🚨 CISA KEV 1[−]
2 Mar KEVCISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the CVE-2023-29360 Microsoft Streaming Service vulnerability to its Known Exploited Vulnerabilities catalog, which allows attackers to gain SYSTEM privileges.SECURITYAFFAIRS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
2 Mar KEVNorth Korea’s Lazarus deploys rootkit via AppLocker zero-day flawResearchers warn that a Windows kernel privilege escalation in vulnerability fixed by Microsoft during the February Patch Tuesday was exploited in the wild as a zero-day by a North Korean threat actor known as the Lazarus group. The attackers leveraged the flaw in an updated vers…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 3[−]
2 MarU.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsAppA U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor. The decision, which marks a major legal victory for Meta, which fi…THEHACKERNEWS.COM
2 MarTaiwan's Biggest Telco Breached by Suspected Chinese HackersHackers stole sensitive information, including military and government documents, from Chunghwa Telecom and sold it on the dark web. The leaked data included documents from the armed forces, foreign affairs ministry, coast guard, and other units.DARKREADING.COM
2 MarWindows Kernel bug fixed last month exploited as zero-day since AugustMicrosoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 5[−]
2 MarU.S. Charges Iranian Hacker, Offers $10 Million Reward for CaptureThe U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been tar…THEHACKERNEWS.COM
2 MarPhrack #71: Call For Papersubmitted by L4s to secops 1 points | 0 comments http://www.phrack.org/ Phrack #71: Call For Paper::Phrack staff website.PHRACK.ORG
2 MarPentagon Leak Suspect Jack Teixeira Expected to Plead Guilty in Federal CaseThe Air National Guardsman accused of leaking highly classified military documents on social media is expected to plead guilty in his federal case. The post Pentagon Leak Suspect Jack Teixeira Expected to Plead Guilty in Federal Case appeared first on SecurityWeek .SECURITYWEEK.COM
2 MarSome Doorbell Cameras Sold on Amazon and Other Online Sites Have Major Security Flaws, Report SaysMajor vulnerabilities were found in cameras manufactured by the Chinese company Eken Group Ltd., which produces video doorbells under the brand names EKEN and Tuck, among others. The post Some Doorbell Cameras Sold on Amazon and Other Online Sites Have Major Security Flaws, Repor…SECURITYWEEK.COM
2 MarBSides Panamá 2024 - 19 videos - SPANISH LANGUAGEsubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/8e01ae7b-85de-4aeb-ba82-97607ed204c2.png BSides es un evento anual que reúne a hackers éticos que comparten sus experiencias e investigaciones en un formato de conferencias técnicas que busc…INFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 3[−]
2 MarCryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted AttackA sophisticated phishing kit with novel tactics targets cryptocurrency platforms and the FCC through a combination of email, SMS, and voice phishing, successfully stealing high-quality data from mobile device users in the United States.LOOKOUT.COM
2 MarResearchers create AI worms that can spread from one system to anotherWorms could potentially steal data and deploy malware.ARSTECHNICA.COM
2 MarResearchers create AI worms that can spread from one system to anotherWorms could potentially steal data and deploy malware.ARSTECHNICA.COM
📡 INFOSEC NEWS 5[−]
2 MarUK Unveils Draft Cybersecurity Governance CodeThe UK Department for Science, Innovation and Technology (DSIT) has revealed what its future Cybersecurity Governance Code of Practice will look like and the five principals it will include.INFOSECURITY-MAGAZINE.COM
2 MarPolice Seized Crimemarket, the Largest German-Speaking Cybercrime MarketplaceThe platform had over 180,000 registered users and was accessible through both the "Darknet" and the "Clearnet." The investigation is ongoing, with plans to identify and target the platform's users.SECURITYAFFAIRS.COM
2 MarNews farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian...BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "…BLEEPINGCOMPUTER.COM
2 MarHackers target FCC, crypto firms in advanced Okta phishing attacksA new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals. [...]BLEEPINGCOMPUTER.COM
2 MarContent farm impersonates 60+ major news outlets, like BBC, CNN, CNBCBleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "…BLEEPINGCOMPUTER.COM