86Articles
7Categories
2024-03-01Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
1 MarScanning for Confluence CVE-2022-26134, (Fri, Mar 1st)I have added daemonlogger [ 1 ] for packet capture and Arkime [ 2 ] to visualize the packets captured by my DShield sensor and started noticing this activity that so far only gone to TCP/8090 which is URL and base64 encoded. The DShield sensor started capturin…ISC.SANS.EDU
1 MarAzure-connected IoT devices at risk of RCE due to critical vulnerabilitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.scmagazine.com/news/azure-connected-iot-devices-at-risk-of-rce-due-to-critical-vulnerability IoT devices utilizing Microsoft’s uAMQP C library for Azure Cloud Services communication may be susceptible to RCE due …SCMAGAZINE.COM
1 MarInternational warning: Attackers could gain persistence on Ivanti VPN appliancesSecurity agencies from several nations warn that attackers were able to deceive the integrity checking tools provided by Ivanti in response to the recent attacks exploiting zero-day vulnerabilities in its Connect Secure and Policy Secure gateways. The agency also identified a tec…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 18[−]
1 MarHackers Hijack Anycubic 3D Printers to Display Warning MessagesAnycubic 3D printer owners have been caught off guard by a series of unauthorized messages warning them of a critical security flaw. The incident has raised concerns about the safety of internet-connected devices and the potential for exploitation. You can analyze a malware file,…GBHACKERS.COM
1 MarFive Eyes Agencies Warn of Active Exploitation of Ivanti Gateway VulnerabilitiesThe Five Eyes (FVEY) intelligence alliance has issued a new cybersecurity advisory warning of cyber threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways, noting that the Integrity Checker Tool (ICT) can be deceived to provide a …THEHACKERNEWS.COM
1 MarLazarus Hackers Exploited Windows Zero-Day to Gain Kernel PrivilegesThe exploit allowed Lazarus to enhance its FudModule rootkit, enabling it to evade detection and disable security protections. Additionally, a previously undocumented remote access trojan (RAT) used by Lazarus was discovered.BLEEPINGCOMPUTER.COM
1 MarCISA Warns Of Hackers Exploiting Multiple Flaws In Ivanti VPNThreat actors target and abuse VPN flaws because VPNs are often used to secure sensitive data and communications, making them valuable targets for exploitation.  By exploiting the VPN flaws, threat actors can gain unauthorized access to networks, intercept confidential data,…GBHACKERS.COM
1 MarBEAST AI Jailbreak Language Models Within 1 Minute With High AccuracyMalicious hackers sometimes jailbreak language models (LMs) to exploit bugs in the systems so that they can perform a multitude of illicit activities. However, this is also driven by the need to gather classified information, introduce malicious materials, and tamper with the mod…GBHACKERS.COM
1 MarUtility Regulators Take Steps to Raise Sector’s Cybersecurity ‘Baselines’The cybersecurity baselines aim to improve the security of distribution systems and distributed energy resources by including cybersecurity requirements in utilities’ procurement processes.CYBERSECURITYDIVE.COM
1 MarNIST Cybersecurity Framework 2.0NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy , has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in…SCHNEIER.COM
1 MarIf you are generating SAML signing certificates externally, STOP!!Earlier thought impossible, there is now a way to forge security assertion markup language (SAML) authentications even for applications that have adopted a cloud identity solution. Application providers, such as Salesforce and ServiceNow, that moved their SAML authentication work…CSOONLINE.COM
1 MarAbyss Locker Ransomware Attacks Both Windows And Linux UsersThis ransomware steals and encrypts files, demanding ransom for decryption and not releasing stolen data. It is based on the HelloKitty ransomware source code and has been observed in various regions.FORTINET.COM
