🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
5 AprMultiple Ivanti Connect Secure Flaw Let Attackers Execute Remote CodeFour new vulnerabilities have been discovered in the Ivanti Connect Secure and Policy Secure Gateways. These vulnerabilities were associated with Heap overflow, null pointer dereference, and XML entity Expansion. These vulnerabilities have been assigned with CVEs CVE-2024-21894, …GBHACKERS.COM
5 AprResearchers Identify Multiple China Hacker Groups Exploiting Ivanti Security FlawsMultiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291,…THEHACKERNEWS.COM
5 AprCritical Progress Flowmon Vulnerability Let Attackers Inject Malicious CodeA new critical vulnerability has been discovered in Progress Flowmon, assigned with CVE-2024-2389. Progress Flowmon is a Cloud Application Performance monitoring solution that can help analyze network and application traffic. Moreover, it can also be used for several purposes, su…GBHACKERS.COM
5 AprAn onslaught of security flaws pushes Ivanti into security re-designA day after patching a batch of high-severity vulnerabilities impacting its critical services, Ivanti has made public its plans to revamp security and vulnerability management controls. In an open letter addressed to its customers and partners, Ivanti CEO, Jeff Abbott, said the r…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 13[−]
5 AprFeds Patching Years-Old SS7 Vulnerability in Phone NetworksThe FCC’s Public Safety and Homeland Security Bureau is seeking input on how communication service providers are securing SS7 and Diameter protocols to prevent location-tracking vulnerabilities. The protocols are crucial for call routing, network interconnection, and …GBHACKERS.COM
5 AprBing Ads Exploited by Hackers to Spread SecTopRAT Through NordVPN MimicHackers have been exploiting Microsoft Bing’s advertising platform to launch a malvertising campaign that impersonates the reputable VPN service NordVPN. This sophisticated scheme aims to trick users into downloading a Remote Access Trojan (RAT) known as SecTopRAT, which po…GBHACKERS.COM
5 AprMaybe the Phone System Surveillance Vulnerabilities Will Be FixedIt seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers…SCHNEIER.COM
5 AprMagento Vulnerability Exploited to Deploy Persistent BackdoorAttackers are exploiting a recent Magento vulnerability to deploy a persistent backdoor on ecommerce websites. The post Magento Vulnerability Exploited to Deploy Persistent Backdoor appeared first on SecurityWeek .SECURITYWEEK.COM
5 AprNIST Grants $3.6 Million to Boost US Cybersecurity WorkforceNIST announced $3.6 million in grants for 18 education and community organizations to build the future cybersecurity workforce. The post NIST Grants $3.6 Million to Boost US Cybersecurity Workforce appeared first on SecurityWeek .SECURITYWEEK.COM
5 AprYubiKey Manager Privilege Escalation Let Attacker Perform Admin FunctionsYubiKey Manager GUI on Windows before version 1.2.6 has a vulnerability that could allow an attacker to escalate privileges. Due to a limitation in Windows, it requires administrator privileges to interact with FIDO authenticators. An attacker can exploit this by tricking a user …GBHACKERS.COM
5 AprA Vulnerability in Broadcom Brocade Fabric OS Could Allow for Arbitrary Code ExecutionA vulnerability has been discovered in Broadcom Brocade Fabric OS that could allow for arbitrary code execution. Broadcom Brocade Fabric OS is the storage area networking firmware for Brocade Communications Systems’ Fibre Channel switch and Fibre Channel directors. Successful exp…CISECURITY.ORG
5 AprCisco Warns of Vulnerability in Discontinued Small Business RoutersCisco says it will not release patches for a cross-site scripting vulnerability impacting end-of-life small business routers. The post Cisco Warns of Vulnerability in Discontinued Small Business Routers appeared first on SecurityWeek .SECURITYWEEK.COM
5 AprNew Ivanti RCE flaw may impact 16,000 exposed VPN gatewaysApproximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code execution (RCE) flaw the vendor addressed earlier this week. [...]BLEEPINGCOMPUTER.COM
5 AprCyber Security Today, Week in Review for the week ending Friday, April 5, 2024This episode features a discussion on a highly critical report on the hacking of Microsoft Exchange Online email accounts, a case study of a ransomware attack and the discovery of a years-long infiltration of an open source group to insert a backdoor into LinuxCYBERSECURITYTODAY.LIBSYN.COM
