🚨 CISA KEV 2[−]
17 May KEVCISA Warns of Exploited Vulnerabilities in EOL D-Link ProductsCISA has added two vulnerabilities in discontinued D-Link products to its KEV catalog, including a decade-old flaw. The post CISA Warns of Exploited Vulnerabilities in EOL D-Link Products appeared first on SecurityWeek .SECURITYWEEK.COM
17 May KEVUK Lags Europe on Exploited Vulnerability RemediationA report from Bitsight revealed that UK organizations are taking significantly longer than their European counterparts to remediate software vulnerabilities listed in the US CISA's Known Exploited Vulnerability (KEV) catalog.INFOSECURITY-MAGAZINE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
17 May KEVCISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch NowThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE…THEHACKERNEWS.COM
17 MayCritical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)submitted by kid to cybersecurity 2 points | 0 comments https://www.helpnetsecurity.com/2024/05/16/git-cve-2024-32002/HELPNETSECURITY.COM
17 MayCritical Flaw in AI Python Package Can Lead to System and Data CompromiseA critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers. The post Critical Flaw in AI Python Package Can Lead to System and Data Compromise appeared first on SecurityWeek .SECURITYWEEK.COM
⚠️ VULNERABILITY DISCLOSURE 19[−]
17 MayFCC proposes BGP security measuresJessica Rosenworcel wants ISPs to tell her how they’re securing BGP (Border Gateway Protocol) , a critical system for routing internet traffic. The chairwoman of the US Federal Communications Commission has proposed that the FCC require large broadband service providers to submit…NETWORKWORLD.COM
17 MayFlaw in Wi-Fi-Standard can Enable SSID Confusion AttacksA design flaw in the IEEE 802.11 Wi-Fi standard allows attackers to trick victims into connecting to a less secure wireless network than the one they intended to connect to, exposing them to higher risks of traffic interception and manipulation.DARKREADING.COM
17 MayThreat Actors Misusing Quick Assist in Social Engineering Attacks Leading to RansomwareCybercriminals are exploiting Microsoft's Quick Assist tool to conduct social engineering attacks and deliver ransomware like Black Basta to target users across various industries.MICROSOFT.COM
17 MayCybersecurity Analysis Exposes High-Risk Assets in Power and Healthcare SectorsTraditional approaches to vulnerability management result in a narrow focus of the enterprise attack surface area that overlooks a considerable amount of risk, according to Claroty.HELPNETSECURITY.COM
17 MayCritical Git Vulnerability Allows RCE When Cloning Repositories With SubmodulesThe vulnerability can be exploited on multi-user machines, where an attacker can prepare a local repository to look like a partial clone that is missing an object, causing Git to execute arbitrary code during the clone operation.HELPNETSECURITY.COM
17 MayViperSoftX Malware Uses Deep Learning Model To Execute CommandsViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts text from images, and the malware scans these extracted strings for phrases related to passwords or cryptocurrency wal…GBHACKERS.COM
17 MayDDoS attacks: Definition, examples, and techniquesWhat is a DDoS attack? A distributed denial of service (DDoS) attack is when an attacker, or attackers, attempt to make it impossible for a service to be delivered. This could be sending a web server so many requests to serve a page that it crashes under the demand, or it could b…CSOONLINE.COM
17 MayNew Linux Backdoor Attacking Linux Users Via Installation PackagesLinux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target for gaining unauthorized access or spreading malware. Besides this, its open-source nature allows threat actors to study the code and identify new v…GBHACKERS.COM
17 MayFBI Seizes BreachForums WebsiteThe FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has gained access to the hacking forum’s backend data, as they claim, they would have email addresses, IP addresses, and private messages that could e…SCHNEIER.COM
17 MayFCC Might Require Telecoms to Report on Securing Internet’s BGP TechnologyThe FCC is proposing to mandate that broadband providers develop BGP security plans and document their use of the Resource Public Key Infrastructure (RPKI) security framework.THERECORD.MEDIA
17 MayHow a new wave of deepfake-driven cybercrime targets businessesAs deepfake attacks on businesses dominate news headlines, detection experts are gathering valuable insights into how these attacks came into being and the vulnerabilities they exploit. Between 2023 and 2024, frequent phishing and social engineering campaigns led to account hijac…SECURITYINTELLIGENCE.COM
17 MaySEC rule for finance firms boosts disclosure requirementsThe SEC announced rule changes for some financial companies that will require more customer disclosures when security incidents impact their personal information as well as mandate incident response programs. The new rule, however, is unlikely to change anything for enterprise fi…CSOONLINE.COM
