81Articles
9Categories
2024-01-12Date
🚨 CISA KEV 2[−]
12 Jan KEVCISA adds patched MS SharePoint server vulnerability to KEV catalogA patched privilege escalation vulnerability impacting Microsoft SharePoint servers has been added to the known exploited vulnerabilities (KEV) catalog of the US Cybersecurity and Infrastructure Security Agency (CISA). Citing evidence of active exploitation, CISA has tagged the c…CSOONLINE.COM
12 Jan KEVKnown Indicators of Compromise Associated with Androxgh0st MalwareSUMMARY The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated w…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
12 Jan KEVHackers Actively Exploited 2 Ivanti Zero-Day to Execute Arbitrary CommandsInvati Connect Secure (ICS) and Ivanti Policy Secure Gateways have been discovered with two new vulnerabilities associated with authentication bypass and command injection. The CVEs for these vulnerabilities have been assigned as CVE-2023-46805 and CVE-2024-21887. The severity of…GBHACKERS.COM
12 Jan KEVAct Now: CISA Flags Active Exploitation of Microsoft SharePoint VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The issue, tracked as CV…THEHACKERNEWS.COM
12 JanCVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer CampaignThis blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.TRENDMICRO.COM
12 JanUrgent: GitLab Releases Patch for Critical Vulnerabilities - Update ASAPGitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction. Tracked as CVE-2023-7028, the flaw has been awarded the maximum severity of 10.0 on the CVSS scor…THEHACKERNEWS.COM
12 JanCISA Flags Active Exploitation of Microsoft SharePoint VulnerabilityThe privilege escalation flaw (CVE-2023-29357) allows attackers to gain administrator privileges by bypassing authentication, potentially leading to unauthorized access and control.THEHACKERNEWS.COM
12 JanDreamBus Unleashes Metabase Mayhem With New Exploit ModuleDreamBus is a sophisticated malware that targets various applications and exploits vulnerabilities such as CVE-2023-38646 and CVE-2023-33246 to deploy modules and mine cryptocurrency.ZSCALER.COM
12 JanCVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer CampaignThe Phemedrone Stealer campaign exploits the Windows Defender SmartScreen Bypass vulnerability (CVE-2023-36025) to infect users and steal data from web browsers, cryptocurrency wallets, and messaging apps.TRENDMICRO.COM
12 JanGitLab Releases Patch for Critical VulnerabilitiesThe vulnerability (CVE-2023-7028) allows attackers to reset passwords through unverified email addresses, affecting all self-managed instances of GitLab Community Edition and Enterprise Edition.THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 24[−]
12 JanAndroid’s January 2024 Security Update Patches 58 VulnerabilitiesGoogle has released patches for 58 vulnerabilities in the Android platform, including high-severity issues in the Framework and System components. Users are advised to update their devices promptly to protect against potential exploits.SOURCE.ANDROID.COM
12 JanCryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New AttacksCybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is particularly intriguing due to the attacker's use of packers and rootkits to conceal the…THEHACKERNEWS.COM
12 JanMalware Takedowns Show Progress, But Fight Against Cybercrime Not OverInfrastructure takedowns by law enforcement can have a short-term impact on cybercriminal activity, but criminals can quickly adapt and resume their operations using new tools and techniques.INFOSECURITY-MAGAZINE.COM
12 JanOver 150k WordPress Sites at Takeover Risk via Vulnerable PluginThe first vulnerability enables an attacker to reset the API key and access sensitive log information, while the second vulnerability allows for arbitrary script injection into affected web pages.BLEEPINGCOMPUTER.COM
12 JanUpdate: New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP SystemsThe exploit devised by VulnCheck demonstrates that arbitrary in-memory code execution is possible, highlighting the importance of patching and securing systems running Apache OfBiz.THEHACKERNEWS.COM
