🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
19 AprAlert! Windows LPE Zero-day Exploit Advertised on Hacker ForumsA new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale on a notorious hacker forum. This exploit, which has not yet been assigned a Common Vulnerabilities and Exposures (CVE) reference, is said to be capable of granting unauthorized users elevated privil…GBHACKERS.COM
19 Apr KEV22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacksApproximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024-3400 flaw, a critical command injection vulnerability that has been actively exploited in attacks since at least March 26, 2024. [...]BLEEPINGCOMPUTER.COM
19 AprCVE-2024-29991 Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
19 AprMore on the PAN-OS CVE-2024-3400PSIRT learned of a suspicious exfiltration attempt at a customer site. Palo Alto Network's team investigated the issue with Volexity's team. The post More on the PAN-OS CVE-2024-3400 appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
⚠️ VULNERABILITY DISCLOSURE 20[−]
19 AprDamn Vulnerable RESTaurant: Open-Source API Service Designed for LearningDamn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game.HELPNETSECURITY.COM
19 AprNovel Android Malware Targets Korean Banking UsersA new banking Trojan is targeting Korean users using obfuscation techniques that target the Android manifest, exploit vulnerabilities and take advantage of weaknesses in how Android apps interpret this file.BANKINFOSECURITY.COM
19 AprOpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for CryptominingMicrosoft warns that several OpenMetadata vulnerabilities are being exploited to deploy cryptomining malware to Kubernetes environments. The post OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining appeared first on SecurityWeek .SECURITYWEEK.COM
19 AprGPT-4 Can Exploit Most Vulns Just by Reading Threat Advisoriessubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/threat-intelligence/gpt-4-can-exploit-most-vulns-just-by-reading-threat-advisoriesDARKREADING.COM
19 AprRansomware feared in Octapharma Plasma’s US-wide shutdownUS-based human plasma collector, tester, and supplier Octapharma Plasma may have been experiencing a ransomware attack pushing the company into operational shutdown, according to a report by The Register. An unnamed source familiar with the situation reportedly said that Octaphar…CSOONLINE.COM
19 AprCisco Releases Security Advisories for Cisco Integrated Management ControllerCisco has released security advisories for vulnerabilities in the Cisco integrated management controller. A remote cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the foll…CISA.GOV
19 AprThreat-Intelligence Startup VulnCheck Closes $8M Seed FinancingVulnCheck banks $8 million in early stage capital to build 'exploit intelligence' technologies and services. The post Threat-Intelligence Startup VulnCheck Closes $8M Seed Financing appeared first on SecurityWeek .SECURITYWEEK.COM
19 AprRethinking work dynamics: Why consumer browsers are no longer enoughIn the fast-paced realm of modern business, adaptation is key. As organizations transition to hybrid work models and embrace cloud-based operations, the very fabric of how we work has transformed – opening doors to more security risks. With more freelancers, contractors, and BYOD…CSOONLINE.COM
19 AprNovel Android Malware Targets South Korean Banking UsersNew Malware SoumniBot Exploiting Legitimate Android Process A new banking Trojan is targeting Korean users using obfuscation techniques that target the Android manifest, exploit vulnerabilities and take advantage of weaknesses in how Android apps interpret this file. SoumniBot st…DATABREACHTODAY.CO.UK
19 AprRising Ransomware Issue: English-Speaking Western AffiliatesDomestic Teen Groups Demand 'Nip the Bud' and 'Alternative Pathways,' Experts Say Western law enforcement agencies are battling a rise in domestic ransomware attackers. Given the "significant" resources being poured into combating ransomware, signing up for a ransomware crew from…DATABREACHTODAY.CO.UK
19 AprUnited Nations agency investigates ransomware attack, data theftThe United Nations Development Programme (UNDP) is investigating a cyberattack after threat actors breached its IT systems to steal human resources data. [...]BLEEPINGCOMPUTER.COM
