91Articles
9Categories
2024-03-04Date
🚨 CISA KEV 1[−]
4 Mar KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-21338 Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability These types of vulnerabilities are frequent a…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
4 MarMalicious email campaign steals NTLM hashesA threat group that acts as an initial access broker is targeting organizations with rogue email attachments that steal Microsoft Windows NT LAN Manager (NTLM) authentication information when opened. The group’s campaigns last week targeted hundreds of entities with thousands of …CSOONLINE.COM
4 MarExploit available for new critical TeamCity auth bypass bug, patch nowA critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. [...]BLEEPINGCOMPUTER.COM
4 MarScreenConnect flaws exploited to drop new ToddleShark malwareThe North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddleShark. [...]BLEEPINGCOMPUTER.COM
4 MarScreenConnect flaws exploited to drop new ToddlerShark malwareThe North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 14[−]
4 MarNew Silver SAML Attack Let Attackers Forge Any SAML Response To Entra IDSolarWinds cyberattack was one of the largest attacks of the century in which attackers used the Golden SAML attack in post-breach exploitation to affect thousands of organizations all over the world including the United States government for deploying malicious code into Orion I…GBHACKERS.COM
4 Mar30 years of the CISO role – how things have changed since Steve KatzWhen Steve Katz became the first-ever CISO in 1995, Netscape Navigator was the world’s most popular browser, Mark Zuckerberg was in middle school, smartphones were a decade away, and SSL 2.0 was brand new. Katz was offered the job of chief information security officer (a brand-…CSOONLINE.COM
4 MarMultistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPOThe Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact.TRENDMICRO.COM
4 MarMultistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPOThe RA World ransomware employs multi-stage components to target healthcare organizations in the Latin American region, signifying a strategic and targeted approach to compromising systems within the target network.TRENDMICRO.COM
4 MarMeet Silver SAML: Golden SAML in the Cloud | Semperissubmitted by kid to cybersecurity 1 points | 0 comments https://www.semperis.com/blog/meet-silver-saml/ Golden SAML, an attack technique that exploits the SAML single sign-on protocol, was used as a post-breach exploit, compounding the devastating SolarWinds attack of 2020—one of…SEMPERIS.COM
4 MarUS Court Orders NSO Group to Handover Code for Spyware, Pegasus to WhatsAppMeta, the company that owns WhatsApp, filed a lawsuit against NSO Group in 2019. The lawsuit claims that NSO took advantage of a vulnerability in WhatsApp to install the Pegasus spyware on certain user devices without their permission. This means NSO exploited a flaw in WhatsApp …GBHACKERS.COM
4 MarHikvision Patches High-Severity Vulnerability in Security Management SystemA high-severity vulnerability in HikCentral Professional could lead to unauthorized access to certain URLs. The post Hikvision Patches High-Severity Vulnerability in Security Management System appeared first on SecurityWeek .SECURITYWEEK.COM
4 MarLinux Foundation Tackles Financial Fraud With Open Source PlatformThe open source platform Tazama provides cost-effective monitoring of digital financial transactions to prevent fraud in real time. The post Linux Foundation Tackles Financial Fraud With Open Source Platform appeared first on SecurityWeek .SECURITYWEEK.COM
4 MarCISO Tradecraft #171 - Navigating Software Supply Chain Security (with Cassie Crossley) - 47 minutessubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/173ee79d-ca58-41fd-a4e1-933040c5c6c1.png CISO Tradecraft #171 - Navigating Software Supply Chain Security (with Cassie Crossley) In this episode of CISO Tradecraft, host G Mark Hardy convers…INFOSEC.PUB
4 MarCloudflare adds new WAF features to prevent hackers from exploiting LLMsCloudflare has infused into its Web Application Firewall (WAF) offering a new capability, dubbed Firewall for AI, focused on AI models in a bid to add a protection layer for large language models (LLMs). The capability, which is specially tailored for applications using LLMs, wil…CSOONLINE.COM
