113Articles
7Categories
2024-03-19Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
19 MarJenkins Args4j CVE-2024-23897: Files Exposed, Code at RiskJenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.TRENDMICRO.COM
19 MarPoC Exploit for Critical RCE in Fortra FileCatalyst Tool ReleasedThe critical vulnerability, tracked as CVE-2024-25153 with a CVSS score of 9.8, allows remote attackers to upload files outside the intended directory and execute arbitrary code.SECURITYAFFAIRS.COM
19 MarAiohttp Vulnerability in Attacker CrosshairsA recently patched Aiohttp vulnerability tracked as CVE-2024-23334 is being targeted by threat actors, including by a ransomware group. The post Aiohttp Vulnerability in Attacker Crosshairs appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarUpdate: 133k+ Fortinet Appliances Still Vulnerable to CVE-2024-21762The wide geographic distribution of vulnerable SSL VPNs highlights the extensive attack surface for the critical vulnerability, with Asia having the highest number of exposed appliances.THEREGISTER.COM
19 MarCVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMastersubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster/ cross-posted from: lemmy.world/post/13311716RHINOSECURITYLABS.COM
19 MarTeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware TypesCVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.TRENDMICRO.COM
⚠️ VULNERABILITY DISCLOSURE 24[−]
19 MarNew Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RATA new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu. "The PhantomBlu operation introduce…THEHACKERNEWS.COM
19 MarCryptoWire Ransomware Attacking Abuses Schedule Task To maintain PersistenceAhnLab security researchers detected a resurgence of CryptoWire, a ransomware strain originally prevalent in 2018, built with the AutoIt scripting language, which primarily spreads through phishing emails.  Unlike most ransomware, CryptoWire reportedly includes the decryptio…GBHACKERS.COM
19 MarApex Legends Players Worried About RCE Flaw After ALGS HacksElectronic Arts has postponed the North American (NA) finals of the ongoing Apex Legends Global Series (ALGS) after hackers compromised players mid-match during the tournament.BLEEPINGCOMPUTER.COM
19 MarA third of web attacks targeted APIs in 2023, threatening the expanding API economyAPIs were the target of 29% of web attacks in 2023, with cybercriminals exploiting the swiftly growing API economy for new avenues of attack, according to a report from Akamai. The commerce sector experienced the highest number of attacks, accounting for about 44%. Business servi…CSOONLINE.COM
19 MarMintlify Data Breach Leads to Exposure of Customer GitHub TokensMintlify announces vulnerability disclosure program after a data breach exposed 91 customer GitHub tokens. The post Mintlify Data Breach Leads to Exposure of Customer GitHub Tokens appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarHackers Exploiting Popular Document Publishing Sites for Phishing AttacksThreat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft, once again underscoring how threat actors are r…THEHACKERNEWS.COM
19 MarHackers Exploiting Microsoft Office Templates to Execute Malicious CodeIn a cyberattack campaign dubbed “PhantomBlu,” hundreds of employees across various US-based organizations were targeted with phishing emails masquerading as messages from an accounting service. This campaign represents a significant evolution in the tactics, techniqu…GBHACKERS.COM
19 MarHow AI can be hacked with prompt injection: NIST reportThe National Institute of Standards and Technology (NIST) closely observes the AI lifecycle, and for good reason. As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks g…SECURITYINTELLIGENCE.COM
19 MarOrca to offer armor against AI adoption risksTo help companies scale business operations with AI without having to worry about the technology’s underlying risks, cybersecurity provider Orca Security has rolled out an AI-SPM offering available through its flagship, SaaS-based cloud security platform. Orca claims the new AI-S…CSOONLINE.COM
19 MarNations Direct Mortgage Alerts 83,000 to Personal Data Breach From December 2023 CyberattackIn filings with regulators in Maine and California, the company said it discovered a cybersecurity incident on December 30 that prompted an investigation. Law enforcement and other governmental agencies were notified of the cyberattack.THERECORD.MEDIA
