🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
8 MayOver 50,000 Tinyproxy Servers Vulnerable to Critical RCE FlawA critical remote code execution (RCE) flaw, CVE-2023-49606, was found affecting nearly 52,000 Tinyproxy servers. This vulnerability was disclosed by Cisco Talos in December 2023, impacting versions 1.11.1 and 1.10.0 of Tinyproxy.BLEEPINGCOMPUTER.COM
8 May KEVHackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress SitesA high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites. The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, …THEHACKERNEWS.COM
8 MayHackers Exploit LiteSpeed Cache Flaw to Create WordPress AdminsWPScan observed in April increased exploitation activity against WordPress sites with versions of the plugin older than 5.7.0.1, which are vulnerable to a high-severity (8.8) unauthenticated cross-site scripting flaw tracked as CVE-2023-40000.BLEEPINGCOMPUTER.COM
8 MayHackers Actively Exploiting Ivanti Pulse Secure VulnerabilitiesJuniper Threat Labs has reported active exploitation attempts targeting vulnerabilities in Ivanti Pulse Secure VPN appliances. These vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have been exploited to deliver the Mirai botnet, among other malware, posing a si…GBHACKERS.COM
8 May KEVCrushFTP Vulnerability Exploited in Wild to Execute Remote CodeA critical vulnerability in CrushFTP, identified as CVE-2024-4040, has been actively exploited in the wild. It allows attackers to perform unauthenticated remote code execution on vulnerable servers. This severe security flaw affects versions of CrushFTP before 10.7.1 and 11.1.0,…GBHACKERS.COM
8 MayF5 patches BIG-IP Next Central Manager flaws that could lead to device takeoverMulti-cloud application security and delivery company F5 has fixed two high-risk vulnerabilities in BIG-IP Next Central Manager, the central component used to manage BIG-IP Next load balancers and app security instances running on-premises or in the cloud. According to the resear…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 34[−]
8 MayDetecting XFinity/Comcast DNS Spoofing, (Mon, May 6th)ISPs have a history of intercepting DNS. Often, DNS interception is done as part of a "value add" feature to block access to known malicious websites. Sometimes, users are directed to advertisements if they attempt to access a site that doesn&#;x26;#;39…ISC.SANS.EDU
8 MayMaking platformization beneficial to the cybersecurity industry - Maxime Lamothe-Brassard - RSA24 #2Platformization could mean reduction in innovation, reduction in the ability to be flexible, and less competition. But it doesn't have to be this way. Like the IT industry, there are ways for the cybersecurity industry to platformize, but also to have this become a net benefit to…YOUTUBE.COM
8 MayHunters announces full adoption of OCSF and introduces OCSF-native searchRSA Conference, San Francisco, May 7, 2024 – Hunters, the pioneer in modern SOC platforms, today announced its full adoption of the Open Cybersecurity Schema Framework (OCSF), coupled with the launch of groundbreaking OCSF-native Search capability. This strategic advancement unde…CSOONLINE.COM
8 MayKinsing crypto mining campaign targets 75 cloud-native applicationsAn attack campaign dubbed Kinsing that targets cloud-native environments to deploy cryptocurrency mining malware is still going strong after five years, according to a research report by cloud security firm Aqua Security The threat actors behind the operation compromise publicly …CSOONLINE.COM
8 MayHow to future-proof Windows networks: Take action now on planned phaseouts and changesIn January 2002, Bill Gates sent an infamous email to all of his employees indicating that Microsoft had decided to put security henceforth first and foremost after several headline events pushed the company to reconsider how it built software. Gates told employees that Microsoft…CSOONLINE.COM
8 MayAnalyzing Synology Disks on Linux, (Wed, May 8th)Synology NAS solutions are popular devices. They are also used in many organizations. Their product range goes from small boxes with two disks (I'm not sure they still sell a single-disk enclosure today) up to monsters, rackable with plenty of disks. They offer multiple disk …ISC.SANS.EDU
