106Articles
9Categories
2024-04-23Date
🚨 CISA KEV 1[−]
23 Apr KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for m…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
23 AprCritical Apache HugeGraph Flaw Let Attackers Execute Remote CodeSecurity researchers have identified a critical vulnerability in Apache HugeGraph, an open-source graph database tool. This flaw, if exploited, could allow attackers to execute arbitrary code remotely, posing a significant threat to systems using this software. The vulnerability …GBHACKERS.COM
23 AprSiemens Industrial Product Impacted by Exploited Palo Alto Firewall VulnerabilityPalo Alto Networks firewall vulnerability CVE-2024-3400, exploited as a zero-day, impacts a Siemens industrial product. The post Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
23 AprRussian state-sponsored hacker used GooseEgg malware to steal Windows credentialsRussia-linked advanced persistent threat ( APT ) actor Forest Blizzard had, since June 2020, exploited a now-patched Windows vulnerability to drop previously unknown, custom post-compromise malware, GooseEgg, according to a Microsoft repor t. Forest Blizzard, linked previously to…CSOONLINE.COM
23 AprPoC Exploit Released For Critical Oracle VirtualBox VulnerabilityOracle Virtualbox was identified and reported as having a critical vulnerability associated with Privilege Escalation and Arbitrary File Move/Delete. This vulnerability was assigned with CVE-2024-21111, and the severity was 7.8 (High). However, Oracle has acted swiftly upon the r…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 29[−]
23 AprRussia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' MalwareThe Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been u…THEHACKERNEWS.COM
23 AprMicrosoft’s mea culpa moment: how it should face up to the CSRB’s critical reportAfter the CSRB report , Microsoft must eschew marketing hyperbole while apologizing for its cavalier security practices, communicating its remediation plan, and report honest metrics to the security community as it proceeds. On March 20 of this year, the Cyber Safety Review Board…CSOONLINE.COM
23 AprCritical Flaw with Popular API Portal Let Attackers Launch SSRF AttacksA significant vulnerability in the Perforce Akana Community Manager Developer Portal has been found, allowing attackers to conduct server-side request forgery (SSRF) attacks. Community Manager is an advanced solution designed to assist businesses in creating an API portal th…GBHACKERS.COM
23 AprTop 10 physical security considerations for CISOsWhile chief information security officers (CISOs) are rarely tasked with the full range of health and human safety concerns that facilities teams or chief security officers must act upon, CISOs still have a huge part to play in enterprise physical security strategies from physica…CSOONLINE.COM
23 AprHacker Offers Upto $300 To Mobile Networks Staff For Illegal SIM SwapsA SIM Swap Scam or SIM Cloning Scam exploits a vulnerability in a two-factor authentication (2FA) system that relies on SMS messages for verification codes, where attackers aim to gain control of the victim’s mobile phone number by convincing the victim’s mobile carri…GBHACKERS.COM
23 AprCloud Console Cartographer: Open-Source Tool Helps Security Teams Transcribe Log ActivityCloud Console Cartographer is an open-source tool that maps noisy log activity into highly consolidated, succinct events to help security practitioners cut through the noise and understand console behavior in their environment.HELPNETSECURITY.COM
23 AprPolice Chiefs Call for Solutions to Access Encrypted Data in Serious Crime CasesEuropean Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption (E2EE). They called on the industry and governments to take urgent action to ensure public safety across social medi…THEHACKERNEWS.COM
23 AprGerman Authorities Issue Arrest Warrants for Three Suspected Chinese SpiesGerman authorities said they have issued arrest warrants against three citizens on suspicion of spying for China. The full names of the defendants were not disclosed by the Office of the Federal Prosecutor (aka Generalbundesanwalt), but it includes Herwig F., Ina F…THEHACKERNEWS.COM
23 AprNespresso Domain Serves Up Steamy Cup of Phish, No Cream or SugarA phishing campaign exploiting a bug in Nespresso's website has been able to evade detection by taking advantage of security tools that fail to look for malicious nested or hidden links.DARKREADING.COM
23 AprWebinar: Learn Proactive Supply Chain Threat Hunting TechniquesIn the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks have emerged as a potent threat, exploiting the intricate web of interconnected systems and third-party dependencies to breach even the most formidable defenses. But what if you could tu…THEHACKERNEWS.COM
