14Articles
8Categories
2024-03-09Date
🚨 CISA KEV 1[βˆ’]
9 Mar KEVCISA Adds Apple iOS and iPadOS Memory Corruption Bugs to its Known Exploited Vulnerabilities CatalogThese memory corruption vulnerabilities, tracked as CVE-2024-23225 and CVE-2024-23296, were exploited in attacks against iPhone devices. Apple released emergency security updates to address these zero-day vulnerabilities.SECURITYAFFAIRS.COM
πŸ› COMMON VULNERABILITIES AND EXPOSURES 1[βˆ’]
9 MarCanva Warns of Three Security Vulnerabilities in FontsThe first, CVE-2023-45139, involved a high-severity bug in the FontTools library. The second and third vulnerabilities, CVE-2024-25081 and CVE-2024-25082, were related to naming conventions and compression.THEREGISTER.COM
⚠️ VULNERABILITY DISCLOSURE 5[βˆ’]
9 MarMicrosoft Confirms Russian Hackers Stole Source Code, Some Customer SecretsMicrosoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. "In r…THEHACKERNEWS.COM
9 MarNew Malware Campaign Found Exploiting Stored XSS in Popup BuilderA new malware campaign was found targeting the Popup Builder WordPress plugin, exploiting a vulnerability disclosed in November 2023. The campaign injects malicious code into websites, leading to over 3,300 infections.SUCURI.NET
9 MarGetting Started with Industrial (ICS/OT) Cyber Security - 20+ Hours - Full Course by Mike Holcombsubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/865751b1-859f-46c2-914c-2a5a6502dd78.png Getting Started with Industrial (ICS/OT) Cyber Security Playlist Industrial Control Systems (ICS) and Operational Technology (OT) run the world aroun…INFOSEC.PUB
9 MarNSA Releases Top Ten Best Practices For Cloud EnvironmentsThreat actors aim at Cloud environments because of their wide acceptance and one-stop storage of important information. Exploiting shortcomings in cloud security may enable unauthorized access to sensitive data, interruptions in infrastructure, or earning money. The fact that the…GBHACKERS.COM
9 MarRussian state-sponsored hackers compromised Microsoft source code repositoriessubmitted by Lanky_Pomegranate530 to cybersecurity 2 points | 0 comments https://www.techspot.com/news/102193-midnight-blizzard-russian-hackers-compromised-microsoft-source-code.htmlTECHSPOT.COM
πŸ”₯ INCIDENT REPORTING 3[βˆ’]
9 MarAPK.TW - 2,451,197 breached accountsIn September 2022, the Taiwanese Android forum APK.TW suffered a data breach that was later redistributed as part of a larger corpus of data . The breach exposed 2.5M unique email addresses along with IP addresses, usernames and salted MD5 password hashes.HAVEIBEENPWNED.COM
9 MarAs the Change Healthcare outage drags on, fears grow that patient data could spill onlineA cyberattack at U.S. health tech giant Change Healthcare has ground much of the U.S. healthcare system to a halt for the second week in a row. Hospitals have been unable to check insurance benefits of in-patient stays, handle the prior authorizations needed for patient procedure…TECHCRUNCH.COM
9 MarMagnet Goblin hackers use 1-day flaws to drop custom Linux malwareA financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. [...]BLEEPINGCOMPUTER.COM
πŸ•΅οΈ THREAT INTELLIGENCE 1[βˆ’]
9 MarA technical analysis of the APT28's backdoor called OCEANMAPsubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://securityscorecard.com/wp-content/uploads/2024/03/Whitepaper-A-technical-analysis-of-the-APT28s-backdoor-called-OCEANMAP.pdfSECURITYSCORECARD.COM
🌐 CYBER THREAT LANDSCAPE 1[βˆ’]
9 MarTycoon and Storm-1575 Linked to Phishing Attacks on US SchoolsThe Tycoon and Storm-1575 threat groups use stealthy tactics, social engineering, and phishing techniques to bypass MFA protections and target Microsoft 365 credentials at large US school districts.HACKREAD.COM
πŸŽ™οΈ PODCASTS 1[βˆ’]
9 MarAdam Evans, CISO at RBC: Cybersecurity Today Weekend ShowJIm Love, host of the daily news podcast Hashtag Trending fills in for Howard this Saturday with a replay of a show that Jim did which featured Adam Evans, CISO at RBC. It's a little different but we hope you enjoy it.CYBERSECURITYTODAY.LIBSYN.COM
πŸ“‘ INFOSEC NEWS 1[βˆ’]
9 MarFlaws in Public Records Management Tool Could Let Hackers Nab Sensitive Data Linked to RequestsThe GovQA platform, used by state and local governments for public records requests, had vulnerabilities that could have allowed hackers to access sensitive personal information, edit requests, and download unsecured files.NEXTGOV.COM