8 MayLaw Enforcement Agencies Identified LockBit Ransomware Admin and Sanctioned HimThe FBI, UK National Crime Agency, and Europol have unmasked the identity of the admin of the LockBit ransomware operation, aka ‘LockBitSupp’ and ‘putinkrab’, and issued sanctions against him.SECURITYAFFAIRS.COM
8 MayGoogle, Meta, Spotify accused of flouting Apple’s device fingerprinting rulesApple’s crusade for user privacy on its iOS platform stares at a potential setback as a new report accused tech bigwigs including Google, Meta, and Spotify of flouting the company’s guidelines on device fingerprinting. Device fingerprinting is a technique that involves collecting…CSOONLINE.COM
8 MayUpdate: MITRE Attributes the Recent Attack to China-linked UNC5221The attackers exploited two zero-day vulnerabilities in Ivanti Connect Secure to gain initial access to MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE) in late December 2023.SECURITYAFFAIRS.COM
8 MayCritical PDF.js & React-PDF Vulnerabilities Threaten Millions Of PDF UsersA new critical vulnerability has been discovered in PDF.js, which could allow a threat actor to execute arbitrary code when opening a malicious PDF. PDF.js allows browsers to render PDF files without any plugins or external software. This vulnerability affects multiple browsers a…GBHACKERS.COM
8 MayRansomware Operations are Becoming Less ProfitableRansomware operations are experiencing a decline in profitability due to various factors such as increased cyber resilience of organizations, the availability of decryptors, and more frequent law enforcement actions.HELPNETSECURITY.COM
8 MayVeeam RCE Flaws Let Hackers Gain Access To VSPC ServersVeeam Service Provider console has been discovered with two critical vulnerabilities that were associated with Remote Code Execution. A CVE for these vulnerabilities is yet to be assigned. These vulnerabilities exist in version 7.x and version 8.x of the Veeam Service Provider Co…GBHACKERS.COM
8 MayReport: Log4J Still Among Top Exploited VulnerabilitiesIn a new report, Cato observed that the Log4J exploit represented 30% of the outbound vulnerability exploitations and 18% of the inbound vulnerability exploitations detected in the first quarter of 2024.INFOSECURITY-MAGAZINE.COM
8 MayDocGo says hackers stole patient data in a recent cyberattackMobile medical services provider DocGo has suffered a breach in its US-based ambulance transportation business, the company said in an SEC filing . The healthcare provider, offering mobile health services, ambulance services, and remote monitoring for US and UK patients, said in …CSOONLINE.COM
8 MayHackers Abuse Google Search Ads to Deliver MSI-Packed MalwareHackers have been found exploiting Google search ads to distribute malware through MSI (Microsoft Installer) packages. This campaign, involving the malware loader known as FakeBat, targets unsuspecting users by masquerading as legitimate software downloads. The Infection Chain: F…GBHACKERS.COM
8 MayAndroid Update Patches Critical VulnerabilityAndroid’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component. The post Android Update Patches Critical Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
8 MayzEus Stealer Distributed via Crafted Minecraft Source Packsubmitted by kid to cybersecurity 1 points | 0 comments https://www.fortinet.com/blog/threat-research/zeus-stealer-distributed-via-crafted-minecraft-source-packFORTINET.COM
8 MayAnalyzing the vulnerability landscape in Q1 2024submitted by kid to cybersecurity 2 points | 0 comments https://securelist.com/vulnerability-report-q1-2024/112554/ Kaspersky’s report highlights a steady increase in software vulnerabilities, with a surge in critical ones due to factors like bug bounty programs and complex softw…SECURELIST.COM
8 MayA SaaS Security Challenge: Getting Permissions All in One PlacePermissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user’s base permission is determined by their role, while&…THEHACKERNEWS.COM
