125Articles
10Categories
2024-05-15Date
🚨 CISA KEV 1[−]
15 May KEVMicrosoft fixes three zero-day vulnerabilities, two actively exploitedMicrosoft released its monthly batch of security fixes on Tuesday, which included patches for three vulnerabilities that already had exploits available. Two of those vulnerabilities are being actively exploited, with one being used by multiple groups to deliver malware, including…CSOONLINE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
15 MayBacklogs at National Vulnerability Database prompt action from NIST and CISABacklogs at the US National Vulnerability Database (NVD), a critical source of information about security flaws in software, have reached crisis proportions, prompting federal agencies to seek help from the private sector. The NVD has been steadily falling behind on its mission t…CSOONLINE.COM
15 MayExperts Warn the NVD Backlog Is Reaching a Breaking PointNIST has only analyzed 2 of the nearly 2,000 new vulnerabilities received in May. The backlog is attributed to an increase in software and vulnerabilities, as well as a change in interagency support, according to NIST.BANKINFOSECURITY.COM
15 May KEVNew Google Chrome Zero-day Exploited in the Wild, Patch Now!Google has issued an urgent security update for its Chrome browser after discovering a zero-day vulnerability that is currently being exploited by attackers. The vulnerability, tracked as CVE-2024-4761, affects the V8 JavaScript&#…GBHACKERS.COM
15 May(Cyber) Risk = Probability of Occurrence x DamageHere’s How to Enhance Your Cyber Resilience with CVSS In late 2023, the Common Vulnerability Scoring System (CVSS) v4.0 was unveiled, succeeding the eight-year-old CVSS v3.0, with the aim to enhance vulnerability assessment for both industry and the public. This latest …THEHACKERNEWS.COM
15 MayApple Fixes Safari WebKit Zero-Day Flaw Exploited at Pwn2OwnApple patched a zero-day vulnerability (CVE-2024-27834) in Safari that was exploited at the Pwn2Own hacking competition. The vulnerability allowed an attacker to bypass Pointer Authentication Codes (PACs) and potentially execute remote code.BLEEPINGCOMPUTER.COM
15 MayI/O 2024: What’s new in Android security and privacyPosted by Dave Kleidermacher, VP Engineering, Android Security and Privacy Our commitment to user safety is a top priority for Android. We’ve been consistently working to stay ahead of the world’s scammers, fraudsters and bad actors. And as their tactics evolve in sophistication …SECURITY.GOOGLEBLOG.COM
⚠️ VULNERABILITY DISCLOSURE 33[−]
15 MayNo mayday call necessary for the year’s fifth Patch TuesdayA return to pre-April CVE volumes, mostly for Windows, though two vulns – or is it three? -- are already under exploitSOPHOS.COM
15 MayMultiple Vulnerabilities in Siemens Ruggedcom Crossbow Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Siemens Ruggedcom Crossbow, the most severe of which could allow for arbitrary code execution. Siemens Ruggedcom Crossbow Access Management solution designed to provide cybersecurity compliance for industrial control systems. Succe…CISECURITY.ORG
15 MayBeware Of New Social Engineering Attack That Delivers Black Basta RansomwareHackers exploit social engineering, which avoids technical security systems, by manipulating the psychology and behavior of a human being. Social engineering techniques, such as baiting emails or pretexting phone calls, manipulate victims into providing confidential information o…GBHACKERS.COM
15 MayMITRE EMB3D Improves Security for Embedded DevicesThe EMB3D model provides a common understanding of cyber threats to embedded devices and the security mechanisms needed to mitigate them. It is based on observations of threat actor activities, security research, and device vulnerability reports.HELPNETSECURITY.COM
15 May KEVMicrosoft Patches 61 Flaws, Including Two Actively Exploited Zero-DaysMicrosoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are ra…THEHACKERNEWS.COM
15 MayClock is ticking for companies to prepare for EU NIS2 DirectiveTime is running out for businesses to prepare for looming new EU cyber security legislation and risk severe penalties for noncompliance. The Network and Information Systems Directive 2022/0383 – shortened to NIS2 – has been introduced by the EU to strengthen the bloc’s existing c…CSOONLINE.COM
15 MayPoC Exploit Released for RCE Zero-Day in D-Link EXO AX4800 RoutersThe D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.BLEEPINGCOMPUTER.COM