19 AprCyber Security Today, Week in Review for week ending Friday April 19, 2024On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT departmentsCYBERSECURITYTODAY.LIBSYN.COM
19 AprMITRE says state hackers breached its network via Ivanti zero-daysThe MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days. [...]BLEEPINGCOMPUTER.COM
19 AprHelloKitty ransomware rebrands, releases CD Projekt and Cisco dataAn operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks.. [...]BLEEPINGCOMPUTER.COM
19 AprWindows path conversion weirdness enables unprivileged rootkit behaviorAttackers can take advantage of how Windows converts file paths between the traditional DOS format to the more modern NT format in order to achieve rootkit-based capabilities such as hiding files and processes without any special privileges, a security researcher has discovered. …CSOONLINE.COM
19 AprFIN7 Targeted US Automotive Giant In Failed AttackSpear Phishing Messages Sent to Emplpyees With Admin Rights A Russia-based cybercriminal group targeted a large American auto manufacturer, more evidence of its shift to deep-pocketed victims the gang hopes will deliver a major payday. FIN7 - also known as Carbon Spider and Sangr…DATABREACHTODAY.CO.UK
19 AprMitre Says Hackers Breached Unclassified R&D NetworkThreat Actor Exploited Ivanti Zero-Day Vulnerabilities in Cyberattack A nation-state threat actor gained access into an unclassified research and development network operated by MITRE, a non-profit that oversees key federal funded research and development centers for the U.S. gov…DATABREACHTODAY.CO.UK
19 Apr KEVCrushFTP warns users to patch exploited zero-day “immediately”CrushFTP warned customers today in a private memo of an actively exploited zero-day vulnerability fixed in new versions released today, urging them to patch their servers immediately. [...]BLEEPINGCOMPUTER.COM
19 AprBaby ASO: A Minimal Viable Transformation for Your SOCVaguely relevant but very cyber image from Dall-E One pattern I spotted after looking at the evolution of IT and security organizations over the years, including my time at Gartner is: change is hard, but transformation is harder. Perhaps it is an IT Axiom of some sort, with a Th…MEDIUM.COM
19 AprHacker Threatens to Expose Sensitive World-Check Database'GhostR' Claims to Have 5.3 Million Records from Major Screening Database A seemingly financially-driven hacker known as GhostR claimed to have stolen millions of highly-sensitive records from a "know-your-customer" database used by the London Stock Exchange Group to combat finan…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 7[−]
19 AprNATO to launch new cyber center to contest cyberspace 'at all times'submitted by c0mmando to netsec 1 points | 0 comments https://therecord.media/nato-new-military-civilian-cyber-center-mons-belgium NATO will establish a new cyber center at its military headquarters in Mons, Belgium, a senior official confirmed to Recorded Future News on Wednesda…THERECORD.MEDIA
19 AprAkira Ransomware Attacks Over 250 Organizations and Collects $42 MillionThe Akira ransomware variant has severely impacted more than 250 organizations worldwide, amassing approximately USD 42 million in ransom payments. This information comes from a detailed joint Cybersecurity Advisory issued by the FBI and the Cybersecurity and Infrastructure Secur…GBHACKERS.COM
19 AprCISA, FBI, Europol Say Akira Ransomware Raked in $42 Million From Over 250 VictimsAccording to a joint advisory from the FBI, CISA, Europol's EC3, and the Netherlands' NCSC-NL, the Akira ransomware operation has breached the networks of over 250 organizations and raked in roughly $42 million in ransom payments.BLEEPINGCOMPUTER.COM
19 AprCISA, FBI, and ODNI Release Guidance for Securing Election Infrastructure Against the Tactics of Foreign Malign Influence OperationsThe guidance document details the latest tactics employed in foreign malign influence operations to shape U.S. policies, decisions, and discourse and could be used to target America’s election infrastructure.CISA.GOV
🔥 INCIDENT REPORTING 19[−]
19 AprTransatlantic Cable podcast episode 343 | Kaspersky official blogEpisode 343 of the Kaspersky podcast has ransomware extortion via call centers, X controversy & more!KASPERSKY.COM