1 Mar KEVCISA Warns of Windows Streaming Service Vulnerability ExploitationCISA says a high-severity elevation of privilege vulnerability in Microsoft Streaming Service is actively exploited in the wild. The post CISA Warns of Windows Streaming Service Vulnerability Exploitation appeared first on SecurityWeek .SECURITYWEEK.COM
1 MarCisco Releases Security Advisories for Cisco NX-OS SoftwareCisco released security advisories to address vulnerabilities affecting Cisco NX-OS Softwar e.  A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the following advisories…CISA.GOV
1 MarNSA says it’s tracking Ivanti cyberattacks as hackers hit US defense sectorThe U.S. National Security Agency has confirmed that hackers exploiting flaws in Ivanti’s widely used enterprise VPN appliance have targeted organizations across the U.S. defense sector. NSA spokesperson Edward Bennett confirmed in an emailed statement to TechCrunch on Friday tha…TECHCRUNCH.COM
1 MarIn Other News: Google Flaw Exploited, 3D Printers Hacked, WhatsApp Gets NSO SpywareNoteworthy stories that might have slipped under the radar: Unpatched Google vulnerability exploited, 3D printers hacked by white hats, WhatsApp will get NSO spyware. The post In Other News: Google Flaw Exploited, 3D Printers Hacked, WhatsApp Gets NSO Spyware appeared first on Se…SECURITYWEEK.COM
1 MarResearchers Found a Zero-Click Facebook Account TakeoverThe critical vulnerability in Facebook's password reset process involved a rate-limiting issue in a specific endpoint, which could be exploited to brute-force a nonce and gain access to a user's account.SECURITYAFFAIRS.COM
1 MarEmail-Based Cyber Attacks Increase 222% as Phishing Dominates as the Top VectorAnalysis of the second half of 2023 shows attackers are getting more aggressive with email-based phishing attacks in both frequency and execution.KNOWBE4.COM
1 MarSomeone is hacking 3D printers to warn owners of a security flawSomeone is hacking 3D printers to warn owners of a security flaw Do you have an Anycubic Kobra 2 Pro/Plus/Max 3D printer? Did you know it has a security vulnerability? If you answered "yes" to both those questions, then chances are that I can guess just how you found out your 3D …BITDEFENDER.COM
1 Mar KEVCISA warns of Microsoft Streaming bug exploited in malware attacksCISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 9[−]
1 MarFunding goes quiet while M&A makes some noise! - ESW #351In this week's news segment, we discuss the lack of funding announcements, and the potential effect RSA could have on the timing of all sorts of press releases. We also discuss 1Password's potential future with its sizable customer base and the $620M it raised a few years back. S…YOUTUBE.COM
1 MarJPCERT/CC Warns of Malicious PyPI Packages Created by North Korean HackersThe malicious packages were disguised as legitimate Python packages, and although they have been removed from PyPI, they were downloaded over 3,000 times, compromising thousands of systems.BLEEPINGCOMPUTER.COM
1 MarHackers Stole ‘Sensitive’ Data From Taiwan Telecom Giant: MinistryHackers stole "sensitive information" including military and government documents from telecom giant Chunghwa Telecom and sold it on the dark web, the island's ministry of national defense said. The post Hackers Stole ‘Sensitive’ Data From Taiwan Telecom Giant: Minist…SECURITYWEEK.COM
1 MarIndustry Reactions to NIST Cybersecurity Framework 2.0: Feedback FridayIndustry professionals comment on the official release of the NIST Cybersecurity Framework 2.0. The post Industry Reactions to NIST Cybersecurity Framework 2.0: Feedback Friday appeared first on SecurityWeek .SECURITYWEEK.COM
1 MarCyber Security Today, March 1, 2024 - Warnings to GitHub users and Ivanti gateway administrators, and moreThis episode reports on a recommendation that enterprises drop Ivanti Pulse Secure and Connect Secure devices because threat actors can get around mitigations for recent vulnerabilitiesCYBERSECURITYTODAY.LIBSYN.COM
1 MarUpdate: Irish Foreign Affairs Ministry Says ‘No Evidence’ of Cyber Breach Following Extortion ClaimThe Department of Foreign Affairs in Ireland has found no evidence to support the claim of a cyber extortion group called Mogilevich that it stole data from their IT systems.THERECORD.MEDIA