8 MayNew Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and DataResearchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm. The techniques have been collectively dubbed Pathfi…THEHACKERNEWS.COM
8 MayCity of Wichita breach claimed by LockBit ransomware gangThe LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City's authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation. [...]BLEEPINGCOMPUTER.COM
8 MayIdentity is Security: Okta is leading the fight against Identity-based attacks - David BradburyAs companies adopt new digital cloud technologies, cybercrime threats are on the rise and becoming more sophisticated. Identity has come under attack in today’s digital-first environment and is critical to ensure we can securely connect people to technology. Okta is on a mission …YOUTUBE.COM
8 MayzEus Stealer Distributed via Crafted Minecraft Source PackZeus Stealer is designed to steal sensitive information such as passwords and cryptocurrency wallets from infected systems. The attackers utilize the popularity of Minecraft to lure unsuspecting users into downloading and executing the payload.FORTINET.COM
8 MayMassive security hole in VPNs shows their shortcomings as a defensive measureA massive security hole in virtual private networks (VPN) reported this week highlights the fact that they were never intended to fulfil a security function despite widespread use as a defensive feature, according to security experts. The VPN security hole vulnerability, which ca…CSOONLINE.COM
8 MayExternal Cybersecurity - Margarita BarreroAxur is a cost-effective external cybersecurity solution that empowers security teams to handle threats beyond the perimeter. Our platform detects, inspects, and responds to brand impersonation, phishing scams, dark web mentions, threat intel vulnerabilities, and more. Segment Re…YOUTUBE.COM
8 MayEncrypted services Apple, Proton and Wire helped Spanish police identify activistAs part of an investigation into people involved in the pro-independence movement in Catalonia, the Spanish police obtained information from the encrypted services Wire and Proton, which helped the authorities identify a pseudonymous activist, according to court documents obtaine…TECHCRUNCH.COM
8 MayLeveraging AI to Streamline Identity Security - Jeff MargoliesAI is more than just a buzzword. Done right, AI can improve decision making and scale your identity security platform to manage every identity, human and machine, physical and digital. Learn about how Saviynt’s #1 Identity Security platform is leveraging a variety of AI capabilit…YOUTUBE.COM
8 MayNew BIG-IP Next Central Manager bugs allow device takeoverF5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create rogue accounts on any managed assets. [...]BLEEPINGCOMPUTER.COM
8 MaySuspected Chinese hack of Britain’s Ministry of Defence payroll linked to government contractor, minister confirmsA suspected Chinese hack that exposed the payroll records of 270,000 members of the British armed services was connected to the “potential failings” of a government contractor, UK defence secretary Grant Shapps has told the British Parliament. News of the incident became public o…CSOONLINE.COM
8 MaySecurity through Data – Cisco Hypershield - Jeetu Patel - RSA24 #3Security needs to be everywhere a potential threat exists – from an IOT device to an OT device, a factory floor, an element of infrastructure, an oil rig, a robotic device or an MRT machine – Cisco recognized that with increased connection comes a greater risk than ever before an…YOUTUBE.COM
8 MayUK Regulator Tells Platforms to 'Tame Toxic Algorithms'Ofcom Prepares to Enforce the Online Safety Act The British media regulator called on online platforms including search engines to roll out safety measures for recommendation algorithms. Ensuring that systems "do not operate to harm children" is a measure the regulator made in a …DATABREACHTODAY.CO.UK
8 MayHacker Heroes - Jeremiah Grossman - PSW #828Illuminating the Cybersecurity Path: A Conversation with Jeremiah Grossman Join us for a compelling episode featuring Jeremiah Grossman, a prominent figure in the cybersecurity landscape. As a recognized expert, Jeremiah has played a pivotal role in shaping the discourse around w…YOUTUBE.COM
