🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
16 MarKubernetes Vulnerability Let Attackers Take Full System ControlA new vulnerability, CVE-2023-5528, has been discovered with Kubernetes. This vulnerability is associated with a command injection vulnerability that leads to remote code execution with SYSTEM-level privileges on the compromised Windows node. The severity for this vulnerability h…GBHACKERS.COM
16 MarHackers exploit Aiohttp bug to find vulnerable networksThe ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 6[−]
16 MarCyber Security Today Week in Review with David Shipley, Beauceron Security: Mach 16th, 2024Here's our week in review stories that David and guest host Jim Love will discuss: Cyber Pros flock to cybercrime side hustles . I covered this earlier this week. This story came out of the UK and a report that an ex-cop went undercover on the dark web and discovered that there w…CYBERSECURITYTODAY.LIBSYN.COM
16 MarCritical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress PluginsThousands of WordPress websites are at risk due to critical vulnerabilities in two discontinued MiniOrange plugins, allowing attackers to escalate privileges and compromise sites.WORDFENCE.COM
16 MarOpenCTI: OSINT Platform to SOC & MDR Teams for Malware AnalysisANY.RUN now integrates with OpenCTI, a cyber threat intelligence platform that allows automatic enrichment of OpenCTI observations with malware data directly from ANY.RUN analysis. Users can access indicators like TTPs, hashes, IPs, and domains without manual data source checks.&…GBHACKERS.COM
16 MarHackers Trick Users to Install Malware Via Weaponized PDFIn a sophisticated cyberattack campaign, malicious actors impersonating Colombian government agencies target individuals across Latin America. The attackers are distributing emails containing PDF attachments, falsely accusing recipients of traffic violations or other legal infrac…GBHACKERS.COM
16 MarNational Security Agency | Cybersecurity Information Sheetssubmitted by IllNess to securitynews 1 points | 0 comments CSI: Advancing Zero Trust Maturity Throughout the Network and Environment Pillar [pdf] CSI: Use Secure Cloud Identity and Access Management Practices [pdf] CSI: Account for Complexities Introduced by Hybrid Cloud and Mult…INFOSEC.PUB
16 MarNational Security Agency | Cybersecurity Information Sheetssubmitted by IllNess to cybersecurity 1 points | 0 comments CSI: Advancing Zero Trust Maturity Throughout the Network and Environment Pillar [pdf] CSI: Use Secure Cloud Identity and Access Management Practices [pdf] CSI: Account for Complexities Introduced by Hybrid Cloud and Mul…INFOSEC.PUB
🔥 INCIDENT REPORTING 4[−]
16 MarEncina Wastewater Authority Allegedly Becomes Latest Victim of BlackByte RansomwareAs of now, the situation regarding the alleged cyberattack on Encina Wastewater Authority remains unconfirmed, and the organization has not issued an official statement or response regarding the claims made by the threat actor.THECYBEREXPRESS.COM
16 MarPennsylvania’s Scranton School District Dealing with Ransomware AttackAs a result of the attack, some computer systems and services are temporarily disrupted, causing files to be inaccessible and certain functions to operate slower than usual.THERECORD.MEDIA
16 MarUpdate: IMF Says February Cyberattack Involved Compromise of 11 Email AccountsThe breach was discovered on February 16, 2024, and after an investigation conducted with the help of cybersecurity experts, the nature of the breach was determined, and remediation actions were taken.THERECORD.MEDIA
16 MarLazarus Group Hackers Appear to Return to Tornado Cash for Money LaunderingNorth Korea’s Lazarus hacking group has reportedly used the Tornado Cash mixing service to launder $23 million stolen during a November 2023 cyberattack on the HTX cryptocurrency exchange.THERECORD.MEDIA
🕵️ THREAT INTELLIGENCE 1[−]
16 MarOrganizations Are Vulnerable to Image-based and QR Code PhishingA majority of organizations have a false sense of security regarding their resistance to phishing attacks, according to a new report from researchers at IRONSCALES and Osterman Research.KNOWBE4.COM
📡 INFOSEC NEWS 2[−]
16 MarInside the Rabbit Hole: BunnyLoader 3.0 UnveiledThe new BunnyLoader variant comes with a Command and Control (C2) update, modularization of the binary, and various modules such as keylogger, stealer, clipper, and DoS functions.UNIT42.PALOALTONETWORKS.COM
16 MarHackers Using Cracked Software on GitHub to Spread RisePro Info StealerCybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro. The campaign, codenamed gitgub, includes 17 repositories associated with 11 different accounts, according to G DATA.…THEHACKERNEWS.COM