1 MarPlanning with Purpose: 10 Tips to Develop a Year-Long Security and Compliance Training ProgramOur team at KnowBe4 recently got together to talk about planning for annual security and compliance training.KNOWBE4.COM
1 MarFBI, CISA Release IoCs for Phobos RansomwareThe Phobos ransomware strain, distributed through ransomware-as-a-service, has targeted a wide range of organizations, including governments, healthcare, education, and critical infrastructure sectors.DARKREADING.COM
1 MarIvanti Disputes CISA Findings of Post-Factory Reset HackingGateway Maker Says Technique Won't Succeed in Live Customer Environment Corporate VPN maker Ivanti disputed findings by the U.S. cybersecurity agency that said hackers can establish persistence on rooted appliances through a factory reset but nonetheless released an updated integ…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 19[−]
1 MarHacktivism Unveiled: Insights into the Footprints of Hacktivists - Pascal Geenens - ESW #351Pascal Geenens from Radware joins us to discuss the latest research findings relating to hacktivists an other actors using volumetric and other network-based attacks. We'll discuss everything from the current state of DDoS attacks to use in the military and even the impact of cyb…YOUTUBE.COM
1 MarGolden Corral restaurant chain Hacked: 180,000+ Users’ Data StolenThe Golden Corral Corporation, a popular American restaurant chain, has suffered a significant data breach, compromising the personal information of over 180,000 past and present employees, dependents, and beneficiaries. You can analyze a malware file, network, module, and regist…GBHACKERS.COM
1 MarEpic Games Says “Zero Evidence” of Hacking by Mogilevich GangEpic Games found no evidence of a cyberattack or data theft after the Mogilevich group claimed to have breached their servers. The group offered to sell stolen data for $15,000 but only shared samples with those who proved they had the funds.BLEEPINGCOMPUTER.COM
1 Mar20 Million Cutout.Pro User Records Leaked on Data Breach ForumUsers of Cutout.Pro are advised to reset their passwords immediately and be cautious of targeted phishing scams due to the potential threat of threat actors brute-forcing the leaked password hashes.BLEEPINGCOMPUTER.COM
1 Mar4 Instructive Postmortems on Data Downtime and LossMore than a decade ago, the concept of the ‘blameless’ postmortem changed how tech companies recognize failures at scale. John Allspaw, who coined the term during his tenure at Etsy, argued postmortems were all about controlling our natural reaction to an incident, whic…THEHACKERNEWS.COM
1 MarRisePro Stealer Attacks Windows Users Steals Sensitive DataA new wave of cyber threats has emerged as the RisePro information stealer targets Windows users, compromising sensitive data and causing significant security concerns. RisePro, which shares similarities with the Vidar stealer, is a Trojan-type malware that infiltrates systems to…GBHACKERS.COM
1 MarNew Silver SAML Attack Bypasses Golden SAML MItigationsThe technique works with identity providers like Microsoft Entra ID and can enable attackers to access applications by forging SAML responses with compromised private keys.SEMPERIS.COM
1 Mar20 Million+ Cutout.Pro User Records Leaked On Hacking ForumsCutOut.Pro, an AI-powered photo and video editing platform, has reportedly suffered a data breach, exposing personal information belonging to over 20 million users. The breach was first brought to light by an individual using the alias ‘KryptonZambie’ on the BreachFor…GBHACKERS.COM
1 MarResearchers Created AI Worm that Automatically Spreads Between AI AgentsResearchers have developed what they claim to be one of the first generative AI worms, named Morris II, capable of autonomously spreading between AI systems. This new form of cyberattack, reminiscent of the original Morris worm that wreaked havoc on the internet in 1988, signifie…GBHACKERS.COM