19 MarFrom Deepfakes to Malware: AI's Expanding Role in Cyber AttacksLarge language models (LLMs) powering artificial intelligence (AI) tools today could be exploited to develop self-augmenting malware capable of bypassing YARA rules. "Generative AI can be used to evade string-based YARA rules by augmenting the source code of small malware variant…THEHACKERNEWS.COM
19 MarFortinet Releases Security Updates for Multiple Products.Fortinet has released security updates to address multiple vulnerabilities found in Fortinet products. The vulnerabilities, if exploited could allow unauthenticated attacker to execute arbitrary code on Fortinet products. Successful exploitation of the most severe of these vulner…CISECURITY.ORG
19 MarAttacker Hunting Firewalls, (Tue, Mar 19th)Firewalls and other perimeter devices are a huge target these days. Ivanti, Forigate, Citrix, and others offer plenty of difficult-to-patch vulnerabilities for attackers to exploit. Ransomware actors and others are always on the lookout for new victims. However, being and access …ISC.SANS.EDU
19 MarCISA Releases One Industrial Control Systems AdvisoryCISA released one Industrial Control Systems (ICS) advisory on March 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-079-01 Franklin Fueling System EVO 550/5000 CISA encourages users and a…CISA.GOV
19 MarMintlify Says Customer GitHub Tokens Exposed in Data BreachIn a blog post on Monday, Mintlify blamed its March 1 incident on a vulnerability in its own systems but said 91 of its customers had their GitHub tokens compromised as a result.TECHCRUNCH.COM
19 Mar900 Sites, 125 million accounts, 1 vulnerabilityHundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords, security researchers warn. It all started with the hacking of Chattr, a US-based AI hiring system.ENV.FAIL
19 MarFiguring Out Where Appsec Fits When Starting a Cybersecurity Program - Tyler VonMoll - ASW #277Lots of companies need cybersecurity programs, as do non-profits. Tyler Von Moll talks about how to get small organizations started on security and how to prioritize initial investments. While an appsec program likely isn't going to be one of the first steps, it's going to be an …YOUTUBE.COM
19 MarState-Sponsored Russian Phishing Campaigns Target a Variety of IndustriesResearchers at IBM X-Force are monitoring several ongoing phishing campaigns by the Russian state-sponsored threat actor ITG05 (also known as “APT28” or “Fancy Bear”). APT28 has been tied to Russia’s military intelligence agency, the GRU.KNOWBE4.COM
19 MarCISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber ActivityToday, CISA, the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and other U.S. and international partners are issuing a joint fact sheet, People’s Republic of China State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders . Partners of t…CISA.GOV
19 MarAfter 70M Individuals' Data Leaks, AT&T Denies Being SourceDataset Leaked for Free; ShinyHunters Cybercrime Gang First Advertised It in 2021 Data breach blast from the past: Data pertaining to 70 million individuals that the ShinyHunters gang claimed were AT&T customers has been leaked via a hacking forum, three years after criminals…DATABREACHTODAY.CO.UK
19 MarNo easy solutions to the ransomware threat despite takedownsAs ransomware attacks surge, surpassing a record high of $1.1 billion in ransom payments in 2023, the US and UK governments and a wide array of international law enforcement partners are stepping up their efforts to disrupt, take down, or otherwise interfere with ransomware threa…CSOONLINE.COM
19 MarAddressing cyber challenges through public-private partnershipsRecently, I represented Fortinet at a U.S. House Committee on Energy and Commerce hearing about strengthening cybersecurity in a digital era. I emphasized the importance of public-private partnerships to strengthen cyber resiliency in the United States, how organizations can impl…CSOONLINE.COM
19 MarUS Defense Dept received 50,000 vulnerability reports since 2016The Cyber Crime Center (DC3) of the U.S. Department of Defense (DoD) says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its inception in November 2016. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 8[−]