4 MarHow Cybercriminals are Exploiting India's UPI for Money Laundering OperationsCybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is a "key tool for onboarding and managing these money mules," CloudSEK researcher…THEHACKERNEWS.COM
4 Mar KEVSecure by Design: Google’s Perspective on Memory SafetyAlex Rebert, Software Engineer, Christoph Kern, Principal Engineer, Security Foundations Google’s Project Zero reports that memory safety vulnerabilities —security defects caused by subtle coding errors related to how a program accesses memory—have been "the standard for attackin…SECURITY.GOOGLEBLOG.COM
4 MarMicrosoft: Look to Supply Chains, Zero Trust for AI SecurityTech Giant Shares Major Threats, Potential Safeguards for Firms Using AI The rapid rise of artificial intelligence technologies poses new risks. Enterprises using AI must regularly scan for prompt injection attacks, implement transparency in the supply chain and reinforce built-i…DATABREACHTODAY.CO.UK
4 MarHow attackers leverage social engineering for greater scamming successAccording to Microsoft Digital Defense Report 2023 data, phishing attacks were the third most common threat vector last year, accounting for 25% of all successful attack notifications. Part of what makes phishing attacks such a popular attack method is their use of social enginee…CSOONLINE.COM
📢 SECURITY ADVISORIES 13[−]
4 MarMalicious Meeting Invite Fix Targets Mac UsersScammers impersonating cryptocurrency investors on Telegram are luring targets into fake partnership meetings, using AppleScripts to compromise Mac users and gain administrator permissions.MALWAREBYTES.COM
4 MarUkraine claims it hacked Russian Ministry of Defense serversThe Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense (Minoborony) and stole sensitive documents. [...]BLEEPINGCOMPUTER.COM
4 MarUpdate: Ivanti Disputes CISA Findings of Post-Factory Reset HackingIvanti disputes the U.S. cybersecurity agency's claim that hackers can establish persistence on rooted appliances through a factory reset, stating that it won't succeed in a live customer environment.BANKINFOSECURITY.COM
4 MarSecurity Starts At The Top as CISOs Struggle and NIST Updates the CSF - BSW #340In the leadership and communications section, Effective cyber security starts at the top, CISOs Struggling to Balance Regulation and Security Demands With Rising Cybersecurity Pressures, Unlocking Leadership Excellence: Data-Driven Practices That Set Elite Leaders Apart, and more…YOUTUBE.COM
4 MarThe Convergence of Security, Compliance, and Risk - Igor Volovich - BSW #340The SEC's new cyber reporting requirements are forcing organizations to rethink their compliance and risk programs. No longer can compliance and risk be static, point in time assessments. Instead they need to match the speed of security which is dynamic and real-time. Couple the …YOUTUBE.COM
🔥 INCIDENT REPORTING 15[−]
4 MarPhobos Ransomware Aggressively Targeting U.S. Critical InfrastructureU.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. “Structure…THEHACKERNEWS.COM
4 MarHuge Surge in Ransomware-as-a-Service Attacks targeting Middle East & AfricaThe Middle East and Africa (MEA) region has witnessed a surge in ransomware-as-a-service (RaaS) attacks, posing a grave threat to digital security. This comprehensive report delves into the key findings, attack trends, the impact on businesses, and the crucial preventive measures…GBHACKERS.COM
4 MarU.S. Charged Iranian Hacker, Rewards up to $10 MillionThe United States Department of Justice (DoJ) has charged an Iranian national, Alireza Shafie Nasab, for his alleged involvement in a sophisticated cyber-espionage campaign targeting American entities. The indictment, unsealed recently, reveals a multi-year operation that comprom…GBHACKERS.COM
4 MarReport: Info-Stealers Target Stored Browser CredentialsHackers are increasingly targeting saved passwords in browsers and using various malware and info stealers to steal credentials, leading to a growing number of stolen logs and compromised accounts.BANKINFOSECURITY.COM
4 MarNew SSO-Based Phishing Attack Trick Users into Sharing Login CredentialsThreat actors employ phishing scams to trick individuals into giving away important details like login credentials or financial data.  It is a method of cheating human confidence due to social engineering, making it cheap and hence widely used as a case for unauthorized acce…GBHACKERS.COM
