, NoaBot, include a wormable self-spreader and an SSH key backdoor to download and execute additiona…THEHACKERNEWS.COM
10 JanHPE to Buy Juniper for $14B to Boost AI and NetworkingDeal Is 'Major Leap Forward in Our AI and Hybrid Cloud Strategy,' HPE Says Hewlett Packard Enterprise announced a $14 billion acquisition deal with networking equipment maker Juniper Networks and is touting the deal as a way to position the Silicon Valley stalwart for the burgeon…DATABREACHTODAY.CO.UK
10 JanFake 401K year-end statements used to steal corporate credentialsThreat actors are using communication about personal pension accounts (the 401(k) plans in the U.S.), salary adjustments, and performance reports to steal company employees' credentials. [...]BLEEPINGCOMPUTER.COM
10 Jan[Security Masterminds] Revolutionizing Cybersecurity Training: How AI Is Changing the GameArtificial intelligence (AI) in the cybersecurity realm is a nuanced topic. On the one hand, it has the potential to enhance our abilities to detect and prevent cyber threats significantly.KNOWBE4.COM
10 JanBeyond the Scams: Unraveling the Dark Tactics of Real-World Kidnapping Scams and Virtual ExtortionThe world can be a scary and dangerous place. Its unethical scammers have no problem doing almost anything to make a buck, but sometimes, their plots seem to be extra messed up.KNOWBE4.COM
10 JanPikabot Malware Spreading Through Phishing CampaignsResearchers at Trend Micro warn that a threat actor known as “Water Curupira” is distributing the Pikabot malware loader via widespread phishing campaigns.KNOWBE4.COM
10 JanHow Our Own Insecurity Fuels Global ThreatsProfessor John Walker on Need for Organizational Introspection, Global Perspective Criminals have built highly successful business models by hacking into a wide range of organizations at will. University professor John Walker warned that the world is witnessing the unintended con…DATABREACHTODAY.CO.UK
10 JanExtraHop Banks $100M in Growth Funding, Adds New ExecsSeattle network detection and response firm secures $100 million in growth funding and adds to its executive team. The post ExtraHop Banks $100M in Growth Funding, Adds New Execs appeared first on SecurityWeek .SECURITYWEEK.COM
10 JanFrench Computer Hacker Jailed in USA computer hacker who was part of a criminal gang that stole data from hundreds of millions of people and sold it on the dark web was jailed in the United States on Tuesday. The post French Computer Hacker Jailed in US appeared first on SecurityWeek .SECURITYWEEK.COM
10 JanSupply Chain Risk Management - David Vaughn - BTS #21We talk about Supply Chain Risk Management in the context of the cloud and US federal government with David Vaughn. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-21YOUTUBE.COM
10 JanThe Evolution of Purple Teaming with Jared Atkinson, Chief Strategist at SpecterOps – PSW #812Jared would like to discuss the evolution of purple teaming. Put bluntly, he believes traditional purple team approaches don’t test enough variations of attack techniques, delivering a false sense of detection coverage. He would like to talk about: The shortcomings of red team as…YOUTUBE.COM
10 Jan5 ways to secure identity and access for 2024To confidently secure identity and access at your organization, here are five areas Microsoft recommends prioritizing in the new year. The post 5 ways to secure identity and access for 2024 appeared first on Microsoft Security Blog .MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
10 JanMeet Ika & Sal: The Bulletproof Hosting Duo from HellTwo Russian men, known as Icamis and Salomon, co-ran the top spam forum Spamdot and worked closely with dangerous cybercriminals, controlling botnets and harvesting passwords.KREBSONSECURITY.COM
10 JanAttack of the copycats: How fake messaging apps and app mods could bite youWhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Don’t get taken for a ride.WELIVESECURITY.COM
🎙️ PODCASTS 1[−]
10 JanCyber Security Today, Jan. 10, 2024 - Vulnerabilities found in internet-connected factory torque wrenchesThis episode reports on a hole found in Bosch industrial torque wrenches, attacks on Microsoft SQL servers, and moreCYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 22[−]
10 JanVulnerabilities Found in High-Power Bosch Wrenches Popular With CarmakersThe vulnerabilities in the wrenches could lead to production line stoppages, causing large-scale financial losses, and enable malicious actors to introduce sub-optimal tightening or excessive damage.THERECORD.MEDIA