15 MayFortiOS & FortiProxy SSL-VPN Flaw Allows IP Spoofing via Malicious PacketsA critical vulnerability has been discovered in Fortinet’s FortiOS SSL-VPN and FortiProxy SSL-VPN. The flaw, identified as FG-IR-23-225, allows attackers to spoof IP addresses and bypass security controls by sending specially crafted packets. It affects multiple versions of…GBHACKERS.COM
15 MayBLint: Open-Source Tool to Check the Security Properties of Your ExecutablesBLint is a Binary Linter designed to evaluate the security properties and capabilities of executable files. It utilizes LIEF (Library for Executable and Instrumentation Format) for its operations.HELPNETSECURITY.COM
15 May KEVMicrosoft Fixes Three Zero-Days in May Patch TuesdayMicrosoft has released a Patch Tuesday update that addresses three zero-day flaws, two of which are actively being exploited in the wild, including an elevation of privilege flaw that could provide system-level access and compromise systems.INFOSECURITY-MAGAZINE.COM
15 MayQakBot Malware Exploiting Windows Zero-Day To Gain System PrivilegesHackers exploit the Windows zero-day vulnerabilities, as they offer great advantages. This means that no patches or defenses exist for zero-day vulnerabilities as software vendors are unaware of them, consequently, hackers have a certain period to start their attacks before the v…GBHACKERS.COM
15 MayVMware Fixed Zero-Day Flaws Demonstrated at Pwn2Own2024VMware addressed four vulnerabilities, including three zero-day flaws demonstrated at the Pwn2Own Vancouver 2024 hacking contest, in its Workstation and Fusion desktop hypervisors.SECURITYAFFAIRS.COM
15 MayEbury Botnet Compromised 400K Linux Servers for Crypto Theft and Financial GainThe malware modules spread via Ebury are used for various nefarious activities, such as proxying traffic, redirecting HTTP traffic, exfiltrating sensitive information, and intercepting HTTP requests.WELIVESECURITY.COM
15 MayZero-day alert! Apple security updates are out, including 0-day fixes for iOS 16 and macOS 13submitted by kid to cybersecurity 2 points | 0 comments https://pducklin.com/2024/05/14/zero-day-alert-apple-security-updates-are-out-including-0-day-fixes-for-ios-16-and-macos-13/PDUCKLIN.COM
15 MayDangerous Google Chrome Zero-Day Allows Sandbox Escapesubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/vulnerabilities-threats/dangerous-google-chrome-zero-day-sandbox-escapeDARKREADING.COM
15 MayLog4Shell shows no sign of fading, spotted in 30% of CVE exploitssubmitted by kid to cybersecurity 4 points | 0 comments https://www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols/HELPNETSECURITY.COM
15 MayMeet Hackbat: An Open-Source, More Powerful Flipper Zero AlternativeHackbat is built around a custom PCB and a Raspberry Pi Pico W microcontroller, providing features like Wi-Fi, NFC, RF, microSD storage, USB for keystroke injection, and a display with buttons.ZDNET.COM
15 MayCyber Security Today, May 15, 2024 - Ebury botnet still exploiting Linux servers, Microsoft, SAP and Apple issue security updates, and moreThis episode reports on the Phorpiex botnet spreading LockBit ransomware, the sentencing of a man behind the Tornado Cash cryptocurrency mixer for money laundering, and moreCYBERSECURITYTODAY.LIBSYN.COM
15 MayAdobe Releases Security Updates for Multiple ProductsAdobe has released security updates to address vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  Users and administrators are encouraged to review the following Adobe Security Bulletins…CISA.GOV
15 MayGot MFA? If not, Now is the Time!, (Wed, May 15th)I had an interesting call from a client recently - they had a number of "net use" and "psexec" commands pop up on a domain controller, all called from PSEXEC (thank goodness for a good EDR deployed across the board!!). The source IP was a VPN session. ISC.SANS.EDU
15 MayCISA, FBI, and DHS Unveil Cybersecurity Guide For Civil Society GroupsThe publication Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society is designed to provide high-risk communities with actionable steps to bolster their cybersecurity defenses.INFOSECURITY-MAGAZINE.COM
15 MaySinging River ransomware attack now thought to have affected over 895,000Singing River Health System (SRHS) has more than trebled its estimate of the number of persons affected by the ransomware attack it suffered in August 2023. The health care provider now estimates that the total number of persons affected in the breach to be 895,204, up from an in…CSOONLINE.COM
15 MayHackers Attacking Foxit PDF Reader Users To steal Sensitive DataResearchers identified a PDF exploit targeting Foxit Reader users that uses a design flaw that presents security warnings with a default “OK” option, potentially tricking users into executing malicious code.  The exploit is actively being used and bypasses typica…GBHACKERS.COM