4 MarOver 100 Malicious AI/ML Models Found on Hugging Face PlatformAs many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform. These include instances where loading a pickle file leads to code execution, software supply chain security firm JFrog said. "The model'…THEHACKERNEWS.COM
4 MarCybercriminals Harness AI for New Era of Malware DevelopmentThe Group-IB Hi-Tech Crime Trends 2023/2024 report highlights the increasing alliance between ransomware groups and initial access brokers, leading to a 74% rise in companies having their data uploaded on leak sites.HELPNETSECURITY.COM
4 MarUpdate: ALPHV Website Goes Down Amid Growing Fallout From Change Healthcare AttackThe website used by the ransomware group responsible for breaching a major US healthcare payment processor went down, causing financial pressure on medical providers and difficulty for consumers to access medicine.CYBERSCOOP.COM
4 MarAmerican Express credit cards exposed in vendor data breachAmerican Express is warning customers that credit cards were exposed in a third-party data breach after one of its service providers was hacked. [...]BLEEPINGCOMPUTER.COM
4 MarAmerican Express Credit Cards Exposed in Vendor Data BreachAmerican Express has issued a data breach notification after one of its service providers experienced unauthorized access to its systems. This has led to the exposure of American Express Card account numbers, names, and card expiration dates.BLEEPINGCOMPUTER.COM
4 MarBlackCat ransomware turns off servers amid claim they stole $22 million ransomThe ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million. [...]BLEEPINGCOMPUTER.COM
4 MarAmerican Express credit cards exposed in third-party data breachAmerican Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked. [...]BLEEPINGCOMPUTER.COM
4 MarOptum Offering Financial Aid to Some Providers Hit by OutageBut Hospital Lobby Group Contends Funding Is 'Onerous' and 'Exceedingly' Limited Two weeks into a major cyberattack-induced outage at its Change Healthcare business, UnitedHealth Group is offering short-term financial aid to some healthcare providers whose cash flows may be runni…DATABREACHTODAY.CO.UK
4 MarDefend against human-operated ransomware attacks with Microsoft Copilot for Security​​​Human-operated ransomware attacks are on the rise. See real-world examples of how Microsoft Copilot for Security helps SecOps teams defend their organizations against financial and reputational damage. The post Defend against human-operated ransomware attacks with Microsoft Copi…MICROSOFT.COM
🕵️ THREAT INTELLIGENCE 21[−]
4 MarCapturing DShield Packets with a LAN Tap [Guest Diary], (Sun, Mar 3rd)[This is a Guest Diary by Christopher Von Reybyton, an ISC intern as part of the SANS.edu BACS program] ISC.SANS.EDU
4 MarLoanDepot finally reveals what data was exposed in Jan hacksubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://cybernews.com/news/loandepot-finally-reveals-what-data-exposed-in-jan-hack/CYBERNEWS.COM
4 MarISC Stormcast For Monday, March 4th, 2024 https://isc.sans.edu/podcastdetail/8878, (Mon, Mar 4th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
4 MarEken Camera Doorbells Allow Ill-Intentioned Individuals to Spy on YouCamera doorbells manufactured by Eken Group Ltd under the brands EKEN and Tuck have major vulnerabilities that could allow threat actors to view footage from the devices or control them completely.SECURITYAFFAIRS.COM
4 MarIt’ll be back: Attackers still abusing Terminator tool and variantsFirst released in May 2023, an EDR killer – and the vulnerable Zemana drivers it leverages – are still of interest to threat actors, along with variants and ported versionsSOPHOS.COM
4 MarLLM Prompt Injection WormResearchers have demonstrated a worm that spreads through prompt injection. Details : In one instance, the researchers, acting as attackers, wrote an email including the adversarial text prompt, which “poisons” the database of an email assistant using retrieval-augmen…SCHNEIER.COM
4 MarFCC Employees Targeted in Sophisticated Phishing AttacksAdvanced phishing kit employs novel tactics in attack targeting cryptocurrency platforms and FCC employees. The post FCC Employees Targeted in Sophisticated Phishing Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
4 MarRemote Stuxnet-Style Attack Possible With Web-Based PLC Malware: ResearchersResearchers demonstrate that remote Stuxnet-style attacks are possible against many modern PLCs using web-based malware. The post Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers appeared first on SecurityWeek .SECURITYWEEK.COM