12 JanCryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New AttacksThe attacks leverage a misconfiguration in YARN's ResourceManager in Hadoop and a misconfiguration in Apache Flink, allowing remote threat actors to execute arbitrary code without authentication.THEHACKERNEWS.COM
12 JanApple Patches Keystroke Injection Vulnerability in Magic KeyboardApple’s latest Magic Keyboard firmware addresses a recently disclosed Bluetooth keyboard injection vulnerability. The post Apple Patches Keystroke Injection Vulnerability in Magic Keyboard appeared first on SecurityWeek .SECURITYWEEK.COM
12 JanMalware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch RolloutIvanti zero-day vulnerabilities dubbed ConnectAround could impact thousands of systems and Chinese cyberspies are preparing for patch release. The post Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout appeared first on SecurityWeek .SECURITYWEEK.COM
12 JanOn IoT Devices and Software LiabilityNew law journal article : Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress following a cyberat…SCHNEIER.COM
12 JanFurther Analysis of Denmark Attacks Leads to Warning About Unpatched Network GearCybersecurity researchers warn that the recent attacks on Denmark's energy sector highlight the need for critical infrastructure organizations across Europe to remain vigilant against exploits targeting unpatched network infrastructure devices.THERECORD.MEDIA
12 JanWordPress Plugin Flaw Exposes 300,000+ to Hack AttacksHackers target vulnerable WordPress plugins as they provide a potential entry point to exploit website security weaknesses.  These plugins often have outdated code or known vulnerabilities, which make them attractive targets for malicious actors seeking:- Recently, on Decemb…GBHACKERS.COM
12 JanNation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware FamiliesAs many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023. "These families allow the t…THEHACKERNEWS.COM
12 JanRecovery From Cyberattack ‘On the Horizon,’ Kansas Supreme Court Chief Justice SaysThe Kansas state court system is recovering from a ransomware attack that occurred in October. The attack, carried out by a Russian ransomware gang, disrupted the operations of the court system for weeks and forced officials to use paper records.THERECORD.MEDIA
12 JanIvanti Connect Secure zero-days exploited to deploy custom malwareHackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. [...]BLEEPINGCOMPUTER.COM
12 JanBrad Arkin is New Chief Trust Officer at SalesforceVeteran cybersecurity leader Brad Arkin has left Cisco and is joining Salesforce as SVP and Chief Trust Officer. The post Brad Arkin is New Chief Trust Officer at Salesforce appeared first on SecurityWeek .SECURITYWEEK.COM
12 JanJuniper warns of critical RCE bug in its firewalls and switchesJuniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. [...]BLEEPINGCOMPUTER.COM
12 Jan KEVCISA: Critical Microsoft SharePoint bug now actively exploitedCISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution. [...]BLEEPINGCOMPUTER.COM
12 JanGitLab warns of critical zero-click account hijacking vulnerabilityGitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. [...]BLEEPINGCOMPUTER.COM
12 JanResearchers demo new CI/CD attack techniques in PyTorch supply-chainA pair of security researchers managed to infiltrate the development infrastructure for PyTorch by using new techniques that exploit insecure configurations in GitHub Actions workflows. Their proof-of-concept attack was responsibly disclosed to PyTorch lead developer Meta AI, but…CSOONLINE.COM
12 JanFertility Test Lab Will Pay $1.25M to Settle Breach LawsuitReproSource Also Agrees to Beef Up Security in Wake of 2021 Ransomware Attack A fertility testing laboratory has agreed to improve its data security practices and pay up to $1.25 million to settle a consolidated class action lawsuit filed in the wake of a 2021 ransomware attack t…DATABREACHTODAY.CO.UK
12 JanChinese Nation-State Hacker Is Exploiting Cisco Routers'Volt Typhoon' Could Be Preparing for Renewed Burst of Activity A Chinese state hacking group is attacking superseded Cisco routers to target government entities in the United States, the United Kingdom and Australia. Beijing cyberespionage hackers dubbed "Volt Typhoon" are using…DATABREACHTODAY.CO.UK