5 AprGoogle Chrome aims to solve account hijacking with device-bound cookiesThe Google Chrome team has been working on a new feature and standard that aims to replace or augment traditional authentication cookies with cryptographic keys that are securely stored on and bound to the devices where they were generated. The solution aims to disrupt cybercrimi…CSOONLINE.COM
5 AprChinese Groups Deploy New TTPs to Exploit Ivanti Vulnerabilities - Infosecurity Magazinesubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/chinese-threat-ttps-ivanti/INFOSECURITY-MAGAZINE.COM
📋 SECURITY BULLETINS 1[−]
5 AprCritical Flaw in LayerSlider WordPress Plugin Impacts One Million SitesA premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 4[−]
5 AprCISO Perspectives on Complying with Cybersecurity RegulationsCompliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their tea…THEHACKERNEWS.COM
5 AprIn Other News: 100,000 Affected by CISA Breach, Microsoft AI Copilot Ban, Nuclear Site ProsecutionNoteworthy stories that might have slipped under the radar: the CISA hack could impact 100,000 people, Microsoft AI Copilot banned by US House, UK nuclear site prosecution. The post In Other News: 100,000 Affected by CISA Breach, Microsoft AI Copilot Ban, Nuclear Site Prosecution…SECURITYWEEK.COM
5 AprIsrael's Justice Ministry Reviewing Cyber Incident After Hacktivists Claim BreachPACKETSTORMSECURITY.COM
🔥 INCIDENT REPORTING 11[−]
5 AprAT&T Tried To Deny This Massive Data Breachsubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://odysee.com/at-t-tried-to-deny-this-massive-data#2521c16047f35a1088cccf5e6a38d48b6f945543ODYSEE.COM
5 AprWinnti Hackers’ New UNAPIMON Tool Hijacks DLL And Unhook API CallsHackers commonly employ dynamic-link library (DLL) hijacking and unhooking of APIs to damage security measures and authorize harmful activities on breached systems. In this regard, DLL hijacking permits them to load malicious code by utilizing flaws in the way applications load e…GBHACKERS.COM
5 AprLens Maker Hoya Scrambling to Restore Systems Following CyberattackJapanese lens maker Hoya says production processes and ordering systems were disrupted by a cyberattack. The post Lens Maker Hoya Scrambling to Restore Systems Following Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
5 AprCyber Security Today, April 5, 2024 - New ransomware gang claims 11 victims, Ivanti promises to overhaul product security, and more.This episode reports on vulnerabilities in HTTP/2, RDP weaknesses a major cause of successful cyber attacks, and moreCYBERSECURITYTODAY.LIBSYN.COM
5 AprPanera Bread week-long IT outage caused by ransomware attackPanera Bread's recent week-long outage was caused by a ransomware attack, according to people familiar with the matter and emails seen by BleepingComputer. [...]BLEEPINGCOMPUTER.COM
5 AprAcuity confirms hackers stole non-sensitive govt data from GitHub reposAcuity, a federal contractor that works with U.S. government agencies, has confirmed that hackers breached its GitHub repositories and stole documents containing old and non-sensitive data. [...]BLEEPINGCOMPUTER.COM
5 AprISMG Editors: Breaking Down OT Cybersecurity ChallengesAlso: Implications of a Critical Linux Utility Backdoor; Focus on Cloud Security In the latest weekly update, ISMG editors discussed key insights on OT security from the Cyber Security for Critical Assets Summit in Houston, the implications of a critical Linux utility found to ha…DATABREACHTODAY.CO.UK
5 AprFilipino Hacktivists Destroy Technology Agency ServersAttackers Dismantle Department's Server Infrastructure, Delete Up to 25TB of Data A Filipino hacktivist group broke into servers owned and operated by the government's Department of Science and Technology and stole up to 25 terabytes of confidential data and backups. The hacking …DATABREACHTODAY.CO.UK
5 AprChange Healthcare Attack: Recovery Woes; Lawsuits Pile UpCompany Makes Progress Restoring IT Services, But Disruption Lingers As recovery from its Feb. 21 cyberattack continues, Change Healthcare and its parent company UnitedHealth Group are facing a growing pile of lawsuits, while health sector entities affected by the IT services dis…DATABREACHTODAY.CO.UK
5 AprThe Week in Ransomware - April 5th 2024 - Virtual Machines under AttackRansomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 23[−]
5 AprUSB HID And Run Exposes Yet Another BadUSB Surfacesubmitted by Lanky_Pomegranate530 to cybersecurity 3 points | 0 comments https://hackaday.com/2024/04/04/usb-hid-and-run-exposes-yet-another-badusb-surface/HACKADAY.COM
5 AprFidelity and passwords via T9submitted by csm10495 to security 1 points | 0 comments Anyone here use fidelity ( www.fidelity.com )? I had to call to get something done with my account and thought it was weird that they have you (more/less) T9 dial your password into the system, though its not real T9 in that…PROGRAMMING.DEV