4 MarMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
4 MarWebinar Tomorrow: OT Cybersecurity Risk Mitigation StrategiesWebinar will provide valuable insights from Honeywell professionals who will guide you through the intricacies of industrial cybersecurity. The post Webinar Tomorrow: OT Cybersecurity Risk Mitigation Strategies appeared first on SecurityWeek .SECURITYWEEK.COM
4 MarHow Traffic, State, and Organizational Data Help Fortify Your NetworkTraffic data is the lifeblood of network security, representing the raw, unfiltered truth of what is happening on the network. The post How Traffic, State, and Organizational Data Help Fortify Your Network appeared first on SecurityWeek .SECURITYWEEK.COM
4 MarNorth Korea hacks two South Korean chip firms to steal engineering dataThe National Intelligence Service (NIS) in South Korea warns that North Korean hackers target domestic semiconductor manufacturers in cyber espionage attacks. [...]BLEEPINGCOMPUTER.COM
4 MarGerman Authorities Take Down ‘Crimemarket’ Cybercrime WebsiteWith over 180,000 users, Crimemarket was a trading hub for narcotics, cybercrime tools, and crimeware guides. The post German Authorities Take Down ‘Crimemarket’ Cybercrime Website appeared first on SecurityWeek .SECURITYWEEK.COM
4 MarGUEST ESSAY: Essential cyber hygiene practices all charities must embrace to protect their donorsCharities and nonprofits are particularly vulnerable to cybersecurity threats, primarily because they maintain personal and financial data, which are highly valuable to criminals. Related: Hackers target UK charities Here are six tips for establishing robust nonprofit cybersecuri…LASTWATCHDOG.COM
4 MarPentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in PrisonThe 22-year-old Air National Guard member admitted illegally collecting some of the nation’s most sensitive secrets and sharing them with other users on Discord. The post Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison appeared …SECURITYWEEK.COM
4 MarExperts Warn of Risks in Memory-Safe Programming OverhaulsThey Say Rewriting Software Could Overwhelm Firms and Introduce New Vulnerabilities A new report from the Office of the National Cyber Director calls for the universal adoption of memory-safe programming languages, but experts warned ISMG the process of overhauling legacy informa…DATABREACHTODAY.CO.UK
4 MarMobile-Driven Phishing Spoofs FCC, Cryptocurrency GiantsResearchers Say Hackers Used Fake Login Pages to Trick 100 Victims, Crypto Workers A new phishing campaign is targeting victims through mobile devices by mirroring legitimate login pages for the Federal Communications Commission and large cryptocurrency platforms including Binanc…DATABREACHTODAY.CO.UK
4 MarDefending Operational Technology Environments: Basics MatterPoor Network Visibility and Advisories Hinder Industrial Control System Defense Cybersecurity truism: Focusing on the basics helps defenders arrest many of today's top attacks, as well as tomorrow's. While IT defenders have been repeating that mantra for years, experts say it als…DATABREACHTODAY.CO.UK
4 MarGerman Police Shut Underground Crimemarket Forum3 Arrested and Domain Shuttered in the Investigation by Düsseldorf Police German police say they arrested operators behind one of the largest cybercrime underground marketplaces in the country and seized its domains as part of a two-year-long investigation into the group. Police …DATABREACHTODAY.CO.UK
4 MarRights Groups Call Out Shortcomings in EU Convention on AICritics Fear Exceptions for Private Sector, National Security Could Weaken Privacy Privacy groups are urging European lawmakers finalizing the global treaty on artificial intelligence to tighten rules surrounding the use of AI by the private sector and states. Lawmakers and other…DATABREACHTODAY.CO.UK
4 MarMicrosoft Secure: Learn expert AI strategy at our online eventMicrosoft Secure is a two-hour digital showcase of the latest technology innovations, including Microsoft Copilot for Security. Register today to reserve your spot. The post Microsoft Secure: Learn expert AI strategy at our online event appeared first on Microsoft Security Blog .MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 7[−]
4 MarResearchers Spot New Infrastructure Likely Used for Predator SpywareInsikt Group researchers uncovered new infrastructure used by the operators of the Predator spyware in 11 countries, including Angola, Egypt, Saudi Arabia, and the Philippines.THERECORD.MEDIA