1 MarGolden Corral Data Breach Impacts 180,000 EmployeesRestaurant chain Golden Corral says personal information was compromised in an August 2023 data breach. The post Golden Corral Data Breach Impacts 180,000 Employees appeared first on SecurityWeek .SECURITYWEEK.COM
1 MarCritical Infrastructure Organizations Warned of Phobos Ransomware AttacksUS government agencies warn of Backmydata, Devos, Eight, Elking, and Faust ransomware attacks connected to Phobos. The post Critical Infrastructure Organizations Warned of Phobos Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
1 MarGovernments Urge Organizations to Hunt for Ivanti VPN AttacksCredentials stored on Ivanti VPN appliances impacted by recent vulnerabilities are likely compromised, government agencies say. The post Governments Urge Organizations to Hunt for Ivanti VPN Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
1 MarUS Charges Iranian Over Cyberattacks on Government, Defense OrganizationsThe US has charged an Iranian company’s employee over cyberattacks on State and Treasury Departments and defense contractors. The post US Charges Iranian Over Cyberattacks on Government, Defense Organizations appeared first on SecurityWeek .SECURITYWEEK.COM
1 MarLaw Firm Reports Data Breach Affecting More Than 325,000 PeopleThe breached data included names, Social Security numbers, financial account information, and medical information. An unauthorized third party accessed the firm's network, leading to a data breach.THERECORD.MEDIA
1 MarGolden Corral Restaurant Chain Suffers Data Breach Impacting 183,000 PeopleThe stolen data may include a wide range of personal information such as Social Security numbers, financial account details, medical information, and usernames and passwords.BLEEPINGCOMPUTER.COM
1 MarCyber Security Today, Week in Review for week ending Friday, March 1, 2024This episode features a discussion on how hard it is to kill a ransomware gang, Canada's proposed new online harms bill, why organizations still allow staff to use vulnerable software, and moreCYBERSECURITYTODAY.LIBSYN.COM
1 MarClueless pols, Lazarus, Ubiquity, UAMPQP, BlackCat, Airlines, Aaran Leyland and More - SWN #365Clueless pols, Lazarus, Ubiquity, UAMPQP, BlackCat, CryptoChameleon, Airlines, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-365YOUTUBE.COM
1 MarThe Week in Ransomware - March 1st 2024 - Healthcare under siegeRansomware attacks on healthcare over the last few months have been relentless, with numerous ransomware operations targeting hospitals and medical services, causing disruption to patient care and access to prescription drugs in the USA. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 14[−]
1 MarISC Stormcast For Friday, March 1st, 2024 https://isc.sans.edu/podcastdetail/8876, (Fri, Mar 1st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
1 MarZscaler CEO: Palo Alto Playing Defense as Firewall Sales EbbJay Chaudhry Says Palo Alto Offering Free Products to New Platform Users Won't Work Zscaler CEO Jay Chaudhry said Palo Alto Networks' strategy of offering free products to new platform customers will "unravel over time" as firewalls become shelfware. Legacy vendors find themselve…DATABREACHTODAY.CO.UK
1 MarCWE Version 4.14 Released: What’s New!The Common Weakness Enumeration (CWE) project, a cornerstone in the cybersecurity landscape, has unveiled its latest iteration, version 4.14, introducing significant updates and enhancements to bolster the security of both hardware and software systems. This release underscores t…GBHACKERS.COM
1 MarCrooks stole €15 Million from European retail company Pepcosubmitted by glamourpunk to cybersecurity 4 points | 0 comments https://securityaffairs.com/159801/cyber-crime/pepco-phishing-attack.htmlSECURITYAFFAIRS.COM
1 MarSilence Laboratories Raises $4.1 Million to Protect Sensitive InformationSilence Laboratories will invest the new funds in the research and development of privacy-enhancing technologies. The post Silence Laboratories Raises $4.1 Million to Protect Sensitive Information appeared first on SecurityWeek .SECURITYWEEK.COM