8 MayCritical vulnerabilities in BIG-IP appliances leave big networks open to intrusionsubmitted by BrikoX to cybersecurity 1 points | 0 comments https://arstechnica.com/security/2024/05/critical-vulnerabilities-in-big-ip-appliances-leave-big-networks-open-to-intrusion/ Hackers can exploit them to gain full administrative control of internal devices.ARSTECHNICA.COM
8 MayLeveling the Cybersecurity Playing Field - Jim Simpson - RSA24 #3In this segment, Jim can discuss how organizations can enhance their cybersecurity posture with Blumira’s automated threat monitoring, detection and response solutions. Jim can talk about the exciting plans Blumira has in store for the next 3 years, emphasizing how the company is…YOUTUBE.COM
📋 SECURITY BULLETINS 1[−]
8 MayMicrosoft: April Windows Server updates also cause crashes, rebootsMicrosoft has confirmed that last month's Windows Server security updates may also cause domain controller reboots after the Local Security Authority Subsystem Service (LSASS) process crashes. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 7[−]
8 MayPhishing Reports in Switzerland More Than Doubled Last YearSwitzerland’s National Cyber Security Centre (NCSC) received more than 30,000 reports of cyber incidents in the second half of 2023, more than double the amount received in the second half of 2022.KNOWBE4.COM
8 MayCISA Directors Talk Geopolitical Threats, Election SecurityExplosion in Threat Actors, Poorly Configured Technology Compound the Risk Geopolitical events increasingly pose risks to organizations' cybersecurity posture, the current and former leaders of the U.S. Cybersecurity and Infrastructure Security Agency - Jen Easterly and Chris Kre…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 17[−]
8 MayHackers Employing Steganography Methods to Deliver Notorious RemcosRATHackers are now using steganography techniques to distribute the notorious Remote Access Trojan (RAT) known as RemcosRAT. This method, which involves hiding malicious code within seemingly innocuous image files, marks a concerning evolution in malware delivery tactics. The Initia…GBHACKERS.COM
8 MayCyber Security Today, May 8, 2024 - Alleged LockBit ransomware leader is identified, the gang makes false claims of new victimsThis episode reports on the RSA Conference, a Canadian ruling on whether solicitor-client privilege applies when a privacy regulator demands documents after a data breach, and moreCYBERSECURITYTODAY.LIBSYN.COM
8 MayUniversity System of Georgia Says 800,000 Impacted by MOVEit HackUniversity System of Georgia says Social Security numbers and bank account numbers were compromised in the May 2023 MOVEit hack. The post University System of Georgia Says 800,000 Impacted by MOVEit Hack appeared first on SecurityWeek .SECURITYWEEK.COM
8 MaySecurity company exposes 1.2M guard and suspect recordssubmitted by kid to cybersecurity 1 points | 1 comments https://www.theregister.com/2024/05/07/uk_security_company_breach/THEREGISTER.COM
8 MayBrandywine Realty Trust Hit by RansomwarePhiladelphia-based real estate company Brandywine Realty Trust shuts down systems following a ransomware attack. The post Brandywine Realty Trust Hit by Ransomware appeared first on SecurityWeek .SECURITYWEEK.COM
8 MayNearly 184,000 MedStar Health patients' personal data possibly breachedsubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/medstar-health-data-breachTHERECORD.MEDIA
8 MayChange Healthcare attack expected to exceed $1 billion in costsThe impact of the recent Change Healthcare cyberattack is unprecedented — and so are the costs. Rick Pollack, President and CEO of the American Hospital Association, stated, “The Change Healthcare cyberattack is the most significant and consequential incident of its k…SECURITYINTELLIGENCE.COM
8 MayAchieving Cyber Resilience and Strengthening Security Posture - Andy Grolnick - RSA24 #3Organizations today are overwhelmed with the sheer magnitude of potential cybersecurity threats and there is plenty of vendor buzz around AI in Security products, but what is the reality? Threat detection and incident response (TDIR) strategy and execution have never been more cr…YOUTUBE.COM