23 AprFraudsters Exploit Telegram’s Popularity for Toncoin ScamThe perpetrators attract unsuspecting Telegram users through a referral system, enticing them with promises of an “exclusive earning program” shared via contacts in their network.INFOSECURITY-MAGAZINE.COM
23 AprTracing the Steps of Cyber Intruders: The Path of Lateral MovementWhen cyber attacks strike, it’s rarely a single computer that suffers. Nowadays, cybercriminals set their sights on corporate networks, aiming to infiltrate and compromise multiple systems. But how do these bad actors manage to breach large networks? It all starts with a fo…GBHACKERS.COM
23 AprRussian Cyberspies Deliver ‘GooseEgg’ Malware to Government OrganizationsRussia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations. The post Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations appeared first on SecurityWeek .SECURITYWEEK.COM
23 AprHackers hijack antivirus updates to drop GuptiMiner malwareNorth Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware. [...]BLEEPINGCOMPUTER.COM
23 AprApache Cordova App Harness Targeted in Dependency Confusion AttackResearchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries…THEHACKERNEWS.COM
23 AprCISA Releases Two Industrial Control Systems AdvisoriesCISA released two Industrial Control Systems (ICS) advisories on April 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-051-03 Mitsubishi Electric Electrical Discharge Machines (Update A) I…CISA.GOV
23 AprUS imposes visa bans on 13 spyware makers and their families​The Department of State has started imposing visa restrictions on mercenary spyware makers and peddlers, prohibiting their entry into the United States, as announced earlier in February. [...]BLEEPINGCOMPUTER.COM
23 AprPhishing Campaign Exploits Nespresso DomainAttackers are launching phishing campaigns using an open-redirect vulnerability affecting a website belonging to coffee machine company Nespresso, according to researchers at Perception Point.KNOWBE4.COM
23 AprSustainable Funding of Open Source Tools - Simon Bennetts, Mark Curphey - ASW #282How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Overrid…YOUTUBE.COM
23 AprXZ & Open Source, PuTTY's Private Keys, LeakyCLI, LLMs Writing Exploits - ASW #282CISA chimes in on the XZ Utils backdoor, PuTTY's private keys and maintaining a secure design, LeakyCLI and maintaining secure secrets in CSPs, LLMs and exploit generation, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securit…YOUTUBE.COM
23 AprBehavioral patterns of ransomware groups are changing - Help Net Securitysubmitted by kid to cybersecurity 2 points | 0 comments https://www.helpnetsecurity.com/2024/04/23/ransomware-groups-activity-q1-2024/ The GRIT Q1 2024 Ransomware Report highlights a nearly 20% annual increase in ransomware victims and significant shifts in Ransomware-as-a-Servic…HELPNETSECURITY.COM
23 AprAuthentication failure blamed for Change Healthcare ransomware attackAbsence of adequate remote access authentication has emerged as the probable cause of the infamous Change Healthcare ransomware attack. Attackers “compromised credentials on an application that allows staff to remotely access systems” before infiltrating Change Healthcare’s netwo…CSOONLINE.COM
23 AprRussian APT28 Group in New “GooseEgg” Hacking CampaignA notorious Russian APT group has been stealing credentials for years by exploiting a Windows Print Spooler bug and using a novel post-compromise tool known as “GooseEgg,” Microsoft has revealed.INFOSECURITY-MAGAZINE.COM
23 AprVulnerability Exploitation on the Rise as Attackers Ditch PhishingIn a move away from traditional phishing scams, attackers are increasingly exploiting vulnerabilities in computer systems to gain initial network access, according to Mandiant’s M-Trends 2024 Report.INFOSECURITY-MAGAZINE.COM
23 AprThe Assumed Breach conundrumBreaches are inevitable due to the asymmetry of attacks – carpet checks versus guerilla warfare. Companies – regardless of size – have been breached. For years, security leaders have spoken about the myth of the infallible Protection doctrine and reasons for improving on detectio…CSOONLINE.COM
23 AprRussian Hackers Exploiting Windows Print Spooler VulnMicrosoft Warns APT28's GooseEgg Tool Enables Credential Theft Russian military intelligence hackers are using an 18 month-old vulnerability in the Windows print spooler utility to deploy a custom tool that elevates privileges and steals credentials. Microsoft says it's seen post…DATABREACHTODAY.CO.UK