1 MarU.S. charges Iranian for hacks on defense orgs, offers $10M for infoThe U.S. Department of Justice (DoJ) has unveiled an indictment against Alireza Shafie Nasab, a 39-year-old Iranian national, for his role in a cyber-espionage campaign targeting U.S. government and defense entities. [...]BLEEPINGCOMPUTER.COM
1 MarThe US is Bracing for Complex, Fast-Moving Threats to Elections This Year, FBI Director WarnsFBI Director Christopher Wray says advances in generative AI make it easier for election interference and meddling easier than before. The post The US is Bracing for Complex, Fast-Moving Threats to Elections This Year, FBI Director Warns appeared first on SecurityWeek .SECURITYWEEK.COM
1 MarCybercriminals Sent 1.76 Billion Social Media Phishing Emails in 2023As social media phishing reaches new heights, new data reviewing 2023 shows a massive effort by cybercriminals to leverage impersonation of social media brands.KNOWBE4.COM
1 MarAccelerating Cloud Adoption Across the Scottish Public SectorThe Scottish Government developed a CPS to give Scottish Public Sector simplified access to cloud technologies, providing one stop to cloud platforms. The post Accelerating Cloud Adoption Across the Scottish Public Sector appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
1 MarAlert: Info Stealers Target Stored Browser CredentialsCalls Grow to Block Browser-Based Password Storage as Malware Comes Calling Saving passwords in browser-based password managers or via "remember my details" website options might make for simple and fast log-ins for employees, but they also give attackers an easy way to lift legi…DATABREACHTODAY.CO.UK
1 MarStrengthening OT Defense, Zero Trust: SSH's Strategic VisionRami Raulas on Why SSH Plans to Invest in Zero Trust, OT Defense and Quantum Safety In his first week in his new role as interim CEO of SSH Communications Security, Rami Raulas shares insights on the company’s strategic focus on zero trust, operational technology security, and qu…DATABREACHTODAY.CO.UK
1 MarFriday Squid Blogging: New Extinct Species of Vampire Squid DiscoveredPaleontologists have discovered a 183-million-year-old species of vampire squid. Prior research suggests that the vampyromorph lived in the shallows off an island that once existed in what is now the heart of the European mainland. The research team believes that the remarkable d…SCHNEIER.COM
1 MarISMG Editors: OpenAI's Response to The New York Times CaseAlso: Addressing Scotland's Cybercrime Surge; NOC and SOC Convergence In the latest weekly update, ISMG editors discussed the convergence of the NOC and SOC functions, Scottish Police efforts to address the escalating challenge of cybercrime in Scotland, and why OpenAI is pushing…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 5[−]
1 MarNew Variant of AMOS Stealer Targets Safari Cookies and Crypto WalletsThe new Atomic variant of the AMOS Stealer targets macOS users, combining multiple malware functionalities to steal sensitive data and has an unusual technique of combining Python with Apple Scripting.HACKREAD.COM
1 MarNew BIFROSE Linux Malware Variant Using Deceptive VMware Domain for EvasionCybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. "This latest version of Bifrost aims to bypass security measures and compromise targeted systems," Palo Alto N…THEHACKERNEWS.COM
1 MarChinese PC-Maker Acemagic Shipped Machines Infected with MalwareThe company attributed the infection to software adjustments made by developers to reduce boot times, which inadvertently affected network settings and omitted digital signatures.THEREGISTER.COM
1 MarNew Bifrost Variant Uses Domain Deception Tactic to Deceive UsersThe latest variant of BIFROSE masquerades as VMware by reaching out to a deceptive domain. There has been a spike in BIFROSE activity since October 2023, and a new Arm version of the malware has been discovered.UNIT42.PALOALTONETWORKS.COM
📡 INFOSEC NEWS 18[−]
1 MarGitHub Rolls Out Default Secret Scanning Push Protection for Public RepositoriesGitHub on Thursday announced that it’s enabling secret scanning push protection by default for all pushes to public repositories. “This means that when a supported secret is detected in any push to a public repository, you will have the option to remove the secret from your commi…THEHACKERNEWS.COM