8 MayShields Up: How to Minimize Ransomware ExposureOrganizations need to look beyond preventive measures when it comes to dealing with today’s ransomware threats and invest in ransomware response. The post Shields Up: How to Minimize Ransomware Exposure appeared first on SecurityWeek .SECURITYWEEK.COM
8 May9 in 10 Organizations Paid At least One Ransom Last YearNew analysis of cyber attacks shows ransomware attacks are running far more rampant than previously thought, with half of organizations blaming poor cyber hygiene.KNOWBE4.COM
8 MayAscension healthcare takes systems offline after cyberattackAscension, one of the largest private healthcare systems in the United States, has taken some of its systems offline to investigate what it describes as a "cyber security event." [...]BLEEPINGCOMPUTER.COM
8 MayCorporate Ransomware Deep Dive - Mikko Hypponen - PSW #828In this RSAC 2024 South Stage Keynote, Mikko Hyppönen will look back at the past decade of ransomware evolution and explore how newer innovations, like AI, are shaping its future. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securitywe…YOUTUBE.COM
8 MayUniversity System of Georgia: 800K exposed in 2023 MOVEit attackThe University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks. [...]BLEEPINGCOMPUTER.COM
8 MayZscaler investigating a potential breachsubmitted by kid to cybersecurity 2 points | 0 comments https://trust.zscaler.com/zscaler.net/posts/18686TRUST.ZSCALER.COM
8 MaySmashing Security podcast #371: Unmasking LockBitsupp, company extortion, and a Tinder fraudsterThe kingpin of the LockBit ransomware is named and sanctioned, a cybersecurity consultant is charged with a $1.5 million extortion, and a romance fraudster defrauded women he met on Tinder of £80,000. All this and much much more is discussed in the latest edition of the “Smashing…GRAHAMCLULEY.COM
8 MayZscaler says it was not hacked after rumors circulate onlineZscaler says that today's rumors it was breached are false after a threat actor claimed to be selling access to one of the "largest cyber security companies." [...]BLEEPINGCOMPUTER.COM
8 MayZscaler takes "test environment" offline after rumors of a breachZscaler says that they discovered an exposed "test environment" that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company's systems. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 22[−]
8 MayISC Stormcast For Wednesday, May 8th, 2024 https://isc.sans.edu/podcastdetail/8972, (Wed, May 8th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
8 MayGoogle Simplifies Two-Factor Authentication Setup ProcessGoogle has announced an update to its two-factor authentication (2FA) process, also known as 2-step Verification (2SV), aimed at simplifying the setup and making it easier for users to secure their accounts. The changes rolled out on Monday, May 6, 2024, will affect both personal…GBHACKERS.COM
8 MayNews alert: Hunters announces full adoption of OCSF, introduces OCSF-native searchSAN FRANCISCO, May 7, 2024, CyberNewsWire – – Hunters, the pioneer in modern SOC platforms, today announced its full adoption of the Open Cybersecurity Schema Framework (OCSF), coupled with the launch of groundbreaking OCSF-native Search capability. This strategic adv…LASTWATCHDOG.COM
8 MayChinese Hackers Deployed Backdoor Quintet to Down MITREsubmitted by kid to cybersecurity 3 points | 0 comments https://www.darkreading.com/cloud-security/chinese-hackers-deployed-backdoor-quintet-to-down-mitreDARKREADING.COM
8 MayRSA Conference 2024 – Announcements Summary (Day 2)Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco. The post RSA Conference 2024 – Announcements Summary (Day 2) appeared first on SecurityWeek .SECURITYWEEK.COM
8 MayCHM Malware Stealing User Information Being Distributed in Koreasubmitted by kid to cybersecurity 2 points | 0 comments https://asec.ahnlab.com/en/65245/ASEC.AHNLAB.COM
8 MayWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