12 JanAmazon Appeals Privacy Fine of 746 Million EurosE-Commerce Giant Accuses Luxembourg Regulators of Attacking the Company Amazon in a Luxembourg court Tuesday contested a once-record privacy fine levied against the e-commerce giant for its advertising practices by the diminutive country's data protection authority. The fine of 7…DATABREACHTODAY.CO.UK
12 JanMedusa group steps up ransomware activitiesA fast rising ransomware outfit is escalating its activities and has launched a new blog offering victims a variety of payoff options, according to a report released Thursday by Palo Alto Networks’ Unit 42. The new Medusa Blog is used by the group to post stolen data with the thr…CSOONLINE.COM
📢 SECURITY ADVISORIES 5[−]
12 JanAgentTesla Malware Attacking Windows Machine to Steal Sensitive DataAgentTesla is a notorious malware that functions as a keylogger and information stealer. By logging keystrokes and capturing screenshots on infected systems, this notorious malware targets sensitive data like:- Recently, the cybersecurity researchers at BitSight Security discover…GBHACKERS.COM
12 JanEU Enhances Cybersecurity Requirements for AgenciesThe regulation strengthens the role of CERT-EU as a hub for cybersecurity assistance and information exchange, with EU agencies obligated to share incident-related information with the body.BANKINFOSECURITY.COM
12 JanUS CISA Must Improve Water Sector Assistance, Says WatchdogDHS Office of Inspector General Finds Lack of Coordination With EPA A U.S. federal watchdog said government agencies could better synchronize efforts to improve water and wastewater sector cybersecurity efforts and faulted the Cybersecurity and Infrastructure Security Agency for …DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 11[−]
12 JanCyber Security Today, Jan. 12, 2024 - A Chinese hacking group's reach may be bigger than we thoughtThis episode reports on scams aimed at employees, a report on the Medusa ransomware group, the latest on the number of data breach victims and moreCYBERSECURITYTODAY.LIBSYN.COM
12 JanHathway - 4,670,080 breached accountsIn December 2023, hundreds of gigabytes of data allegedly taken from Indian ISP and digital TV provider Hathway appeared on a popular hacking website . The incident exposed extensive personal information including 4.7M unique email addresses along with names, physical and IP addr…HAVEIBEENPWNED.COM
12 JanFramework Computer Discloses Data Breach After Accountant Gets PhishedThe breach occurred when a threat actor impersonated Framework's CEO and tricked an accountant into sharing a spreadsheet containing customer data, including names, email addresses, and outstanding balances.BLEEPINGCOMPUTER.COM
12 JanHow the Merck Case Shapes the Future of Cyber InsuranceThe complexity of attributing cyber incidents to specific entities, such as nation-states or criminal groups, poses challenges when applying exclusions in insurance policies.BANKINFOSECURITY.COM
12 JanHalara Probes Breach After Hacker Leaks Data for 950,000 PeopleThe leaked data, containing names, phone numbers, and addresses, appears to be accurate according to users listed in the file. Customers should be cautious of potential smishing attacks and the misuse of their information for fraudulent purposes.BLEEPINGCOMPUTER.COM
12 JanMedusa Ransomware on the Rise: From Data Leaks to Multi-ExtortionThe threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands. “As part of their…THEHACKERNEWS.COM
12 JanTeam Liquid ’s E-Sports Platform Exposes 118,000 Users' Personal InformationLiquipedia, an e-sports platform run by Team Liquid, experienced a data breach that exposed users' email addresses and other details. The breach was caused by a publicly accessible and passwordless MongoDB database.SECURITYAFFAIRS.COM
12 JanLaptop Maker Framework Says Customer Data Stolen in Third-Party BreachDevice maker Framework is notifying users that their personal information was stolen in a data breach at its external accounting partner. The post Laptop Maker Framework Says Customer Data Stolen in Third-Party Breach appeared first on SecurityWeek .SECURITYWEEK.COM
12 JanRansomware Trends: Medusa and Akira Rage; Tortilla DisruptedCrypto-Malware Trackers Report a Surge in Known Ransomware Victims at End of 2023 Ransomware-wielding attackers show no signs of stopping, and experts report December 2023 was the second-worst month on record for known victims. Lately, Akira-wielding attackers have been hitting F…DATABREACHTODAY.CO.UK