23 AprUncovering potential threats to your web application by leveraging security reportsPosted by Yoshi Yamaguchi, Santiago Díaz, Maud Nalpas, Eiji Kitamura, DevRel team The Reporting API is an emerging web standard that provides a generic reporting mechanism for issues occurring on the browsers visiting your production website. The reports you receive detail issues…SECURITY.GOOGLEBLOG.COM
📋 SECURITY BULLETINS 2[−]
23 AprMicrosoft releases Exchange hotfixes for security update issues​Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates. [...]BLEEPINGCOMPUTER.COM
23 AprMicrosoft pulls fix for Outlook bug behind ICS security alertsMicrosoft reversed the fix for an Outlook bug causing erroneous security warnings after installing December 2023 security updates [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 4[−]
23 AprUncertainty is the Most Common Driver of NoncomplianceMost compliance leaders tend to focus on building an ethical culture in their organizations to improve employee behavior, but it has a limited impact on addressing uncertainty about how to be compliant, according to a survey by Gartner.HELPNETSECURITY.COM
23 AprMicrosoft and Security IncentivesFormer senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft: Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities …SCHNEIER.COM
23 AprCISA to Issue List of Software Products Critical to Agency Security by End of SeptemberThe Cybersecurity and Infrastructure Security Agency is targeting a September 30 deadline to give federal agencies a list of example software products deemed critical for the federal government’s cyber posture.NEXTGOV.COM
🔥 INCIDENT REPORTING 22[−]
23 AprWeekly Update 396Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite "More Data Breaches Than You Can Shake a Stick At". That seems like a reasonable summary and I suggest there are two main rea…TROYHUNT.COM
23 AprCyber Insurance Gaps Stick Firms With Millions in Uncovered LossesThe majority of companies, 4 in 5, have suffered a cyberattack that wasn’t fully covered under their cyber insurance policy, according to an analysis by cyber risk quantification firm CYE.CYBERSECURITYDIVE.COM
23 AprResearchers Warn Windows Defender Attack can Delete DatabasesResearchers at US-Israeli infosec outfit SafeBreach recently discussed flaws in Microsoft and Kaspersky endpoint security products that can potentially allow the remote deletion of files.THEREGISTER.COM
23 AprUnitedHealth Pay Ransom After Change Healthcare Cyberattacksubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://thecyberexpress.com/change-healthcare-cyberattack-ransom-payment/ United group confirmed that it has paid ransom to cyberthreat actors Change Healthcare cyberattack and files containing PI were compr…THECYBEREXPRESS.COM
23 AprVolkswagen Group’s Systems Hacked: 19,000+ Documents StolenThe Volkswagen Group has fallen victim to a sophisticated hacking incident, with over 19,000 sensitive documents stolen. Investigations point towards a possible involvement of Chinese hackers, raising concerns over international cyber espionage and the security of global automoti…GBHACKERS.COM
23 AprFeds Issue Guide for Change Health Breach Reporting DutiesHHS' Office for Civil Rights in new "frequently asked questions" guidance issued Friday night said it has not yet received breach reports from Change Healthcare, UHG, or any other affected covered entities pertaining to the incident.GOVINFOSECURITY.COM
23 AprUnmasking the True Cost of Cyberattacks: Beyond Ransom and RecoveryCybersecurity breaches can be devastating for both individuals and businesses alike. While many people tend to focus on understanding how and why they were targeted by such breaches, there's a larger, more pressing question: What is the true financial impact of a cybera…THEHACKERNEWS.COM
23 AprRansomware Gang Leaks Data Allegedly Stolen From Government ContractorThe LockBit ransomware gang leaks data allegedly stolen from government contractor Tyler Technologies. The post Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor appeared first on SecurityWeek .SECURITYWEEK.COM
23 AprBehavioral Patterns of Ransomware Groups are ChangingThe ransomware landscape has undergone significant changes in Q1 2024, with major shifts in the behavior of Ransomware-as-a-Service (RaaS) groups, according to GuidePoint Security's GRIT Q1 2024 Ransomware Report.HELPNETSECURITY.COM
23 AprUnitedHealth Group Previews Massive Change Healthcare BreachBreach 'Could Cover a Substantial Proportion of People in America,' Company Warns Hackers who hit Change Healthcare stole sensitive personal and medical details that "could cover a substantial proportion of people in America," parent company UnitedHealth Group warned. The company…DATABREACHTODAY.CO.UK