15 MayFTC Fires ‘Shot Across the Bow’ at Automakers Over Connected-Car Data PrivacyThe FTC issued a strong warning to automakers about their data collection and sharing practices, particularly regarding the sale of sensitive geolocation data, and emphasized that it will take enforcement action to protect consumer privacy.THERECORD.MEDIA
15 MayFBI Seizes Criminal Site BreachForumsWebsite of BreachForums Administrator 'Baphomet' Also Appears to Be Down An international law enforcement operation shut down BreachForums, a criminal forum where hackers posted and sold the contents of hacked databases. The website of the criminal forum in its clear and dark web…DATABREACHTODAY.CO.UK
15 MayFBI Seizes BreachForums Again, Urges Users to Report Criminal ActivityLaw enforcement agencies have officially seized control of the notorious BreachForums platform, an online bazaar known for peddling stolen data, for the second time within a year. The website ("breachforums[.]st") has been replaced by a seizure banner stating the clearn…THEHACKERNEWS.COM
15 MayFBI seizes hacking forum BreachForums — againThe FBI along with a coalition of international law enforcement agencies seized the notorious cybercrime forum BreachForums on Wednesday.  For years, BreachForums has been a popular English-language forum for hackers and cybercriminals who wanted to advertise, sell, and trad…TECHCRUNCH.COM
15 MayHow you may be affected by the new proposed Critical Infrastructure Cyber Incident Reporting RuleCreating a world that is safer and more secure is core to our vision at Palo Alto Networks, but this only can be achieved if we’re collectively making the internet, as a whole, safer. To do this requires more widespread awareness of cyber threats and information sharing, and a ne…CSOONLINE.COM
15 MayGoogle patches third exploited Chrome zero-day in a week​Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. [...]BLEEPINGCOMPUTER.COM
15 MayA Vulnerability in SolarWinds Access Rights Manager Could Allow for Privilege EscalationA vulnerability has been discovered in SolarWinds Access Rights Manager that could allow for privilege escalation. Successful exploitation of this vulnerability could allow for privilege escalation in the context of the affected service account. Depending on the privileges associ…CISECURITY.ORG
15 May KEVGoogle fixes third actively exploited Chrome zero-day in a week​Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. [...]BLEEPINGCOMPUTER.COM
📋 SECURITY BULLETINS 3[−]
15 MayICS Patch Tuesday: Advisories Published by Siemens, Rockwell, Mitsubishi ElectricSeveral ICS vendors released advisories on Tuesday to inform customers about vulnerabilities found in their products. The post ICS Patch Tuesday: Advisories Published by Siemens, Rockwell, Mitsubishi Electric appeared first on SecurityWeek .SECURITYWEEK.COM
15 MaySingapore Cybersecurity Update Puts Cloud Providers on NoticeThe Singapore government has updated its Cybersecurity Act to give its primary cybersecurity agency more power to regulate critical infrastructure and third-party providers, and to require the reporting of cyber incidents.DARKREADING.COM
15 MayIntel Publishes 41 Security Advisories for Over 90 VulnerabilitiesIntel has published 41 new May 2024 Patch Tuesday advisories covering a total of more than 90 vulnerabilities. The post Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 14[−]
15 MaySenators Urge $32 Billion in Emergency Spending on AI After Finishing Yearlong ReviewThe group recommends that Congress draft emergency spending legislation to boost U.S. investments in artificial intelligence, including new R&D and testing standards to understand the technology's potential harms. The post Senators Urge $32 Billion in Emergency Spending on A…SECURITYWEEK.COM
15 MayCritical vulnerabilities in Telit Cinterion modems | Kaspersky official blogKaspersky ICS-CERT experts discovered seven vulnerabilities in Telit Cinterion M2M modems – previously this product line belonged to Gemalto and Thales.KASPERSKY.COM
15 MayNew cybersecurity sheets from CISA and NSA: An overviewThe Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments. T…SECURITYINTELLIGENCE.COM
15 MayTurla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic MissionsAn unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail. ESET, which identified the activity, attributed it with medium confidence to the Ru…THEHACKERNEWS.COM