10 JanFTC Bans Outlogic (X-Mode) From Selling Sensitive Location DataThe U.S. Federal Trade Commission (FTC) on Tuesday prohibited data broker Outlogic, which was previously known as X-Mode Social, from sharing or selling any sensitive location data with third-parties. The ban is part of a settlement over allegations that the company "so…THEHACKERNEWS.COM
10 JanTwilio Will Discontinue its Authy Desktop 2FA App in August, Goes Mobile OnlyUsers are recommended to switch to the mobile versions available on iOS and Google Play. The decision to sunset the desktop app is part of Twilio's effort to focus on areas with higher demand.BLEEPINGCOMPUTER.COM
10 JanSophos India Gets Great Place To Work Certification for Second YearFor the second year running Sophos has been certified as one of the best employers in the country by Great Place to Work India.SOPHOS.COM
10 JanPAM Provider Delinea Acquires Israeli Startup AuthomizeThe integration of Authomize's cross-cloud identity capabilities into Delinea's platform will enable customers to detect and mitigate active identity threats across various applications and infrastructure.BANKINFOSECURITY.COM
10 JanMyanmar Rebels Take Control of ‘Pig Butchering’ Scam City Amid Chinese Pressure on JuntaThe rebel groups' focus on tackling the scam industry is likely an attempt to gain favor with China, as many of its citizens have been targeted by these scams run from Mynamar.THERECORD.MEDIA
10 JanEntire Population of Brazil Possibly Exposed in Massive Data LeakThe private data of hundreds of millions of Brazilian individuals, including full names, dates of birth, and CPF numbers, were publicly accessible, putting them at risk of identity theft and cybercrimes.SECURITYAFFAIRS.COM
10 Jananecdotes Raises $25M in Series B FundingThe round was led by Glilot Capital Partners, with participation from existing investors. The company plans to use the funds to introduce new data-driven innovations in the GRC landscape and expand into markets across the US, EMEA, and APAC regions.FINSMES.COM
10 JanBelieving they would be paid a fortune for having sex with women, hundreds of Indian men scammed out of cashIf you're desperate for money, you may make some foolhardy decisions about how to improve your finances.GRAHAMCLULEY.COM
10 JanBitcoin ETF Hopefuls Still Expect SEC Approval Despite Social Media HackPACKETSTORMSECURITY.COM
10 JanUS Navy Sailor Swaps Sea For Cell After Accepting Bribes From Chinese SnoopsPACKETSTORMSECURITY.COM
10 JanJeffrey Epstein email scams rear their ugly headSecurity researchers say that there has been a "resurgence" in email scams related to notorious sex offender Jeffrey Epstein.GRAHAMCLULEY.COM
10 JanFTC Settles Unprecedented Case Against Geolocation Data BrokerThe FTC's action against Outlogic marks the first-ever ban on the use and sale of sensitive location data, emphasizing the importance of limiting the tracking and use of personal information.BLEEPINGCOMPUTER.COM
10 JanTexas-based care provider HMG Healthcare says hackers stole unencrypted patient dataTexas-based care provider HMG Healthcare has confirmed that hackers accessed the personal data of residents and employees, but says it has been unable to determine what types of data were stolen. HMG Healthcare is headquartered in The Woodlands, Texas, and provides a range of ser…TECHCRUNCH.COM
10 JanMicrosoft Exchange 2019 has reached end of mainstream supportMicrosoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023. [...]BLEEPINGCOMPUTER.COM
10 JanDOJ to up Tempo of Cybercrime Operations in 2024, Senior Official SaysThe US Department of Justice expects an increase in government disruption operations in cybersecurity in 2024, with a focus on dismantling cybercriminal infrastructure and targeting individuals and companies supporting cybercrime.THERECORD.MEDIA
10 JanA startup’s guide to cyberthreats — threat modeling and proactive securityCybersecurity is a complex and multifaceted field, and even with thorough threat modeling, there's always a risk of compromise. © 2023 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
10 JanFallout Mounting From Recent Major Health Data HacksSeveral high-profile health data hacks, including those affecting medical transcription vendor Perry Johnson and Associates and hospital chain Prospect Medical Holdings, are resulting in growing lists of affected individuals and triggering lawsuits.BANKINFOSECURITY.COM
10 JanCybersecurity Deals Boom as Investment Dips, Pinpoint ReportsThe cybersecurity sector recorded 346 funding rounds and 91 mergers and acquisition (M&A) transactions in 2023, according to cyber recruitment firm Pinpoint Search Group.INFOSECURITY-MAGAZINE.COM