23 AprNespresso Domain Serves Up Steamy Cup of Phish, No Cream or Sugarsubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/nespresso-domain-phish-cream-sugarDARKREADING.COM
23 AprUnitedHealth Says Patient Data Exposed in Change Healthcare CyberattackUnitedHealth confirms that personal and health information was stolen in a ransomware attack that could cost the company up to $1.6 billion. The post UnitedHealth Says Patient Data Exposed in Change Healthcare Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
23 AprUnitedHealth confirms it paid ransomware gang to stop data leakThe UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. [...]BLEEPINGCOMPUTER.COM
23 AprGlobal Optics Provider Hit with Ransomware Attack and a $10M RansomGlobal optics manufacturer Hoya had business operations at its headquarters and several business divisions impacted and is now facing a “No Negotiation / No Discount Policy” $10 million ransom decision to make.KNOWBE4.COM
23 AprDPRK hacking groups breach South Korean defense contractorsThe National Police Agency in South Korea issued an urgent warning today about North Korean hacking groups targeting defense industry entities to steal valuable technology information. [...]BLEEPINGCOMPUTER.COM
23 AprUS govt sanctions Iranians linked to government cyberattacksThe Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. [...]BLEEPINGCOMPUTER.COM
23 AprThis Website is Selling Billions of Private Messages of Discord UsersThe website Spy.pet has been involved in a major privacy breach, selling billions of private messages from Discord users. This breach exposes personal information, private photos, financial details, and potentially company secrets.HACKREAD.COM
23 Apr$10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense ContractorsFour Iranians are accused of hacking into critical systems at the Departments of Treasury and State and dozens of private US companies. The post $10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense Contractors appeared first on SecurityWeek .SECURITYWEEK.COM
23 AprUkrainian Energy Sector Under Cyber Siege by Russian HackersKey Ukrainian Cyber Authority Warns of Spike in Cyberattacks on Energy Facilities Ukraine's Computer Emergency Response Team is warning of a rise in Russian cyberattacks targeting the country’s energy sector, with nearly 20 identified attacks on Ukrainian energy facilities in Mar…DATABREACHTODAY.CO.UK
23 AprChange Health Attack: Details Emerge; Breach Will Top RecordExperts Advise Health Sector to Take Steps as UnitedHealth Group Cleans Up Mess UnitedHealth Group's admission that information for "a substantial portion" of the American population was compromised in its Change Healthcare cyberattack sets into motion the likelihood the incident…DATABREACHTODAY.CO.UK
23 AprNew Microsoft Incident Response guide helps simplify cyberthreat investigationsDiscover how to fortify your organization's cybersecurity defense with this practical guide on digital forensics from Microsoft's Incident Response team. The post New Microsoft Incident Response guide helps simplify cyberthreat investigations appeared first on Microsoft Security …MICROSOFT.COM
🕵️ THREAT INTELLIGENCE 28[−]
23 AprISC Stormcast For Tuesday, April 23rd, 2024 https://isc.sans.edu/podcastdetail/8950, (Tue, Apr 23rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
23 AprEuropol calls for Tech Giants to Get Lawful Access To end-to-end EncryptionThe ongoing tension between privacy rights and public safety, Europol, along with European Police Chiefs, has issued a call for tech giants to provide lawful access to encrypted communications. This development comes as major social media platforms, including those owned by Meta,…GBHACKERS.COM
23 AprGitHub Comments Abused to Push Malware via Microsoft Repository URLsA GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy.BLEEPINGCOMPUTER.COM
23 AprRussian Sandworm Hackers Targeted 20 Critical Organizations in UkraineCERT-UA reports that in March 2024, APT44 conducted operations to disrupt information and communication systems at energy, water, and heating suppliers in 10 regions of Ukraine.BLEEPINGCOMPUTER.COM
23 AprMicrosoft DRM Hack Could Allow Movie Downloads From Popular Streaming ServicesMicrosoft PlayReady vulnerabilities that could allow rogue subscribers to illegally download movies from popular streaming services. The post Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services appeared first on SecurityWeek .SECURITYWEEK.COM