19 MarTeams, Slack, and GitHub, oh my! – How collaborative tools can create a security nightmareFast and efficient collaboration is essential to today’s business, but the platforms we use to communicate with colleagues, vendors, clients, and customers can also introduce serious risks. Looking at some of the most common collaboration tools — Microsoft Teams, GitHub, Slack, a…CSOONLINE.COM
19 MarInside the Massive Alleged AT&T Data BreachPresently sponsored by: Kolide can get your cross-platform fleet to 100% compliance. It's Zero Trust for Okta. Want to see for yourself? Book a demo. I hate having to use that word - "alleged" - because it's so inconclusive and I know it will leave people with many…TROYHUNT.COM
19 MarBigID Raises $60M, Eyes M&A Around Data Security, ComplianceThis investment round, led by Riverwood Capital with contributions from Silver Lake Waterman and Advent, bolsters BigID's efforts in data hygiene and securing sensitive data access.HEALTHCAREINFOSECURITY.COM
19 Mar52,000 Suppliers:Third-Party Supply Chain CyberRisk Approach - Cassie Crossley - CSP #166Schneider Electric has over 52,000 suppliers and sells hundreds of thousands of products of which 15,000 would be classified as intelligent products. To address risks stemming from third-party suppliers, and in recognition of the risks posed to customers, we have a holistic appro…YOUTUBE.COM
19 MarCISA shares critical infrastructure defense tips against Chinese hackersCISA, the NSA, the FBI, and several other agencies in the U.S. and worldwide warned critical infrastructure leaders to protect their systems against the Chinese Volt Typhoon hacking group. [...]BLEEPINGCOMPUTER.COM
19 MarWhite House and EPA warn of hackers breaching water systemsU.S. National Security Advisor Jake Sullivan and Environmental Protection Agency (EPA) Administrator Michael Regan warned governors today that hackers are "striking" critical infrastructure across the country's water sector. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 18[−]
19 MarUnitedHealth Says It Has Made Progress on Recovering From Massive CyberattackUnitedHealth is testing the last major system it must restore from last month’s Change Healthcare cyberattack, but it has no date yet for finishing the recovery. The post UnitedHealth Says It Has Made Progress on Recovering From Massive Cyberattack appeared first on SecurityWeek …SECURITYWEEK.COM
19 MarFujitsu: Malware on Company Computers Exposed Customer Datasubmitted by IllNess to securitynews 1 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/fujitsu-malware-on-company-computers-exposed-customer-dataDARKREADING.COM
19 MarChinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continentssubmitted by IllNess to securitynews 1 points | 0 comments https://www.darkreading.com/threat-intelligence/chinese-apt-earth-krahang-compromised-48-gov-orgs-5-continentsDARKREADING.COM
19 MarE-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen CredentialsA 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands of compromised credentials, the Department of Justice (DoJ) announced. Sandu Boris Diac…THEHACKERNEWS.COM
19 MarAlleged A&TT (unverified) - 49,102,176 breached accountsIn March 2024, tens of millions of records allegedly breached from AT&T were posted to a popular hacking forum . Dating back to August 2021, the data was originally posted for sale before later being freely released. AT&T maintains that there has not been a breach of thei…HAVEIBEENPWNED.COM
19 MarAuthor Q&A: A patient’s perspective of advanced medical technology and rising privacy risksA close friend of mine, Jay Morrow, has just authored a book titled “Hospital Survival.” Related: Ransomware plagues healthcare Jay’s book is very personal. He recounts a health crisis he endured that began to manifest at the start of what … (more…)LASTWATCHDOG.COM
19 MarIMF Investigates Serious Cybesecurity Breachsubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/imf-investigates-serious/INFOSECURITY-MAGAZINE.COM
19 MarNations Direct Mortgage Data Breach Impacts 83,000 IndividualsNations Direct informs 83,000 individuals that their personal information was compromised in a data breach. The post Nations Direct Mortgage Data Breach Impacts 83,000 Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarMintlify Data Breach Exposes Customer GitHub TokensA renowned software documentation platform has confirmed a security breach that led to the unauthorized access of 91 GitHub tokens. This incident has raised alarms about the potential exposure of private repositories and the overall security measures to protect sensitive user dat…GBHACKERS.COM