19 Apr‘Crude’ Ransomware Tools Proliferating on the Dark Web for Cheap, Researchers FindResearchers at the intelligence unit at the cybersecurity firm Sophos found 19 ransomware varieties being offered for sale or advertised as under development on four forums from June 2023 to February 2024.THERECORD.MEDIA
19 AprBreach Roundup: LabHost Phishing-as-a-Service Site Goes DownAlso: Omni Hack Exposed Customer Data; More Ivanti Vulnerabilities Come to Light This week, police disrupted the LabHost phishing-as-a-service site, customer data compromised in Omni Hotels hack, more Ivanti vulnerabilities found, Moldovan botnet operator faces U.S. charges, Cisc…DATABREACHTODAY.CO.UK
19 AprCybercriminals Pose as LastPass Staff to Hack Password VaultsThe attacker combines multiple social engineering techniques that involve contacting the potential victim (voice phishing) and pretending to be a LastPass employee trying to help with securing the account following unauthorized access.BLEEPINGCOMPUTER.COM
19 AprRansomware Victims Who Pay a Ransom Drops to Record LowThat downward trend comes thanks to "enterprises large and small" being "increasingly able to withstand an encryption attack, and restore their operations without the need for a threat actor decryption key," Coveware said.BANKINFOSECURITY.COM
19 AprAkira Ransomware Gang Extorts $42 Million; Now Targets Linux ServersThreat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infras…THEHACKERNEWS.COM
19 AprAkira Ransomware Made Over $42 Million in One Year: AgenciesAkira ransomware has hit over 250 organizations worldwide and received over $42 million in ransom payments. The post Akira Ransomware Made Over $42 Million in One Year: Agencies appeared first on SecurityWeek .SECURITYWEEK.COM
19 AprFrontier Communications Shuts Down Systems Following CyberattackTelecom giant Frontier shuts down systems to contain a cyberattack that led to personal information compromise. The post Frontier Communications Shuts Down Systems Following Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
19 AprHalf of U.K. Businesses Experienced a Security Breach or Cyber Attack in the Last 12 MonthsAnalysis of cyber attacks targeting U.K. organizations highlights the effectiveness of social engineering attacks and the fact that businesses are missing the mark on how to stop it.KNOWBE4.COM
19 AprIn Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm AttackNoteworthy stories that might have slipped under the radar: OpenSSF and OpenJS incidents similar to XZ backdoor, Moldovan botnet operator charged, US automotive company targeted by FIN7. The post In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm At…SECURITYWEEK.COM
19 AprBlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' ToolTechnology, research, and government sectors in the Asia-Pacific region have been targeted by a threat actor called BlackTech as part of a recent cyber attack wave. The intrusions pave the way for an updated version of modular backdoor dubbed Waterbear as…THEHACKERNEWS.COM
19 AprISMG Editors: Global Fallout From Leaked LockBit RansomwareAlso: Congress Weighs in on Change Healthcare Saga; Hot Topics at ISMG’s AI Summit In the latest weekly update, ISMG editors discussed the rise of criminal groups using leaked LockBit ransomware for global cyberattacks, Congress's recent hearing on the cyberattack targeting Chang…DATABREACHTODAY.CO.UK
19 AprRoku forcing 2-factor authentication after breach of 600K accountsAccounts with stored payment information went for as little as $0.50 each.ARSTECHNICA.COM
19 AprBreachRx Raises $6.5M to Revamp Incident Response Reporting SystemsInvestors make an early-stage $6.5 million bet on BreachRx, a startup promising to shield cybersecurity executives from personal liability. The post BreachRx Raises $6.5M to Revamp Incident Response Reporting Systems appeared first on SecurityWeek .SECURITYWEEK.COM
19 AprProtecting yourself after a medical data breach – Week in security with Tony AnscombeWhat are the risks and consequences of having your health data exposed and what are the steps to take if it happens to you?WELIVESECURITY.COM
19 AprSuspected Attack Shuts Down US Blood Plasma Donation CentersSwiss-Based Octapharma Plasma Says Co. is Dealing with 'Network Issues' The U.S. operations of a Swiss pharmaceutical maker has shut down nearly 200 blood plasma donation centers while the company responds to "network issues" that started earlier this week and have reportedly bee…DATABREACHTODAY.CO.UK