8 MayNew ‘TunnelVision’ Technique Leaks Traffic From Any VPN SystemA new VPN bypass technique allows threat actors to snoop on victims’ traffic by forcing it off the VPN tunnel using built-in features of DHCP. The post New ‘TunnelVision’ Technique Leaks Traffic From Any VPN System appeared first on SecurityWeek .SECURITYWEEK.COM
8 MayHealthcare Cybersecurity Firm Blackwell Raises $13 MillionHealthcare cybersecurity company Blackwell Security has raised $13 million and appointed Geyer Jones as its first CEO. The post Healthcare Cybersecurity Firm Blackwell Raises $13 Million appeared first on SecurityWeek .SECURITYWEEK.COM
8 MayFree Workshop from Security Risk Advisors Empowers Organizations to Select Optimal OT Security ToolsSecurity Risk Advisors (SRA) announces the launch of their OT/XIoT Detection Selection Workshop, a complimentary offering designed to assist organizations in selecting the most suitable operational technology (OT) and Extended Internet of Things (XIoT) security tools for their un…GBHACKERS.COM
8 MayHow Does ANY RUN Sandbox Protect Enterprise Users By Utilizing Advanced ToolsEnsuring adherence to GDPR, the ANY RUN sandbox service employs TLS 1.3 for data in transit and AES-256 for data at rest; it is hosted in Germany and provides supplementary tools, predominantly for enterprise plans, to empower users with greater control over their data. When work…GBHACKERS.COM
8 MayIntroducing Nightwing - A New Intelligence Services Company, 40 Years in the Making - ... - RSA24 #3On April 1, Nightwing, formerly a business unit of Raytheon, launched as a standalone company. The company’s Vice President of Cyber Protection Solutions, Jon Check, will discuss the transition to Nightwing and its approach to the most pressing cybersecurity challenges, helping c…YOUTUBE.COM
8 MayKnowBe4 Earns Multiple 2024 Best Of Awards From TrustRadiusKnowBe4 is proud to be recognized by TrustRadius for our Security Awareness Training and PhishER platforms. KNOWBE4.COM
8 MayBlackwell Security Raises $13M in FundingThe healthcare cybersecurity services company intends to use the funds to broaden its offerings, including capabilities such as healthcare threat intelligence and automated response.FINSMES.COM
8 MayToken Security Raises $7 Million Seed Funding for Machine-First Identity SecurityTel Aviv-based firm emerged from stealth with $7 million seed funding led by TLV Partners with participation from SNR and angel investors. The post Token Security Raises $7 Million Seed Funding for Machine-First Identity Security appeared first on SecurityWeek .SECURITYWEEK.COM
8 MayHow implementing a trust fabric strengthens identity and networkThe new era of cybersecurity demands a comprehensive, adaptive, real-time approach to securing access. At Microsoft, we call this approach the trust fabric. The post How implementing a trust fabric strengthens identity and network appeared first on Microsoft Security Blog .MICROSOFT.COM
8 MayUnforeseen Outcomes of Innovation - Amit Sinha - RSA24 #3Over the past two years, we’ve seen the degree of digital trust in our day-to-day lives being pushed to its limits due to the unintended consequences of innovation. From GenAI to IoT security to quantum computing, we will see a “crescendo of trust” that will push trust to its abs…YOUTUBE.COM
8 MayThe EDR Honeymoon Period is Over: The Power of Deep Learning to Combat AI Threats - Carl FroggettThe recent rise in adversarial AI has made it clear: organizations must fight AI with better AI. Gone are the days of relying on legacy, antiquated endpoint detection and response offerings, or cybersecurity tools that are based on ineffective machine learning models. In this int…YOUTUBE.COM
8 MayReport: Undetectable Threats Found in F5's Central ManagerResearchers Discover Major Vulnerabilities in Popular Central Management Platform Researchers identified major security vulnerabilities in F5's Next Central Manager that could allow hackers to gain a persistent, undetectable presence within any organization's network infrastructu…DATABREACHTODAY.CO.UK