5 AprISC Stormcast For Friday, April 5th, 2024 https://isc.sans.edu/podcastdetail/8926, (Fri, Apr 5th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
5 AprAI Package Hallucination – Hackers Abusing ChatGPT, Gemini to Spread MalwareThe research investigates the persistence and scale of AI package hallucination, a technique where LLMs recommend non-existent malicious packages. The Langchain framework has allowed for the expansion of previous findings by testing a more comprehensive range of questions, …GBHACKERS.COM
5 AprCybercriminal adoption of browser fingerprinting - Help Net Securitysubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2024/04/05/browser-fingerprinting/HELPNETSECURITY.COM
5 AprBing Ad for NordVPN Leads to SecTopRATA very recent malvertising campaign was found impersonating the popular VPN software NordVPN. A malicious advertiser is capturing traffic from Bing searches and redirecting users to a decoy site that looks almost identical to the real one.MALWAREBYTES.COM
5 AprImpact of IoT Security for 5G Technology - Security Boulevardsubmitted by Lanky_Pomegranate530 to cybersecurity 4 points | 0 comments https://securityboulevard.com/2024/04/impact-of-iot-security-for-5g-technology/SECURITYBOULEVARD.COM
5 AprCybersecurity Firms Raised $2.3 Billion in Q1 2024: ReportCybersecurity companies raised $2.3 billion in funding in Q1 2024, a 20% decrease compared to the same period of 2023, according to Pinpoint. The post Cybersecurity Firms Raised $2.3 Billion in Q1 2024: Report appeared first on SecurityWeek .SECURITYWEEK.COM
5 AprAcuity Responds to US Government Data Theft Claims, Says Hackers Obtained Old InfoAcuity, the tech firm from which hackers claimed to have stolen State Department and other government data, confirms hack, but says stolen info is old. The post Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Old Info appeared first on SecurityWeek .SECURITYWEEK.COM
5 AprHackers Hijack Facebook Pages to Mimic AI Brands & Inject MalwareHackers have been found hijacking Facebook pages to impersonate popular AI brands, thereby injecting malware into the devices of unsuspecting users. This revelation comes from a detailed investigation by Bitdefender Labs, which has been closely monitoring these malicious campaign…GBHACKERS.COM
5 AprOxycorat Android RAT Spotted on Dark Web Stealing Wi-Fi PasswordsCybersecurity experts have identified a new threat lurking in the shadows of the dark web, a Remote Access Trojan (RAT) known as Oxycorat. This malicious software is specifically designed to infiltrate Android devices. Cybercriminals looking for a comprehensive toolkit to execute…GBHACKERS.COM
5 Apr10M+ Downloaded Dating App Discloses User’s Exact LocationIn a groundbreaking Check Point Research (CPR) analysis, vulnerabilities have been uncovered in several popular dating applications, cumulatively boasting over 10 million downloads. This investigation focused on the inherent risks associated with the use of geolocation data—a fea…GBHACKERS.COM
5 AprTech Companies Want to Build Artificial General Intelligence. But Who Decides When AGI is Attained?With so much money riding on the promise of AI advances, it’s no surprise that AGI is also becoming a corporate buzzword that sometimes attracts a quasi-religious fervor. The post Tech Companies Want to Build Artificial General Intelligence. But Who Decides When AGI is Attained? …SECURITYWEEK.COM
5 AprAI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant AttacksNew research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers' models, and even take over the continuous…THEHACKERNEWS.COM
5 AprChina Is Using AI to Influence Elections, Microsoft WarnsChance of AI-Generated Content Affecting Results Appears to Remain Low - for Now China-backed attackers are continuing to refine their use of content generated using artificial intelligence tools, including audio deepfakes and video news anchors, to sow disruption and influence e…DATABREACHTODAY.CO.UK
5 AprSEXi, Powerhost, Acuity, Layerslider, JSOutProx, Byakugan, Josh Marpet, and More - SWN #375SEXi, AI Dreams, Powerhost, Acuity, Layerslider, JSOutProx, Byakugan, Josh Marpet, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-375YOUTUBE.COM
5 AprWhat Lies Ahead for Cybersecurity in the Era of Generative AI? - IT Security Gurusubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.itsecurityguru.org/2024/04/05/what-lies-ahead-for-cybersecurity-in-the-era-of-generative-ai/ITSECURITYGURU.ORG
5 AprFriday Squid Blogging: SqUID BotsThey’re AI warehouse robots . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here .SCHNEIER.COM