12 JanMedusa Ransomware Turning Your Files into StoneThe Medusa ransomware group has escalated its activities by introducing a dedicated leak site called the Medusa Blog, where they disclose sensitive data from non-compliant victims.UNIT42.PALOALTONETWORKS.COM
12 JanThe Week in Ransomware - January 12th 2024 - Targeting homeowners' dataMortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 16[−]
12 JanFunding, acquisitions, AI, CES, and dumpster fires kick off security for 2024! - ESW #345The year kicks off with TWELVE funding announcements and NINE acquisitions! Several new companies have merged, we already have a few dumpster fires burning and there is plenty of AI news to kick off the year. The annual Consumer Electronics Show gives us previews of the invasive …YOUTUBE.COM
12 JanISC Stormcast For Friday, January 12th, 2024 https://isc.sans.edu/podcastdetail/8808, (Fri, Jan 12th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
12 JanOne File, Two Payloads, (Fri, Jan 12th)It has been a while since I discussed obfuscation techniques in malicious scripts. I found a VB script that pretends to be a PDF file. As usual, it was delivered through a phishing email with a zip archive. The filename is "rfw_po_docs_order_sheet_01_…ISC.SANS.EDU
12 JanThreat Actors Increasingly Abusing GitHub for Malicious PurposesWhile payload delivery and command-and-control obfuscation are common methods, GitHub is also used as a dead drop resolver, and for phishing and malicious traffic redirection.THEHACKERNEWS.COM
12 JanQbot Malware Via FakeUpdates Leads the Race of Malware AttacksHackers use Qbot malware for its advanced capabilities, including keylogging, credential theft, and backdoor functionality. Previously distributed Qakbot malware campaign was capable of monitoring the browsing activities of the infected computer and logs all information related t…GBHACKERS.COM
12 JanNew Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain CompromiseResearchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners. The post New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise appeared first on SecurityWeek .SECURITYWEEK.COM
12 JanRussian Hackers Likely Not Involved in Attacks on Denmark’s Critical InfrastructureResearchers find no direct link between Russian APT Sandworm and last year’s attacks on Denmark’s critical infrastructure. The post Russian Hackers Likely Not Involved in Attacks on Denmark’s Critical Infrastructure appeared first on SecurityWeek .SECURITYWEEK.COM
12 JanSplunk Patched Critical Vulnerabilities in Enterprise SecuritySeveral vulnerabilities have been discovered in Splunk Enterprise Security and Splunk User Behavior Analytics (UBA), which existed in several third-party packages. The third-party package includes Splunk, which includes babel/traverse, handsontable, semver, loader-utils, json5, s…GBHACKERS.COM
12 JanIn Other News: WEF’s Unsurprising Cybersecurity Findings, KyberSlash Cryptography FlawNoteworthy stories that might have slipped under the radar: WEF releases a cybersecurity report with unsurprising findings, and KyberSlash cryptography vulnerabilities. The post In Other News: WEF’s Unsurprising Cybersecurity Findings, KyberSlash Cryptography Flaw appeared …SECURITYWEEK.COM
12 JanFramework says hackers accessed customer data after phishing attack on accounting partnerU.S. repairable laptop maker Framework has confirmed that hackers accessed customer data after successfully phishing an employee at its accounting service provider. In an email sent to affected customers, Framework said that an employee at Keating Consulting, its primary external…TECHCRUNCH.COM
12 JanNews alert: Trimarc launches Active Directory security posture tool for enterprise, M&AWashington, DC, Jan. 12, 2024 – Trimarc Security , the professional services company with extensive expertise in securing Active Directory for enterprise organizations, today announced the early access availability of its new product, Trimarc Vision . Trimarc Vision is a &#…LASTWATCHDOG.COM
