21Articles
7Categories
2024-04-13Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
13 AprPalo Alto Networks zero-day exploited since March to backdoor firewallsSuspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials. [...]BLEEPINGCOMPUTER.COM
13 AprCritical Palo Alto GlobalProtect Vulnerability Exploited (CVE-2024-3400), (Sat, Apr 13th)On Friday, Palo Alto Networks released an advisory warning users of Palo Alto&#;x26;#;39;s Global Protect product of a vulnerability that has been exploited since March [1]. ISC.SANS.EDU
13 AprIBM QRadar - When The Attacker Controls Your Security Stack (CVE-2022-26377) - watchTowr Labssubmitted by testeronious to security 1 points | 0 comments https://labs.watchtowr.com/ibm-qradar-when-the-attacker-controls-your-security-stack/LABS.WATCHTOWR.COM
⚠️ VULNERABILITY DISCLOSURE 5[−]
13 AprNorth Korean Hackers Exploit Two MITRE Sub-Techniques: Phantom DLL Hijacking, TCC AbuseThe first, not entirely new, sub-technique involves manipulation of Transparency, Consent, and Control (TCC), a security protocol that regulates application permissions on Apple's macOS.DARKREADING.COM
13 AprTelegram Fixes Windows App Zero-Day Used to Launch Python ScriptsA proof of concept exploit was shared on the XSS hacking forum explaining that a typo in the source code for Telegram for Windows could be exploited to send Python .pyzw files that bypass security warnings when clicked.BLEEPINGCOMPUTER.COM
13 AprHackers Deploy Python Backdoor in Palo Alto Zero-Day AttackThreat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company's Unit 42 division is tracking the activity under…THEHACKERNEWS.COM
13 AprHacker claims Giant Tiger data breach, leaks 2.8M records onlineCanadian retail chain Giant Tiger disclosed a data breach in March 2024. A threat actor has now publicly claimed responsibility for the data breach and leaked 2.8 million records on a hacker forum that they claim are of Giant Tiger customers. [...]BLEEPINGCOMPUTER.COM
13 AprBypassing problematic captive portals. Cafe gives a red padlock; transit svc has broken TLS captive portal, etc…submitted by coffeeClean to cybersecurity 1 points | 0 comments The red padlock The captive portal of a cafe simply rendered a red padlock on with a line through it. Essentially, it was apparently telling me I am being denied access without using any words. There was no other scr…INFOSEC.PUB
📢 SECURITY ADVISORIES 1[−]
13 AprCISA Orders Agencies Impacted by Microsoft Hack to Mitigate RisksCISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group.BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 1[−]
13 AprPopular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Filessubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://thehackernews.com/2024/04/popular-rust-crate-liblzma-sys.html?m=1THEHACKERNEWS.COM
🕵️ THREAT INTELLIGENCE 5[−]
13 AprHouse Passes Reauthorization of Key US Surveillance Program After Days of Upheaval Over ChangesThe bill was approved on a bipartisan basis, 273-147, though it will still have to clear the Senate to become law. The post House Passes Reauthorization of Key US Surveillance Program After Days of Upheaval Over Changes appeared first on SecurityWeek .SECURITYWEEK.COM
13 Apr[Heads Up] Global Cybercrime Hotspot Countries Revealed: Secure Your DefensesIn a groundbreaking study that spanned three years, an international research team, including experts from the University of Oxford and UNSW Canberra, has developed the first-ever World Cybercrime Index.KNOWBE4.COM
13 AprEx-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Theftssubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://thehackernews.com/2024/04/ex-security-engineer-jailed-3-years-for.html?m=1THEHACKERNEWS.COM
13 AprISC Stormcast For Sunday, April 14th, 2024 https://isc.sans.edu/podcastdetail/8938, (Sat, Apr 13th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
13 AprI don't have to say it, do I?So today, news broke that Iran has sent dozens, if not more than 100 drones to Israel in a direct attack. Discussion on Twitter also claim that ballistic missiles will be sent.KNOWBE4.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
13 AprGovernment spyware is another reason to use an ad blockerSpyware makers are reportedly working on targeting individuals with stealthy data-stealing malware using online banner ads. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
13 AprFirebird RAT creator and seller arrested in the U.S. and AustraliaA joint police operation between the Australian Federal Police (AFP) and the FBI has led to the arrest and charging of two individuals who are believed to be behind the development and distribution of the "Firebird" remote access trojan (RAT), later rebranded as "Hive." [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 4[−]
13 AprFBI Warns of Massive Wave of Road Toll SMS Phishing AttacksWhile the mobile phishing campaign has yet to reach some U.S. regions, this can be explained by the fact that complaint information collected so far by IC3 indicates the scam may be moving from state to state.BLEEPINGCOMPUTER.COM
13 AprUK flooded with forged stamps despite using barcodes — to prevent just thatRoyal Mail, the British postal and courier service began switching all snail mail stamps to barcoded stamps last year. The purpose of the barcode was to enhance security, deter stamp reuse, and possibly prevent forgeries—which it has failed to do. [...]BLEEPINGCOMPUTER.COM
13 AprEx-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange TheftsA former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million. Shakeeb Ahmed, the defendant in question, pled guilty to…THEHACKERNEWS.COM
13 AprU.S. Treasury Hamas Spokesperson for Cyber Influence OperationsThe U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday announced sanctions against an official associated with Hamas for his involvement in cyber influence operations. Hudhayfa Samir ‘Abdallah al-Kahlut, 39, also known as Abu Ubaida, has served as the pu…THEHACKERNEWS.COM