19 AprImproved incident response planning is a business necessityChief information security officers (CISOs) understand the importance of having an incident response plan in place to help decrease the impact of a cyberattack. That’s because despite increased awareness and evolving security technology and practices, cyber threats continue to gr…CSOONLINE.COM
19 AprThe Week in Ransomware - April 19th 2024 - Attacks Ramp UpWhile ransomware attacks decreased after the LockBit and BlackCat disruptions, they have once again started to ramp up with other operations filling the void. [...]BLEEPINGCOMPUTER.COM
19 AprRoku forcing 2-factor authentication after 2 breaches of 600K accountsAccounts with stored payment information went for as little as $0.50 each.ARSTECHNICA.COM
🕵️ THREAT INTELLIGENCE 16[−]
19 AprISC Stormcast For Friday, April 19th, 2024 https://isc.sans.edu/podcastdetail/8946, (Fri, Apr 19th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
19 AprEvil XDR: Researcher Turns Palo Alto Software Into Perfect Malwaresubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malwareDARKREADING.COM
19 AprCyber Security Today, April 19, 2024 - Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and moreThis episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international, and moreCYBERSECURITYTODAY.LIBSYN.COM
19 AprFBI says Chinese hackers preparing to attack US infrastructuresubmitted by kid to cybersecurity 2 points | 1 comments https://www.reuters.com/technology/cybersecurity/fbi-says-chinese-hackers-preparing-attack-us-infrastructure-2024-04-18/REUTERS.COM
19 AprUS Election Officials Told to Prepare for Nation-State Influence Campasubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/us-election-officials-nation-stateINFOSECURITY-MAGAZINE.COM
19 AprOfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotalsubmitted by kid to cybersecurity 1 points | 0 comments https://blog.talosintelligence.com/offlrouter-virus-causes-upload-confidential-documents-to-virustotal/TALOSINTELLIGENCE.COM
19 AprCryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack | Threat Intelsubmitted by kid to cybersecurity 1 points | 0 comments https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kitLOOKOUT.COM
19 AprTrust in Cyber Takes a Knock as CNI Budgets FlatlineTrust in cybersecurity tools has become one of the biggest challenges facing critical national infrastructure (CNI) providers as sophisticated nation-state attacks proliferate, according to a new report from Bridewell.INFOSECURITY-MAGAZINE.COM
19 AprUS Government Releases Guidance on Securing Election InfrastructureNew US guidance details foreign malign influence operations to help election infrastructure stakeholders increase resilience. The post US Government Releases Guidance on Securing Election Infrastructure appeared first on SecurityWeek .SECURITYWEEK.COM
19 AprRussian Threat Actor FIN7 Targeting the Automotive Industry with Spear Phishing AttacksThe cybercriminal threat actor FIN7 is launching spear phishing attacks against the automotive industry in the United States, according to researchers at BlackBerry.KNOWBE4.COM
19 AprFirst Major Attempts to Regulate AI Face Headwinds From All SidesWhile over 400 AI-related bills are being debated this year in statehouses nationwide, most target one industry or just a piece of the technology — such as deepfakes used in elections. The post First Major Attempts to Regulate AI Face Headwinds From All Sides appeared first on Se…SECURITYWEEK.COM
19 AprWin 95, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland... - SWN #379Win 95, Cheat Lab, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-379YOUTUBE.COM
19 AprFriday Squid Blogging: Squid TrackersA new bioadhesive makes it easier to attach trackers to squid. Note: the article does not discuss squid privacy rights. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here .SCHNEIER.COM
19 AprCEO Andre Durand on Why Ping, ForgeRock Are Better TogetherHow Ping-ForgeRock Merger Provides Enhanced Deployment Flexibility, More Services Ping Identity CEO Andre Durand elaborated on the merger with ForgeRock, highlighting the synergy between the two companies. Durand noted the enhanced deployment options and service capabilities now …DATABREACHTODAY.CO.UK