19 MarChinese APT Hacks 48 Government OrganizationsEarth Krahang, likely a penetration team of Chinese government contractor I-Soon, has compromised 48 government entities worldwide. The post Chinese APT Hacks 48 Government Organizations appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarAvoid high cyber insurance costs by improving Active Directory securityWith the growing number of data breaches and cyberattacks, insurance premiums are increasing. Learn more from Specops Software about how securing an Activity Directory could lead to lower cyber insurance premiums. [...]BLEEPINGCOMPUTER.COM
19 MarPublic Anxiety Mounts Over Critical Infrastructure Resilience to CyberattacksWith temporary failures of critical infrastructure on the rise in the recent years, 81% of US residents are worried about how secure critical infrastructure may be, according to MITRE and The Harris Poll.HELPNETSECURITY.COM
19 MarCyberattack Knocks Out Pensacola City Government Phone LinesCity spokesperson Jason Wheeler told Recorded Future News that officials are experiencing phone issues across city departments that are causing delays in receiving service through the 311 Citizen Support system.THERECORD.MEDIA
19 MarNovel Script-Based Attack That Leverages PowerShell And VBScriptA new campaign has been identified as DEEP#GOSU is likely linked to the Kimsuky group, and it employs a new script-based attack chain that uses numerous PowerShell and VBScript stagers to stealthily infect systems.  Its features included data exfiltration, key…GBHACKERS.COM
19 MarPhishing Tops 2023’s Most Common Cyber Attack Initial Access MethodNew analysis shows that the combination of phishing , email, remote access, and compromised accounts are the focus for most threat actors.KNOWBE4.COM
19 MarA Career in Combating Cryptocurrency ScamsWe Need Cryptocurrency Forensics Now More Than Ever Before A new analysis has unearthed that cryptocurrency scammers siphoned off a staggering $43.6 million in 2022. Those who enjoy forensics should have a field day in this domain. From ethical hacking to penetration testing and …DATABREACHTODAY.CO.UK
19 MarQuantum Computing: A New Dawn for Encryption VulnerabilitiesExpert Perspectives on Protecting Data and Developing Quantum-Safe Cryptography As quantum computing looms, experts emphasize the urgency of embracing quantum-safe strategies. They highlight the need for proactive measures to protect digital assets from future breaches, deliver l…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 34[−]
19 MarBeware Of Free wedding Invite WhatsApp Scam That Steal Sensitive DataThe ongoing “free wedding invite” scam is one of several innovative campaigns aimed at the senior population. Through social media chats like WhatsApp, fraudsters use deceptive tactics, most often involving fake wedding invitations. It communicates with its victims ov…GBHACKERS.COM
19 MarISC Stormcast For Tuesday, March 19th, 2024 https://isc.sans.edu/podcastdetail/8900, (Tue, Mar 19th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
19 MarResearchers Hack AI Assistants Using ASCII ArtLarge language models (LLMs) are vulnerable to attacks, leveraging their inability to recognize prompts conveyed through ASCII art. ASCII art is a form of visual art created using characters from the ASCII (American Standard Code for Information Interchange) character set. Recent…GBHACKERS.COM
19 MarMicrosoft Deprecate 1024-bit RSA Encryption Keys in WindowsMicrosoft has announced an important update for Windows users worldwide in a continuous effort to bolster security and performance. As part of its latest security enhancements, Microsoft is phasing out the support for 1024-bit RSA encryption keys within the Windows operating syst…GBHACKERS.COM
19 MarOutsmarting cybercriminal innovation with strategies for enterprise resilience - Help Net Securitysubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2024/03/19/pedro-cameirao-nokia-emerging-cybersecurity-trends/ cross-posted from: midwest.social/post/10043498 In this interview, Pedro Cameirão discusses emerging cybersecuri…HELPNETSECURITY.COM
19 MarWhiteSnake Stealer Checks for Mutex & VM Function Before ExecutionA new variant of the WhiteSnake Stealer, a formidable malware that has been updated to be more elusive and efficient in its malicious endeavors. One of the key features of the updated WhiteSnake Stealer is its use of mutexes (mutual exclusions). Mutexes are a common programming p…GBHACKERS.COM