23 AprMicrosoft Warns of North Korean Hackers Turning to AI-Fueled Cyber EspionageMicrosoft specifically highlighted a group named Emerald Sleet (aka Kimusky or TA427), which has been observed using LLMs to bolster spear-phishing efforts aimed at Korean Peninsula experts.THEHACKERNEWS.COM
23 AprU.S. to Impose Visa Restrictions on 13 Individuals Involved in Commercial Spyware OperationsTo combat the misuse of commercial spyware, the United States Department of State has announced visa restrictions on 13 individuals linked to developing and selling these invasive technologies. This decision underscores a broader initiative by the U.S. government to address the p…GBHACKERS.COM
23 AprAndroxgh0st Malware Compromises Servers Worldwide for Botnet Attacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.hackread.com/androxgh0st-malware-servers-botnets-attacks/HACKREAD.COM
23 AprToddyCat APT Is Stealing Data on 'Industrial Scale'submitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/cyber-risk/-toddycat-apt-is-stealing-data-on-an-industrial-scale-DARKREADING.COM
23 AprState Hackers' New Frontier: Network Edge DevicesFirewalls, VPNs and Email Filter Resist Endpoint Scanning State-sponsored hackers have responded to improved network scanning by shifting their focus to edge devices characterized by patchy endpoint detection and proprietary software that hinders forensic analysis, warns Mandiant…DATABREACHTODAY.CO.UK
23 AprMalvertising: Fake Popular Software Ads Deliver New MadMxShell Backdoorsubmitted by kid to cybersecurity 2 points | 1 comments https://www.hackread.com/fake-popular-software-ads-madmxshell-backdoor/HACKREAD.COM
23 AprPasswords, passkeys and familiarity biasAs passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a…SECURITYINTELLIGENCE.COM
23 AprThe Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial SuccessMandiant's M-Trends 2024 report shows that defenses are improving – and that may be true. But the reality remains that these same statistics demonstrate that if anything, the attackers still retain the upper hand. The post The Battle Continues: Mandiant Report Shows Improved Dete…SECURITYWEEK.COM
23 AprEnvironmental Sustainable Training: KnowBe4's Commitment to a Greener EarthKnowBe4 is committed to sustainability and helping protect the environment, as evidenced by our initiatives such as our public commitment to sustainability , our planting trees and supporting local bee hives, and even our CEO Stu Sjouwerman’s donation of $2.5M to the Florida Wild…KNOWBE4.COM
23 AprUSPS Surges to Take Top Spot as Most Impersonated Brand in Phishing AttacksNew data shows phishing attacks are deviating from the traditional focus on technology and retail sectors and are opting for alternate brands with widespread appeal.KNOWBE4.COM
23 AprThe Challenges of Managing Security in an IT/OT Environment - John Germain - CSP #171For manufacturing companies, technology has taken over a good deal of the day-to-day operations occurring on the manufacturing floor. Things like robotics, CNC machines and automated inventory management. There are even systems that track what tools are used, by whom and for how …YOUTUBE.COM
23 AprLevel Up Your Users’ Cybersecurity Skills with 'The Inside Man: New Recruits’We’re thrilled to announce our newest addition to our ModStore’s already brimming collection of games with a new offering based on our award-winning “The Inside Man” training series !KNOWBE4.COM
23 AprGuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual MiningThe GuptiMiner malware campaign, discovered by Avast, involved hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers. The campaign was orchestrated by a threat actor with possible ties to Kimsuky.DECODED.AVAST.IO
23 AprSpain Reopens a Probe Into a Pegasus Spyware Case After a French Request to Work TogetherThe judge with Spain’s National Court said there is reason to believe that the new information provided by France can “allow the investigations to advance.” The post Spain Reopens a Probe Into a Pegasus Spyware Case After a French Request to Work Together appeared first on Securi…SECURITYWEEK.COM
23 AprUS Presures Iran Over Phishing Campaign Against FedsDepartments of Justice, Treasury and State Take Action Against Iranian Cyber Actors The U.S. federal government instigated a full court press against four alleged Iranian state hackers, unsealing a multi-count criminal indictment, slapping the men with Treasury sanctions and offe…DATABREACHTODAY.CO.UK
23 AprRobofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland... - SWN #380Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-380YOUTUBE.COM
23 AprCoralRaider attacks use CDN cache to push info-stealer malwareA threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. [...]BLEEPINGCOMPUTER.COM