4 MarNew Wave of SocGholish Infections Impersonates WordPress PluginsThe malware has evolved to infect websites through modified versions of legitimate WordPress plugins, emphasizing the need for vigilance in managing plugin installations.SUCURI.NET
4 MarU.S. Judge Ordered NSO Group to Hand Over the Pegasus Spyware Code to WhatsAppThis decision came after Meta won a legal battle against NSO Group. The lawsuit originated from allegations that NSO Group had conducted malicious attacks against WhatsApp users.SECURITYAFFAIRS.COM
4 MarAppSec Survey Reveals Troubling TrendsPACKETSTORMSECURITY.COM
4 MarHackers steal Windows NTLM authentication hashes in phishing attacksThe hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager (NTLM) authentication hashes to perform account hijacks. [...]BLEEPINGCOMPUTER.COM
🎙️ PODCASTS 1[−]
4 MarCyber Security Today, March 4, 2024 - A hacker is trying to trick the U.S. telecom regulator, WhatsApp gets to see Pegasus code and moreThis episode reports on the latest IT support scam trying to trick employees, and moreCYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 15[−]
4 MarUS Coast Guard Expands Cyber Command to Combat New ThreatsThe U.S. Coast Guard is expanding its cybersecurity capabilities and building out cybersecurity protection teams to assess, identify, and respond to cyber risks and threats in the maritime transportation system.BANKINFOSECURITY.COM
4 MarU.S. Authorities Charged an Iranian National for Long-Running Hacking CampaignIranian national Alireza Shafie Nasab has been charged by the U.S. DoJ for orchestrating a multi-year hacking campaign targeting U.S. government and defense entities, using techniques like spear phishing and social engineering.SECURITYAFFAIRS.COM
4 MarFrom 500 to 5000 Employees - Securing 3rd Party App-Usage in Mid-Market CompaniesA company’s lifecycle stage, size, and state have a significant impact on its security needs, policies, and priorities. This is particularly true for modern mid-market companies that are either experiencing or have experienced rapid growth. As requirements and tasks continue to a…THEHACKERNEWS.COM
4 MarNTT Boss Takes Early Retirement to Atone for Data LeakNTT West president resigned to take responsibility for the leak of 9.28 million customers' data, reflecting the significance of social responsibility in Japanese corporate culture.THEREGISTER.COM
4 MarShould we ban ransom payments?As cybercriminals continue to reap the financial rewards of their attacks, talk of a federal ban on ransom payments is getting louder. U.S. officials have long urged against paying ransom demands. But while several U.S. states — including North Carolina and Florida — have made it…TECHCRUNCH.COM
4 MarSilence Laboratories, a Cryptographic Security Startup, Secures FundingThe funding, co-led by Pi Ventures and Kira Studio, brings the total raised to $6 million. The company plans to use the funding to expand its teams and research and development efforts.TECHCRUNCH.COM
4 MarApple blames Spotify for $1.95 billion fine over "abusive" App store rulesThe European Commission has fined Apple €1.8 billion, or approximately $1.95 million, for allegedly abusing its market dominance in music streaming app distribution to prevent developers from promoting cheaper services outside the app. [...]BLEEPINGCOMPUTER.COM
4 MarAre You as Competent as You Think You Are?The Dunning-Kruger Effect and the Truth About How You Evaluate Your Career Skills Knowing how competent we are and how we stack up against peers gives us the ability to decide when we can proceed based on our own experience and when we need to seek advice. But psychological resea…DATABREACHTODAY.CO.UK
4 MarWhy Signal ‘turned our architecture inside out’ for its latest privacy featureAdding usernames to a messaging app may seem like a standard feature, but for Signal, such identifiers were anathema to its mission of total privacy and security — until now. The upcoming 7.0 version adds usernames, but the company’s president, Meredith Whittaker, explained…TECHCRUNCH.COM
4 MarElon Musk switched on X calling by default: Here’s how to switch it offIn his quest to turn a simple and functioning Twitter app into X, the everything app that doesn’t do anything very well, Elon Musk launched audio and video calling on X last week — and this new feature is switched on by default, it leaks your IP address to anyone you talk with, a…TECHCRUNCH.COM