19 MarE-Root Admin Sentenced to 42 Months in Prison for Selling 350,000 CredentialsTampa, FL – In a significant crackdown on cybercrime, Sandu Boris Diaconu, a 31-year-old Moldovan national, has been sentenced to 42 months in federal prison after pleading guilty to charges related to operating a network of illicit websites. U.S. Senior District Judge James Mood…GBHACKERS.COM
19 MarUK Defence Secretary Jet Hit by Electronic Warfare Attack in PolandRussian hackers launched an electronic warfare attack that disabled the GPS and communications systems of UK Defence Secretary Grant Shapps' RAF Dassault Falcon 900 jet while flying near Kaliningrad.SECURITYAFFAIRS.COM
19 MarHow ANY.RUN Malware Sandbox Process IOCs for Threat Intelligence Lookup?The database includes indicators of compromise (IOCs) and relationships between different artifacts observed within an analysis session. In October 2022, ANY.RUN launched TI Threat Intelligence Feeds to allow users to utilize this data.  Security experts assess threats using…GBHACKERS.COM
19 MarMisconfigured Firebase Instances Expose 125 Million User RecordsA weakness in a Firebase implementation allowed researchers to gain access to names, phone numbers, email addresses, plaintext passwords, confidential messages, and more. The post Misconfigured Firebase Instances Expose 125 Million User Records appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarThe AI-generated hell of the 2024 electionsubmitted by rinze to cybersecurity 2 points | 0 comments https://www.theverge.com/policy/24098798/2024-election-ai-generated-disinformation A thread compiling all Verge articles about AI influence on the upcoming election. Has its own RSS feed: www.theverge.com/rss/stream/238628…THEVERGE.COM
19 MarAI and the Evolution of Social MediaOh, how the mighty have fallen. A decade ago, social media was celebrated for sparking democratic uprisings in the Arab world and beyond. Now front pages are splashed with stories of social platforms’ role in misinformation , business conspiracy , malfeasance , and risks to menta…SCHNEIER.COM
19 Mar900+ websites Exposing 10M+ Passwords: Most in PlaintextOver 900 websites inadvertently expose over 10 million passwords, many of which are in plaintext, alongside sensitive billing information and personally identifiable information (PII) of approximately 125 million users. This massive data exposure is attributed to misconfigured Fi…GBHACKERS.COM
19 MarFBI’s IC3 Report: Losses from Cybercrime Surpass $12.5 Billion—a New Record | Proofpoint USsubmitted by kid to cybersecurity 1 points | 0 comments https://www.proofpoint.com/us/blog/email-and-cloud-threats/fbis-ic3-report-losses-cybercrime-surpass-125-billion-new-recordPROOFPOINT.COM
19 MarPreparing Society for AI-Driven Disinformation in the 2024 Election CycleThe rapid evolution of AI and analytics engines will put campaign-year disinformation into hyperspeed in terms of false content creation, dissemination and impact. The post Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarProviding Optimal Cloud Security Outcomes Through StateRAMPPalo Alto Networks commitment to comprehensive security achieves the largest number of StateRAMP marketplace approved cybersecurity offerings. The post Providing Optimal Cloud Security Outcomes Through StateRAMP appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
19 MarPhishing-as-a-Service Platforms LabHost and Frappo Help Threat Actors Target Canadian BanksAnalysis of attacks on banking institutions in Canada can be almost perfectly tied to the use and availability of phishing -as-a-service platforms, indicating increased use by threat actors according to new research by Fortra.KNOWBE4.COM
19 MarBigID Raises $60 Million at $1 Billion ValuationData security firm BigID raises $60 million in a growth round that brings the total to $320 million and values the company at over $1 billion. The post BigID Raises $60 Million at $1 Billion Valuation appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarAirbus Pulls Out of Deal to Buy Atos Cybersecurity UnitAtos shares tank after Airbus decides not to move ahead with discussions to acquire its cybersecurity business. The post Airbus Pulls Out of Deal to Buy Atos Cybersecurity Unit appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarDHS Will Use AI to Investigate Sex Traffickers, Drug DealersNew AI Road Map to Focus on Investigation, Immigration Services, Disaster Relief DHS plans to embed AI in its operations and use large language models to comb through massive amounts of data to investigate child sex traffickers and drug smugglers. While pledging to use AI respons…DATABREACHTODAY.CO.UK