23 AprUS Pressures Iran Over Phishing Campaign Against FedsDepartments of Justice, Treasury and State Take Action Against Iranian Cyber Actors The U.S. federal government instigated a full court press against four alleged Iranian state hackers, unsealing a multi-count criminal indictment, slapping the men with Treasury sanctions and offe…DATABREACHTODAY.CO.UK
23 AprCyberRisk Alliance Live from RSAC 2024 Day 1CyberRisk Alliance broadcasting live from Broadcast Alley, Moscone West at RSA Conference 2024! Find all of our RSAC coverage at https://securityweekly.com/rsac Full Show Notes & Schedule: https://securityweekly.com/rsa241 Join the Security Weekly Discord Server: https://discord.…YOUTUBE.COM
23 AprCyberRisk Alliance Live from RSAC 2024 Day 2CyberRisk Alliance broadcasting live from Broadcast Alley, Moscone West at RSA Conference 2024! Full Show Notes & Schedule: https://securityweekly.com/rsa242 Find all of our RSAC coverage at https://securityweekly.com/rsac #Cybersecurity #RSAConference #RSAC2024YOUTUBE.COM
23 AprCyberRisk Alliance Live from RSA Conference 2024 - Day 3CyberRisk Alliance broadcasting live from Broadcast Alley, Moscone West at RSA Conference 2024! Full Show Notes & Schedule: https://securityweekly.com/rsa243 Find all of our RSAC coverage at https://securityweekly.com/rsac Visit our website: https://www.securityweekly.com #Cybers…YOUTUBE.COM
23 AprCyberRisk Alliance Live from RSA Conference 2024 - Day 4CyberRisk Alliance broadcasting live from Broadcast Alley, Moscone West at RSA Conference 2024! Full Show Notes & Schedule: https://securityweekly.com/rsa244 Find all of our RSAC coverage at https://securityweekly.com/rsac Visit our website: https://www.securityweekly.com #Cybers…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
23 AprSharp Stealer: New Info-stealer Malware Targets Gamers, Crypto EnthusiastsThe malware does not try to hide its presence in the system from antivirus programs and has not gained much popularity in the underground yet, indicating that it is a new player in the market.GDATASOFTWARE.COM
23 AprU.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware MisuseThe U.S. Department of State on Monday said it's taking steps to impose visa restrictions on 13 individuals who are allegedly involved in the development and sale of commercial spyware or who are immediately family members of those involved in such b…THEHACKERNEWS.COM
23 AprMajority of Businesses Worldwide are Implementing Zero Trust, Gartner FindsAlmost two-thirds of organizations across the globe have either fully or partially implemented zero-trust strategies, according to a report released Monday by Gartner based on a survey of 303 security leaders.CYBERSECURITYDIVE.COM
23 AprGitLab Affected by GitHub-Style CDN Flaw Allowing Malware HostingSimilar to a recently reported issue in GitHub, users can abuse the "comments" feature in GitLab to upload malware to any repository without the repository owner's knowledge.BLEEPINGCOMPUTER.COM
23 AprHHS Beefs Up Privacy Protection for Reproductive Health InfoDoctors, clinics and other providers are prohibited from disclosing protected health information related to lawful reproductive healthcare, according to a final rule released Monday by federal regulators to "strengthen" HIPAA privacy.GOVINFOSECURITY.COM
📡 INFOSEC NEWS 11[−]
23 AprContent filtering in KSMG 2.1 | Kaspersky official blogNew content filtering capabilities in Kaspersky Secure Mail Gateway (KSMG) 2.1KASPERSKY.COM
23 AprStruts "devmode": Still a problem ten years later?, (Tue, Apr 23rd)Like many similar frameworks and languages, Struts 2 has a "developer mode" (devmode) offering additional features to aid debugging. Error messages will be more verbose, and the devmode includes an OGNL console. OGNL, the Object-Graph Navigation Language, can interact with Java, …ISC.SANS.EDU
23 AprBuilding Security for MSPs: Cisco's Blueprint for SuccessAnjana Kumbampati of Cisco discusses the unique challenges MSPs face, such as managing multiple ecosystems and vendors, which complicates their operational and billing processes. She explains how Cisco helps streamline these aspects to boost MSP efficiency and profitability.DATABREACHTODAY.CO.UK
23 AprHow technology drives progress – A Q&A with Nobel laureate Michel MayorWe spoke to Michel Mayor about the importance of public engagement with science and fostering responsibility among the youth for the preservation of our changing planetWELIVESECURITY.COM
23 AprThe vision behind Starmus – A Q&A with the festival’s co-founder Garik IsraelianDr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and the strong sense of community within the Starmus universeWELIVESECURITY.COM