1 MarSavvy Seahorse Gang Uses DNS CNAME Records to Power Investor ScamsPersonal data of victims is collected through registration forms on fake investment platforms, and the actor tracks user information while preventing revisits from crawlers and security vendors.BLEEPINGCOMPUTER.COM
1 MarKali Linux 2024.1 Released with New Tools, New Look, New Kali NetHunter KernelsThe latest release of Kali Linux, version 2024.1, includes new tools, an updated kernel, and improvements to the desktop environments. The release also features updates to the Kali NetHunter mobile platform.HELPNETSECURITY.COM
1 MarOkta Reports ‘Minimal’ Financial Impact Following Support Portal AttackDespite the attack, the company is focusing on enhancing security and regaining customer trust. Okta plans to prioritize security in the upcoming fiscal year, with a $50 million investment in cybersecurity initiatives.CYBERSECURITYDIVE.COM
1 MarAirbnb Scammers Pose as Hosts, Redirect Users to Fake Tripadvisor SiteThe scammers use emails and fake websites to trick users into making off-platform bookings and sharing their payment card details. Airbnb warns against off-platform activity and urges users to be cautious of emails and websites impersonating it.HELPNETSECURITY.COM
1 MarHow to store Location History in Android in 2024? | Kaspersky official blogHow to use Google Maps and location services on Android safely.KASPERSKY.COM
1 MarAct now to stop WordPress and Tumblr selling your content to AI firmsIf sharing your content with AI firms is such a great thing for the publishers of blogs, you have to wonder why Automattic feels the need to enable it by default rather than insisting they opt-out - surely if it's such a "win", blog owners would be keen to opt-in themselves.GRAHAMCLULEY.COM
1 MarNew Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency UsersA novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster designed to primarily target mobile devices. “This kit enables attackers to build carbon copies of single sign-on (SSO) pages, then use a combin…THEHACKERNEWS.COM
1 MarMicrosoft pulls Edge update causing 'Out of Memory' crashesMicrosoft has pulled the Microsoft Edge 122.0.2365.63 update after users reported receiving "Out of memory" errors when browsing the web or accessing the browser settings. [...]BLEEPINGCOMPUTER.COM
1 MarMicrosoft fixes Outlook clients not syncing over Exchange ActiveSyncMicrosoft has fixed an issue causing some Microsoft 365 users' Outlook desktop clients to stop connecting to email servers via Exchange ActiveSync. [...]BLEEPINGCOMPUTER.COM
1 MarLeaky Database Spilled 2FA Codes for Global Tech GiantsAn exposed database belonging to YX International leaked sensitive data including one-time security codes for major tech and online companies like Facebook, Google, and TikTok.TECHCRUNCH.COM
1 MarGermany takes down largest cybercrime market in the country, arrests 6The Düsseldorf Police in Germany have seized Crimemarket, the largest German-speaking illicit trading platform on the internet, arresting six people, including one of its operators. [...]BLEEPINGCOMPUTER.COM
1 MarGermany takes down cybercrime market with over 180,000 usersThe Düsseldorf Police in Germany have seized Crimemarket, a massive German-speaking illicit trading platform with over 180,000 users, arresting six people, including one of its operators. [...]BLEEPINGCOMPUTER.COM
1 MarThe Widespread Effect of the Change Healthcare Mega HackThe Change Healthcare mega hack has taken nearly 120 of the company's IT products and services offline since Feb. 21, and that cyber disruption is having serious, widespread impact on the entire healthcare industry including major players, said attorney Sara Goldstein of the law …DATABREACHTODAY.CO.UK
1 MarDeceptive AI content and 2024 elections – Week in security with Tony AnscombeAs the specter of AI-generated disinformation looms large, tech giants vow to crack down on fabricated content that could sway voters and disrupt elections taking place around the world this yearWELIVESECURITY.COM