19 MarAudit of Allbridge CoreAllbridge's maintainers, with support from Stellar Development Foundation , engaged with Quarkslab to perform an audit of Allbridge Core implementation in the Stellar ecosystem. This new implementation uses Stellar's smart contracts platform: Soroban.QUARKSLAB.COM
19 MarVulns in Smart Locks, FCC labels for IoT, ZAP's New Home - ASW #277Insecure defaults and insecure design in smart locks, FCC adopts Cyber Trust Mark labels for IoT devices, the ZAP project gets a new home, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-277YOUTUBE.COM
19 MarBunnyLoader 3.0 Detected With Advanced Keylogging CapabilitiesBunnyLoader is a rapidly developing malware that can steal information, credentials, and cryptocurrencies while also delivering new malware to its victims. Since its first detection in September 2023, the BunnyLoader malware as a service (MaaS) has regularly enhanced its fea…GBHACKERS.COM
19 MarAI and the Boardroom: Bridging Innovation and SecurityToday, artificial intelligence (AI) is no longer a futuristic concept but a tool that is driving operational efficiency, customer experience, and decision-making processes. Organizations are observing its transformative power firsthand across various industries and organizational…KNOWBE4.COM
19 MarAirbus Backtracks From Planned Atos Cybersecurity TakeoverAtos Share Plunges Further Following the Failed Bid European aerospace giant Airbus called off Tuesday a multi-billion euro plan to acquire a cybersecurity unit of French IT consultancy firm Atos. Share values of the cash-strapped Atos fell approximately 20% by the end of the tra…DATABREACHTODAY.CO.UK
19 MarSick Jokes, WEBGPU, Fortra, Azorult, Fujitsu, Phishing, Josh Marpet, and More - SWN #370Sick Jokes, WEBGPU, Fortra, Azorult, Fujitsu, Conversation Overflow, Phishing, Josh Marpet, and more on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-370YOUTUBE.COM
19 MarEmerging Trends CISOs Should Pay Attention To - Tom Parker - BSW #342Piggybacking off of our interview with Dave DeWalt, Tom Parker from Hubble joins Business Security Weekly to discuss a few of the key trends CISOs should be paying attention to. Yes, we'll cover Artificial Intelligence, but more from a business risk and governance perspective. We…YOUTUBE.COM
19 MarUS SEC Charges Two Investment Advisers With AI WashingFederal Agencies Warn Against Exaggerating AI's Capabilities In the post-ChatGPT era, nearly every technology company offers some version of artificial intelligence service. But in some companies, the only AI service available is lip service, according to recent Securities and Ex…DATABREACHTODAY.CO.UK
19 MarTrend Micro Spots Possible iSoon CampaignVictims Include at Least 70 Organizations Across 23 Countries Security researchers say they've spotted a hacking campaign with a strong focus in Southeast Asia that could be the work of Chinese state hacking contractor iSoon, the company whose February internal data leak threw a …DATABREACHTODAY.CO.UK
19 MarTracker Backtrack? Feds Revise HIPAA Guidance on Web ToolsFacing AHA Lawsuit, HHS Tempers 2022 Warning About Tracking IP Addresses, Other PHI Federal regulators have issued updated guidance about web trackers on patient portals or other health-related websites, saying that collecting and disclosing certain information - such as device I…DATABREACHTODAY.CO.UK
19 MarUS Expands Global Coalition on Commercial Spyware MisuseWhite House Announces New Allies in Fight Against Misuse of Commercial Spyware The White House announced six new countries were joining a coalition of international governments signing onto a joint statement on efforts to counter the proliferation and misuse of commercial spyware…DATABREACHTODAY.CO.UK
19 MarMicrosoft Sentinel delivered 234% ROI, according to new Forrester studyA new Forrester study of more than 450 organizations that implemented Microsoft Sentinel found significant benefits, including a 234% return on investment. Read on for the major findings from the report. The post Microsoft Sentinel delivered 234% ROI, according to new Forrester s…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 10[−]