15 MayNIST Issues New Guidelines on Protecting Unclassified Data in Government SystemsThe NIST issued new guidelines to help federal agencies and their private sector contractors better protect sensitive unclassified information, known as Controlled Unclassified Information (CUI), from cyber threats, particularly supply chain risks.NEXTGOV.COM
15 MayUK NCSC Launches New Hacking Alert System for PoliticiansPersonal Internet Protection Is an 'Extra Layer of Security' for Personal Devices The U.K. government launched a cyber defense system for alerting political parties and candidates to cyberthreats amid concerns over increased nation-state hacking. Personal Internet Protection is "…DATABREACHTODAY.CO.UK
15 MayTo the Moon and back(doors): Lunar landing in diplomatic missionsESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairsWELIVESECURITY.COM
🔥 INCIDENT REPORTING 18[−]
15 MayDell Hack: Attacker Steals Customer Phone Numbers & Service ReportsIn a concerning development for Dell Technologies, a threat actor known as Menelik has reportedly accessed and scraped sensitive customer data from a Dell support portal. This latest security breach, which follows a previous incident involving the theft of physical addresses of 4…GBHACKERS.COM
15 MayIT Teams Beware! Weaponized WinSCP & PuTTY Delivers RansomwareAttackers launched a campaign distributing trojanized installers for WinSCP and PuTTY in early March 2024, as clicking malicious ads after searching for the software leads to downloads containing a renamed pythonw.exe that loads a malicious DLL. The DLL side-loads a legitimate DL…GBHACKERS.COM
15 MayHow Did Authorities Identify the Alleged Lockbit Boss?Authorities have identified Dmitry Yuryevich Khoroshev, a Russian man, as the alleged leader of the infamous LockBit ransomware group, which has extorted over $500 million from hundreds of victim organizations over the past four years.KREBSONSECURITY.COM
15 MayOngoing Social Engineering Campaign Linked to Black Basta Ransomware OperatorsThe threat actors then call the impacted users, posing as members of the organization's IT team, and attempt to socially engineer the users into providing remote access to their computers through the use of legitimate RMM solutions.RAPID7.COM
15 MayEbury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 YearsA malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advan…THEHACKERNEWS.COM
15 May900k Impacted by Data Breach at Mississippi Healthcare ProviderSinging River Health System says the personal information of roughly 900,000 individuals was stolen in an August 2023 ransomware attack. The post 900k Impacted by Data Breach at Mississippi Healthcare Provider appeared first on SecurityWeek .SECURITYWEEK.COM
15 MaySantander Data Breach Impacts Customers, EmployeesThe Spanish bank Santander said customers in Chile, Spain and Uruguay are affected by a data breach at a third-party provider. The post Santander Data Breach Impacts Customers, Employees appeared first on SecurityWeek .SECURITYWEEK.COM
15 MayBanco Santander warns of a data breach exposing customer infoBanco Santander S.A. announced it suffered a data breach impacting customers after an unauthorized actor accessed a database hosted by one of its third-party service providers. [...]BLEEPINGCOMPUTER.COM
15 MayFBI seize BreachForums hacking forum used to leak stolen dataThe FBI has seized the notorious BreachForums hacking forum used to leak and sell stolen corporate data to other cybercriminals. [...]BLEEPINGCOMPUTER.COM
15 MayReport: Data Breaches in US Schools Exposed 37.6M RecordsAccording to Comparitech, data breaches in US schools have exposed over 37.6 million records since 2005, with a significant surge in 2023 due to vulnerabilities in the MOVEit file transfer software affecting over 800 institutions.INFOSECURITY-MAGAZINE.COM
15 MayPhishing and Pretexting Dominate Social Engineering-Related Data BreachesNew data shows that despite the massive evolution of the cybercrime economy, threat actors are sticking with the basics in social engineering attacks, with a goal at stealing data.KNOWBE4.COM
15 MayWindows Quick Assist abused in Black Basta ransomware attacks​Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks. [...]BLEEPINGCOMPUTER.COM
15 MayGoogle adds live threat detection and screen-sharing protection to AndroidThe company said it is increasing the on-device capability of its Google Play Protect system to detect fraudulent apps trying to breach sensitive permissions. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
15 MayNissan North America data breach impacts over 53,000 employeesNissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company's external VPN and shut down systems to receive a ransom. [...]BLEEPINGCOMPUTER.COM