12 JanPalo Alto Networks Recognized as a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP)Palo Alto Networks was named a leader in endpoint protection platforms by Gartner for Cortex XDR. The post Palo Alto Networks Recognized as a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP) appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
12 JanSmart Cars, Microsoft, Layoffs, PyTorch, Mandiant, SEC, Aaran Leyland, and More News - SWN #353Smart Cars, Microsoft, Layoffs, PyTorch, Mandiant, SEC, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-353YOUTUBE.COM
12 JanISMG Editors: Will We Ever Get a Handle on API Security?Also: Why We Should Care About the New York Times' Copyright Lawsuit Against OpenAI In the latest weekly update, ISMG editors discussed how the surge in API usage poses challenges for organizations, why good governance is so crucial to solving API issues and how The New York Time…DATABREACHTODAY.CO.UK
12 JanFriday Squid Blogging: Giant Squid from Newfoundland in the 1800sInteresting article , with photographs. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here .SCHNEIER.COM
12 JanMicrosoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection PlatformsGartner has named Microsoft a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms. The post Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog .MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
12 JanCyber Insecurity and Misinformation Top WEF Global Risk ListThe World Economic Forum's Global Risks Report 2024 highlights the increasing threat of cyber threats, with misinformation and disinformation being identified as the most severe risk globally.INFOSECURITY-MAGAZINE.COM
🎙️ PODCASTS 1[−]
12 JanCyber Security Today, Week in Review for the week ending Friday, Jan. 12, 2024This episode features a discussion about the state of cybersecurity jobsCYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 11[−]
12 JanHyundai Motor India fixes bug that exposed customers’ personal dataHyundai’s India subsidiary has fixed a bug that exposed its customers’ personal information in the South Asian market. TechCrunch reviewed a portion of the exposed data that included the registered owner name, mailing address, email address, and phone number of Hyunda…TECHCRUNCH.COM
12 JanResearchers Develop Technique to Prevent Software BugsA team of computer scientists has developed a method called Baldur, which uses artificial intelligence to automatically generate proofs and verify the correctness of software, aiming to reduce software bugs and vulnerabilities.HELPNETSECURITY.COM
12 JanApplying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KOPicture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just …THEHACKERNEWS.COM
12 JanFake Recruiters Defraud Facebook Users via Remote Work OffersResearchers from Qualys have warned of a new wave of job scams on Facebook's Meta platform. Scammers are using Facebook ads to lure users with offers of remote work and then stealing their personal data and banking credentials.DARKREADING.COM
12 JanBitwarden Adds Passkey Support to Log Into Web Password VaultsPasskeys in Bitwarden are generated using the PRF WebAuthn extension, which derives a unique encryption key from the passkey and enhances security. The passkey feature is currently in beta and available in Chromium-based browsers.BLEEPINGCOMPUTER.COM
12 JanUAE Faces Fresh Plague of Phishing Scams, Poisoned SearchesPhishing scams in the UAE are on the rise, with fake websites posing as legitimate authorities and tourist sites. Scammers are using black hat SEO techniques to manipulate search engine rankings and promote fraudulent websites.DARKREADING.COM
12 JanWhat is the principle of least privilege? | Kaspersky official blogWhat’s the principle of least privilege (also known as the principle of minimal privilege), why’s it needed, and how does it help secure corporate information assets?KASPERSKY.COM
12 JanSophos named a Leader in 2023 Gartner®️ Magic Quadrant™️ for Endpoint Protection PlatformsFor the 14th consecutive report, Sophos has been recognized as a Leader.SOPHOS.COM
12 JanLessons from SEC's X account hack – Week in security with Tony AnscombeThe cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC's X account right ahead of the much-anticipated decision about Bitcoin ETFsWELIVESECURITY.COM