19 AprUK ICO Weighs Role of 'Accuracy' in Generative AIBut Accurate Data Doesn't Always Result In Accurate Outcomes The U.K. data protection agency says generative artificial intelligence developers should take steps to filter out inaccurate training data so long as their models disseminate information about people. How accurate a mo…DATABREACHTODAY.CO.UK
19 AprA guide To IoT Security – Protect Your Connected DevicesLiving in the digital era, accompanied by technological devices that have become a part of our everyday routine, the IoT is one of the factors and visual tools of innovation and convenience. Besides, when we look at the net parenthesis, there are both advantages as well as challe…GBHACKERS.COM
🌐 CYBER THREAT LANDSCAPE 7[−]
19 AprHackers Target Middle East Governments with Evasive "CR4T" BackdoorGovernment entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T. Russian cybersecurity company Kaspersky said it discovered the activity in February 2024, with evidence suggesting th…THEHACKERNEWS.COM
19 AprOfflRouter Malware Evades Detection in Ukraine for Almost a DecadeSelect Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. "The documents contained VBA code to drop and run an executable with the name 'ctrlpanel.exe,'" security researcher Vanja Svajcer said.THEHACKERNEWS.COM
19 AprGoogle Ad Impersonates Whales Market to Push Wallet Drainer MalwareA legitimate-looking Google Search advertisement for the crypto trading platform 'Whales Market' redirects visitors to a wallet-draining phishing site that steals all of your assets.BLEEPINGCOMPUTER.COM
19 AprHacking the Floodgates: US Dams Face Growing Cyber ThreatsCould a hacker seize control of America's dams, unleashing floods and chaos across vulnerable communities? Cybersecurity analysts and leading lawmakers warn it's possible.BANKINFOSECURITY.COM
19 AprDark Web Sales Driving Major Rise in Credential AttacksA rise in infostealer malware attacks over the past three years has enabled cybercriminal groups to turn credential stealing into a major money-making business, paving the way for new entrants in the field and sophisticated hacking techniques.BANKINFOSECURITY.COM
19 AprFake Cheat Lures Gamers Into Spreading Infostealer MalwareA new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too.BLEEPINGCOMPUTER.COM
19 AprYour Android phone could have stalkerware — here’s how to remove itThis simple guide helps you identify and remove common consumer-grade spyware apps from your Android phone. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
📡 INFOSEC NEWS 8[−]
19 Apr92% of Enterprises Unprepared for AI Security ChallengesMost industries continue to run almost two or more months behind in patching software vulnerabilities, endpoints remain vulnerable to threats, and most enterprise PCs must be replaced to support AI-based technologies, according to a new report.HELPNETSECURITY.COM
19 AprQuishing Attacks Jump Tenfold, Attachment Payloads HalveThe figures come from the latest Egress report, which also suggests a notable decrease in attachment-based payloads, which halved from 72.7% to 35.7% over the same period.INFOSECURITY-MAGAZINE.COM
19 AprIs it safe to message other apps from WhatsApp? | Kaspersky official blogWhatsApp will soon support messaging with other apps. Should you use this feature? What are the benefits and risks?KASPERSKY.COM
19 AprHow Attackers Can Own a Business Without Touching the EndpointAttackers are increasingly making use of “networkless” attack techniques targeting cloud apps and identities. Here’s how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems…THEHACKERNEWS.COM
19 AprNSA Shares Best Practices for Secure AI SystemsThe guidance offers a wide range of best practices, including that organizations adopt a zero trust mindset, actively monitor the AI model’s behavior, and require the primary developer of the AI system to provide a threat model for their system.MERITALK.COM
19 AprNCSWIC Releases Roles and Responsibilities: Statewide Interoperability Coordinators DocumentCISA.GOV
19 AprThe CVE's They are A-Changing!, (Wed, Apr 17th)The downloadable format of CVE&#;x26;#;39;s from Miter will be changing in June 2024, so if you are using CVE downloads to populate your scanner, SIEM or to feed a SOC process, now would be a good time to look at that. If you are a vendor and use these…ISC.SANS.EDU