15 MayReport: 11 Vulnerabilities Found in GE Ultrasound DevicesGE HealthCare Says Risks Can Largely Be Mitigated Through Security Best Practices Security researchers have found 11 vulnerabilities in certain GE HealthCare ultrasound products that could allow malicious actors to physically implant ransomware or manipulate patient data stored o…DATABREACHTODAY.CO.UK
15 MayThreat actors misusing Quick Assist in social engineering attacks leading to ransomwareMicrosoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment. The post Threat actors misusing Quick Assist in soc…MICROSOFT.COM
🕵️ THREAT INTELLIGENCE 24[−]
15 MayVermont Legislature Passes One of the Strongest Data Privacy Measures in the CountryVermont legislature passed a bill that prohibits the sale of sensitive data, such as social security and drivers’ license numbers, financial or health information. The post Vermont Legislature Passes One of the Strongest Data Privacy Measures in the Country appeared first on Secu…SECURITYWEEK.COM
15 MayISC Stormcast For Wednesday, May 15th, 2024 https://isc.sans.edu/podcastdetail/8982, (Wed, May 15th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
15 MayCybersecurity Expert Jailed For Hacking 400K Smart Homes, Selling VideosHackers target smart homes due to the increased interconnected devices with often insufficient security measures. Smart homes provide a wealth of personal and sensitive information, including access to security cameras, smart locks, and personal data stored on connected devices. …GBHACKERS.COM
15 MayTor Browser 13.0.15 Released: What’s New!Tor Project has announced the release of Tor Browser 13.0.15. Available now on the Tor Browser download page and through their distribution directory, this new version introduces a series of significant updates and bug fixes that promise to improve the overall user experience and…GBHACKERS.COM
15 MayJSSI 2024 - 8 talks in FRENCHsubmitted by ashar to security_cpe 1 points | 0 comments https://www.ossir.org/wp-content/themes/ossir/img/logo.png L’organisateur de cette manifestation est l’OSSIR – Observatoire de la sécurité des Systèmes d’Information et des Réseaux – Association loi 1901 – Site Web : https:…OSSIR.ORG
15 MayTornado Cash Developer Jailed for Laundering Billions of DollarsA court has sentenced the developer of the cryptocurrency mixing service Tornado Cash to over five years in prison. The developer was found guilty of designing and operating a platform that laundered billions of dollars, including proceeds from high-profile cybercrimes. The Mecha…GBHACKERS.COM
15 MayAdobe Patches Multiple Code Execution Flaws in a Wide Range of ProductsAdobe has addressed several critical code execution flaws across a broad spectrum of its products. This move underscores the company’s commitment to software security and protecting its user base against potential cyber threats. Free Webinar on Live API Attack Simulati…GBHACKERS.COM
15 MaySoutheast Asian scam syndicates stealing $64 billion annually, researchers findsubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/southeast-asian-scam-syndicates-stealing-billions-annuallyTHERECORD.MEDIA
15 May400,000 Linux Servers Hit by Ebury BotnetThe Ebury Linux botnet has ensnared over 400,000 Linux systems in 15 years, with roughly 100,000 still infected. The post 400,000 Linux Servers Hit by Ebury Botnet appeared first on SecurityWeek .SECURITYWEEK.COM
15 MayUnwanted Tracking Alerts Rolling Out to iOS, AndroidApple and Google have rolled out a new mobile feature that warns users of unwanted trackers moving with them. The post Unwanted Tracking Alerts Rolling Out to iOS, Android appeared first on SecurityWeek .SECURITYWEEK.COM
15 MayRussian Actors Weaponize Legitimate Services in Multi-Malware Attacksubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/russian-legitimate-services/INFOSECURITY-MAGAZINE.COM
15 MayThe Dark Side of AI in Cybersecurity — AI-Generated MalwareBar Matalon and Rem Dudas shed light on their groundbreaking research into AI-generated malware and predictions for the future of AI in cybersecurity. The post The Dark Side of AI in Cybersecurity — AI-Generated Malware appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
15 MaySideCopy APT Campaign Found Targeting Indian UniversitiesActive since May 2023, the SideCopy APT campaign targets university students through sophisticated infection chains involving malicious LNK files, HTAs, and loader DLLs disguised as legitimate documents.THECYBEREXPRESS.COM