19 MarNew and Evasive Method Delivers NetSupport RAT in Operation PhantomBluA new phishing campaign called Operation PhantomBlu is using sophisticated social engineering tactics to deploy the NetSupport RAT remote access trojan, showcasing innovation in evasion techniques.PERCEPTION-POINT.IO
19 MarThe Aviation and Aerospace Sectors Face Skyrocketing Cyber ThreatsIn an increasingly fragmented geopolitical landscape, influenced by the war in Ukraine and rising tensions in the Middle East, the aerospace sector’s designation as critical infrastructure has become a double-edged sword.SECURITYAFFAIRS.COM
19 MarSuspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 DevicesA new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for Linux x86 devices, SentinelOne's Juan Andres Guerrero-Saade said in a series of posts o…THEHACKERNEWS.COM
19 MarResearchers Spot Updated Version of Malware That Hit ViasatWiper attacks have been a go-to for Russian attacks on Ukrainian government and private-sector targets in the past two years, and the latest version of the software used to target Viasat shows how Russian hacking groups are evolving their tools.CYBERSCOOP.COM
19 MarNew AcidPour data wiper targets Linux x86 network devicesA new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices. [...]BLEEPINGCOMPUTER.COM
19 MarFinland, Germany, Ireland, Japan, Poland, South Korea Added to US-Led Spyware AgreementThe signees agree to establish “robust guardrails and procedures" around spyware, prevent the export of technology that will be used for malicious cyber activity, share information on spyware proliferation and work to raise awareness globally.THERECORD.MEDIA
📡 INFOSEC NEWS 13[−]
19 MarNetwork Outages in Birmingham Persist as City Officials Stay Tight-LippedIn a brief update posted to social media on Thursday evening, the city said its offices “remain open and staff is committed to serving the public despite a network disruption first announced a week ago.”THERECORD.MEDIA
19 MarSophos named a Leader in Frost & Sullivan’s 2024 Frost Radar™ for Global Managed Detection and ResponseSophos has been named a Leader by Frost & Sullivan for Managed Detection and ResponseSOPHOS.COM
19 MarCrafting and Communicating Your Cybersecurity Strategy for Board Buy-InIn an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity leaders—particularly Chief …THEHACKERNEWS.COM
19 MarOracle warns that macOS 14.4 update breaks Java on Apple CPUsOracle warned Apple customers to delay installing the latest macOS 14.4 Sonoma update because it will break Java on ARM-based Macs. [...]BLEEPINGCOMPUTER.COM
19 MarHow Rogue ISPs Tamper With GeofeedsPACKETSTORMSECURITY.COM
19 MarAPIs Drive the Majority of Internet Traffic and Cybercriminals are Taking AdvantageApplication programming interfaces (APIs) are the connective tissue behind digital modernization, helping applications and databases exchange data more effectively. The State of API Security in 2024 Report from Imperva, a Thales company, found that the majority of inter…THEHACKERNEWS.COM
19 MarUkraine arrests hackers trying to sell 100 million stolen accountsThe Ukrainian cyber police, in collaboration with investigators from the national police (ГУНП), have arrested three individuals who are accused of hijacking over 100 million emails and Instagram accounts worldwide. [...]BLEEPINGCOMPUTER.COM
19 MarFTC warns scammers are impersonating its employees to steal moneyThe U.S. Federal Trade Commission (FTC) warned today that scammers are impersonating its employees to steal thousands of dollars from Americans. [...]BLEEPINGCOMPUTER.COM
19 MarPokemon resets some users passwords after hacking attemptsThe Pokemon Company said it detected hacking attempts against some of its users and reset those user account passwords. Last week, an alert was visible on Pokemon’s official support website, which said that “following an attempt to compromise our account system, Pokemon proactive…TECHCRUNCH.COM
19 MarMisconfigured Firebase instances leaked 19 million plaintext passwordsThree cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development. [...]BLEEPINGCOMPUTER.COM
19 MarA prescription for privacy protection: Exercise caution when using a mobile health appGiven the unhealthy data-collection habits of some mHealth apps, you’re well advised to tread carefully when choosing with whom you share some of your most sensitive dataWELIVESECURITY.COM