8 MaySupply Chains, Firmware, And Patching - Jason Kikta - BTS #29Jason joins us to discuss the current enterprise landscape for defending against supply chain attacks, remediating firmware issues, and the current challenges with patch management. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more a…YOUTUBE.COM
8 MayUnderstanding – and securing against - next generation threats - Paul Reid - RSA24 #3Emerging threats are targeting organizations from seemingly every angle. This means security teams must expand their focus to secure as many domains as possible. OpenText is building on its holistic approach to cybersecurity with new innovations that make it easier for organizati…YOUTUBE.COM
8 MayISMG Editors: Day 2 Highlights at RSA Conference 2024Examining the CISO's Role and Emerging Security Solutions in the Age of AI From the RSA Conference in San Francisco, three ISMG editors examined all the hype around artificial intelligence, including the latest AI-enabled cybersecurity solutions, the AI tactics that adversaries a…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 2[−]
8 MayHow to protect yourself from phishing and malware on GitHub and GitLab | Kaspersky official blogA CDN error in GitHub and GitLab allows arbitrary file storage and phishing attacks — protection tips.KASPERSKY.COM
8 MayHijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest VersionA newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis techniques to fly under the radar. "These enhancements aim to increase the malware's stealthiness, thereby remaining undetected for longer …THEHACKERNEWS.COM
📡 INFOSEC NEWS 10[−]
8 MayScattered Spider Group a Unique Challenge for Cyber Cops, FBI Leader SaysIdentified by analysts in 2022, the hackers use social engineering to lure users into giving up their login credentials or one-time password codes to bypass multifactor authentication.THERECORD.MEDIA
8 MayThe Fundamentals of Cloud Security Stress Testing״Defenders think in lists, attackers think in graphs,” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them. The traditional approach for defenders is to list security gaps dire…THEHACKERNEWS.COM
8 MayBetterHelp to Pay $7.8 Million to 800,000 in Health Data Sharing SettlementFollowing an investigation into BetterHelp's handling of customer data, the FTC revealed in March 2023 that the service collected data without consent from its app users or website visitors, even from people who had not signed up for counseling.BLEEPINGCOMPUTER.COM
8 MayMassive webshop fraud ring steals credit cards from 850,000 peopleA massive network of 75,000 fake online shops called 'BogusBazaar' tricked over 850,000 people in the US and Europe into making purchases, allowing the criminals to steal credit card information and attempt to process an estimated $50 million in fake orders. [...]BLEEPINGCOMPUTER.COM
8 MayFBI warns of gift card fraud ring targeting retail companiesThe FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024. [...]BLEEPINGCOMPUTER.COM
8 MayAkamai to Acquire Noname for $450 MillionNoname, one of the top API security vendors in the market, will enhance Akamai’s existing API Security solution and accelerate its ability to meet growing customer demand and market requirements as the use of APIs continues to expand.HELPNETSECURITY.COM
8 MayDesperate Taylor Swift Fans Defrauded by Ticket ScamsAs reported by the BBC, Lloyds Bank estimates that fans have lost an estimated £1m ($1.25 m) in ticket scams ahead of the UK leg of Taylor Swift’s Eras tour. Roughly 90% of these scams were said to have started on Facebook.MALWAREBYTES.COM
8 MayUS Patent and Trademark Office confirms another leak of filers’ address dataThe federal government agency responsible for granting patents and trademarks is alerting thousands of filers whose private addresses were exposed following a second data spill in as many years. The U.S. Patent and Trademark Office (USPTO) said in an email to affected trademark a…TECHCRUNCH.COM
8 MayStack Overflow suspends user for editing posts in OpenAI protestOpenAI and Stack Overflow recently teamed up to improve AI models. OpenAI will have access to Stack Overflow's API and feedback from developers. In return, OpenAI will link to Stack Overflow's content in ChatGPT. [...]BLEEPINGCOMPUTER.COM