15 MayThreat Actors Abuse GitHub to Distribute Multiple Information StealersRussian-speaking threat actors are caught abusing a GitHub profile to distribute information stealers posing as legitimate software. The post Threat Actors Abuse GitHub to Distribute Multiple Information Stealers appeared first on SecurityWeek .SECURITYWEEK.COM
15 MayFBI Warns of AI-Assisted Phishing CampaignsThe US Federal Bureau of Investigation’s (FBI’s) San Francisco division warns that threat actors are increasingly using AI tools to improve their social engineering attacks.KNOWBE4.COM
15 MayRussian Actors Weaponize Legitimate Services in Multi-Malware AttackThe threat actor, likely located in the Commonwealth of Independent States (CIS), strategically targeted a spectrum of operating systems and computer architectures in the credential harvesting campaign, including Windows and macOS.INFOSECURITY-MAGAZINE.COM
15 MayWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
15 MayAndroid 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious AppsGoogle is unveiling a set of new features in Android 15 to prevent malicious apps installed on the device from capturing sensitive data. This constitutes an update to the Play Integrity API that third-party app developers can take advantage of to secure their applicatio…THEHACKERNEWS.COM
15 MayThoma Bravo-owned LogRhythm Announces Merger with Rival ExabeamFinancial terms were not released but the price tag is expected to be hefty with Exabeam’s most recent valuation pegged at $2.5 billion. The post Thoma Bravo-owned LogRhythm Announces Merger with Rival Exabeam appeared first on SecurityWeek .SECURITYWEEK.COM
15 MayRSAC Cryptographers' Panel Tackles AI, Post-Quantum, PrivacyPanelists Discuss Building Safe AI Ecosystems, Post-Quantum Crypto Challenges The annual Cryptographer's Panel at RSA Conference gathers leading cybersecurity thinkers to review and debate the big topics of the day. Topics on tap this year included a recent threat to post-quantum…DATABREACHTODAY.CO.UK
15 MayLinux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reachsubmitted by glarf to cybersecurity 2 points | 1 comments https://arstechnica.com/security/2024/05/ssh-backdoor-has-infected-400000-linux-servers-over-15-years-and-keeps-on-spreading/ARSTECHNICA.COM
15 MaySIEM Stalwart LogRhythm to Merge With ExabeamCisco's Earlier Acquisition of Splunk Makes Waves in the SIEM Market There's more consolidation in the SIEM market following today's announcement by LogRhythm and Exabeam that they've reached an agreement to merge. Doubters have attempted for years now to write an obituary for th…DATABREACHTODAY.CO.UK
15 MayEU and US Advance Bilateral Talks on AI, CybersecurityEuropean Commission Technology Chief Visits Washington for AI, Cyber Discussions The European Commission's director general for communication, networks, content and technology is visiting Washington, D.C. this week for a series of bilateral discussions focused on advancing EU-U.S…DATABREACHTODAY.CO.UK
15 MayBipartisan Senators Endorse $32M Annually for AI ResearchFunding Aimed at Boosting Non-Defense Research and Innovation in AI A bipartisan group of U.S. senators on Wednesday unveiled a road map for artificial intelligence that includes backing a proposal to spend $32 billion annually on civilian research. The road map does not take a p…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 4[−]
15 MayScammers are Getting Creative Using Malvertising, Deepfakes, and YouTubeThe Avast Q1 2024 Threat Report highlighted a massive surge in social engineering scams, with a staggering 90% of all mobile and 87% of desktop threats falling into this category.AVAST.COM
15 May400,000 Linux Servers Hit By Ebury BotnetPACKETSTORMSECURITY.COM
15 MayAndroid 15, Google Play get new anti-malware and anti-fraud featuresToday, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices. [...]BLEEPINGCOMPUTER.COM
15 MayAndroid 15, Google Play Protect get new anti-malware and anti-fraud featuresToday, Google announced new security features coming to Android 15 and Google Play Protect that will help block scams, fraud, and malware apps on users' devices. [...]BLEEPINGCOMPUTER.COM
🎙️ PODCASTS 1[−]
15 MaySmashing Security podcast #372: The fake deepfake, and Estate insecurityRemember when a US mother was accused of distributing explicit deepfake photos and videos to try to get her teenage daughter's cheerleading rivals kicked off the team? Well, there has been a surprising development. And learn how cybercriminals have been stealing boomers' one-time…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 21[−]