5 AprVietnamese Threat Actor Targeting Financial Data Across AsiaCoralRaider Looks for Social Media Accounts That Contain Payment Information Vietnamese financially motivated hackers are targeting businesses across Asia in a campaign to harvest corporate credentials and financial data for resale in online criminal markets. Researchers at Cisco…DATABREACHTODAY.CO.UK
5 AprSophisticated Latrodectus Malware Linked to 2017 StrainNew Malware With Ties to IcedID Loader Evades Detection, Gains Persistence Security researchers are warning about a relatively new malware called Latrodectus, believed to be an evolutionary successor to the IcedID loader. It has been detected in malicious email campaigns since No…DATABREACHTODAY.CO.UK
5 AprHackers Can Use AI Hallucinations to Spread MalwareA Fake Software Library Made Up by a ChatBot Was Downloaded More Than 35,000 Times Generative artificial intelligence is good at sounding authoritative - even when it's making stuff up. One community that thinks so-called AI hallucinations are actually a good thing: hackers. Espe…DATABREACHTODAY.CO.UK
5 AprCloudflare Enters Observability Space With Baselime PurchaseAcquiring Baselime Will Give Developers Better Visibility Into Serverless Platforms Cloudflare purchased an observability startup founded by an aerospace dynamics expert to enhance the developer experience on serverless platforms. Baselime will allow developers to optimize perfor…DATABREACHTODAY.CO.UK
5 AprDon't trust the cache :Exposing Web cache vulnerabilitiessubmitted by testeronious to security 1 points | 0 comments https://anasbetis023.medium.com/dont-trust-the-cache-exposing-web-cache-poisoning-and-deception-vulnerabilities-3a829f221f52ANASBETIS023.MEDIUM.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
5 AprByakugan – The Malware Behind a Phishing AttackIn January 2024, FortiGuard Labs collected a PDF file written in Portuguese that distributes a multi-functional malware known as Byakugan. While investigating this campaign, a report about it was published.FORTINET.COM
5 AprNew Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENAFinancial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are being targeted by a new version of an "evolving threat" called JSOutProx. "JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET," Resecurity said&n…THEHACKERNEWS.COM
5 AprFrom PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan MalwareBogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a li…THEHACKERNEWS.COM
5 AprFake Facebook MidJourney AI page promoted malware to 1.2 million peopleHackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI's SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 11[−]
5 AprFake Lawsuit Threat Exposes Privnote Phishing SitesA cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company.KREBSONSECURITY.COM
5 AprNote-taking apps and to-do lists with end-to-end encryption | Kaspersky official blogAn overview of private and encrypted note-taking apps, to-do lists, and diaries on all platforms.KASPERSKY.COM
5 AprMicrosoft fixes Windows Sysprep issue behind 0x80073cf2 errorsMicrosoft has fixed a known issue causing 0x80073cf2 errors when using the System Preparation (Sysprep) tool after installing November Windows 10 updates. [...]BLEEPINGCOMPUTER.COM
5 AprIvanti CEO Pledges To Fundamentally Transform Its Hard-Hit Security ModelPACKETSTORMSECURITY.COM
5 AprLatrodectus Uses Sandbox Evasion Techniques To Launch Malicious PayloadsPACKETSTORMSECURITY.COM
5 AprGoogle sues crypto investment app makers over alleged massive “pig butchering” scamTwo China-based Android app developers are being sued by Google for an alleged scam targeting 100,000 users worldwide through fake cryptocurrency and other investment apps. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
5 AprMedical Device Cyberthreat Modeling: Top ConsiderationsBesides not doing cyberthreat modeling at all, some the biggest mistakes medical device manufacturers can make are starting the modeling process too late in the development phase or using it simply as a "paper weight exercise," said threat modeling expert Adam Shostack of Shostac…DATABREACHTODAY.CO.UK
5 AprRecent Windows updates break Microsoft Connected Cache deliveryMicrosoft says Windows 10 updates released since the start of the year are breaking Microsoft Connected Cache (MCC) node discovery on enterprise networks. [...]BLEEPINGCOMPUTER.COM
5 AprThe devil is in the fine print – Week in security with Tony AnscombeTemu's cash giveaway where people were asked to hand over vast amounts of their personal data to the platform puts the spotlight on the data-slurping practices of online services todayWELIVESECURITY.COM