15 MayDutch Court Sentences Tornado Cash Co-Founder to 5 Years in Prison for Money LaunderingA Dutch court on Tuesday sentenced one of the co-founders of the now-sanctioned Tornado Cash cryptocurrency mixer service to 5 years and 4 months in prison. While the name of the defendant was redacted in the verdict, it's known that Alexey Pert…THEHACKERNEWS.COM
15 MayIt's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft AzureWhile cloud adoption has been top of mind for many IT professionals for nearly a decade, it’s only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a dauntin…THEHACKERNEWS.COM
15 MayDeRusha Stepping Down From Federal CISO RoleChris DeRusha is leaving his position as the federal CISO, a role he has held since January 2021. He is also departing from his role as the deputy national cyber director at the Office of the National Cyber Director (ONCD).FEDSCOOP.COM
15 MayMaking Waves: LATAM Sales Team Clears Beach Debris in PanamaSophos' Latin America Sales Team delivers an epic beach clean-up in Panama, clearing a staggering 470 kg of debris.SOPHOS.COM
15 MayTornado Cash cryptomixer dev gets 64 months for laundering $2 billionAlexey Pertsev, one of the main developers of the Tornado Cash cryptocurrency tumbler has been sentenced to 64 months in prison for his part in helping launder more than $2 billion worth of cryptocurrency. [...]BLEEPINGCOMPUTER.COM
15 MaySeveral Vulnerabilities Addressed in Ubuntu 24.04Ubuntu 24.04 LTS has addressed several security vulnerabilities, including issues in less, Glibc, Curl, GnuTLS, libvirt, and Pillow, which could potentially lead to denial of service or arbitrary code execution.TUXCARE.COM
15 MayAI Is an Expert LiarAI systems trained to excel at tasks can learn to lie and deceive in order to gain an advantage, posing serious risks to society such as fraud, election tampering, and even the potential loss of human control over AI.HEALTHCAREINFOSECURITY.COM
15 MayAustralia: AFL Players Call for Data Protection Overhaul as Concerns Include Drug Test ResultsAFL players are concerned about the risk of their personal and sensitive information, such as drug test results and psychologist session notes, being leaked onto the dark web due to inadequate data protection measures.THEGUARDIAN.COM
15 MaySophos Firewall v20 MR1 is now availableThis fantastic update is free for all licensed Sophos Firewall customers.SOPHOS.COM
15 MayA Cost-Effective Encryption Strategy Starts With Key ManagementA cost-effective encryption strategy starts with effective key management, which involves making critical decisions about where to store encryption keys, how to manage them, and how to prepare for the post-quantum future.DARKREADING.COM
15 MayGoogle’s call-scanning AI could dial up censorship by default, privacy experts warnA feature Google demoed at its I/O confab yesterday, using its generative AI technology to scan voice calls in real-time for conversational patterns associated with financial scams, has sent a collective shiver down the spines of privacy and security experts who are warning the f…TECHCRUNCH.COM
15 MayApple blocked $7 billion in fraudulent App Store purchases in 4 yearsApple's antifraud technology has blocked more than $7 billion in potentially fraudulent transactions in four years, the company states in its latest annual fraud prevention analysis. [...]BLEEPINGCOMPUTER.COM
15 MayGoogle Launches AI-Powered Theft and Data Protection Features for Android DevicesGoogle has announced a slew of privacy and security features in Android, including a suite of advanced protection features to help secure users' devices and data in the event of a theft. These features aim to help protect data before, during and after a theft attempt, t…THEHACKERNEWS.COM
15 MayBrothers arrested for $25 million theft in Ethereum blockchain attack​The U.S. Department of Justice has indicted two brothers for allegedly manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency within approximately 12 seconds in a "first-of-its-kind" scheme. [...]BLEEPINGCOMPUTER.COM
15 MayAndroid to add new anti-theft and data protection features​Google is introducing multiple anti-theft and data protection features later this year, some available only for Android 15+ devices, while others will roll out to billions of devices running Android 10 and later. [...]BLEEPINGCOMPUTER.COM
15 MayUnderstanding Imposter Syndrome in the Technology SectorWhat It Means, Who Is Affected by It and How to Overcome It Imposter syndrome is a psychological phenomenon in which individuals doubt their accomplishments and have an internalized fear of being exposed as a fraud. Employees can overcome these fears by finding mentors, documenti…DATABREACHTODAY.CO.UK