17 MayOWASP Dep-Scan: Open-Source Security and Risk Audit ToolOWASP dep-scan is an open-source security and risk assessment tool that analyzes project dependencies to identify vulnerabilities, licensing issues, and potential risks like dependency confusion attacks.HELPNETSECURITY.COM
17 MayWebTPA data breach impacts 2.4 million insurance policyholdersThe WebTPA Employer Services (WebTPA) data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services notes. [...]BLEEPINGCOMPUTER.COM
17 MayHealthcare company WebTPA discloses breach affecting 2.5 million peopleA Texas-based company that provides health insurances and benefit plans disclosed a data breach affecting almost 2.5 million people, some of whom had their Social Security number stolen. WebTPA said in a data breach notice published earlier this month that the company detected “e…TECHCRUNCH.COM
17 MayIs an Open-Source AI Vulnerability Next?The challenges within the AI supply chain mirror those of the broader software supply chain, with added complexity when integrating large language models (LLMs) or machine learning (ML) models into organizational frameworks.HELPNETSECURITY.COM
17 MayKinsing Hacker Group Exploits More Flaws to Expand Botnet for CryptojackingThe cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to exploit arsenal and expand its botnet. The findings come from cl…THEHACKERNEWS.COM
17 MayMicrosoft to start enforcing Azure multi-factor authentication in JulyStarting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 12[−]
17 MayUnsafe Software Development Practices Persist, Despite CISA's PushDespite repeated efforts by the CISA to eliminate common software vulnerabilities, unsafe software development practices continue to persist across the industry, highlighting the challenges in driving change in coding practices.CYBERSECURITYDIVE.COM
17 MayNorway Recommends Replacing SSLVPN/WebVPN to Stop Cyber AttacksA very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS) based VPN solutions, like SSLVPN and WebVPN, should be replaced with safer options. Bad people are still taking advantage of flaws in…GBHACKERS.COM
17 MayNew UK System Will See ISPs Benefit From Same Protections as Government NetworksThe UK's NCSC has launched a new "Share and Defend" system that will provide internet service providers with the same malicious domain blocklists used to protect government networks, helping to raise cybersecurity resilience across the country.THERECORD.MEDIA
17 MaySEC: Financial orgs have 30 days to send data breach notificationsThe Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. [...]BLEEPINGCOMPUTER.COM
17 MayNissan reveals ransomware attack exposed 53,000 workers’ social security numbersNissan North America has revealed that extortionists who demanded a ransom after breaking into its external VPN and disrupted systems last year also stole the social security numbers of over 53,000 staff. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
17 MayMicrosoft, North Korea, Santander, CISA, Deepfakes, Aaran Leyland & More - SWN #387Microsoft, North Korea, Santander, CISA, Deepfakes, Aaran Leyland & more on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-387YOUTUBE.COM
17 MayHealth Plan Services Firm Notifying 2.4 Million of PHI TheftData Stolen Over a Year Ago, But WebTPA Didn’t Discover Hack Until December A Texas-based firm that provides health plan administration services is notifying more than 2.4 million individuals of a hacking incident and data theft that happened more than a year ago. Why did it take…DATABREACHTODAY.CO.UK
17 MayTop US Cyber Defense Official Eric Goldstein to Step DownEric Goldstein Stepping Down in June After 3 Years at US Cyber Defense Agency Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, is stepping down from the top post at the nation’s cyber defense agency after serv…DATABREACHTODAY.CO.UK
17 MayUS SEC Approves Wall Street Data Breach Reporting RegsCovered Financial Institutions Have 30 Days to Notify Customers of Data Breaches The Securities and Exchange Commission unanimously approved updated regulations for covered financial institutions requiring entities such as fund companies and investment advisers to notify customer…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 14[−]
17 MayOngoing Malvertising Campaign leads to RansomwareCybercriminals have weaponized popular software tools like WinSCP and PuTTY to deliver ransomware, tricking users into downloading malicious installers that infect their systems with a Sliver beacon and other malicious payloads.RAPID7.COM
17 MaySantander Data Breach: Hackers Accessed Company DatabaseSantander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and Chile. Concerns have been made about data security and privacy following the breach, which was found to have started with someone breaking into a database hos…GBHACKERS.COM
17 MayGhostSec Announces Shift in Operations from Ransomware to HacktivismThe cybercriminal group GhostSec has shifted from ransomware to hacktivism, stating they've gathered enough funds and will now focus on promoting social and political agendas through hacking.THECYBEREXPRESS.COM
17 MayKimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber AttacksThe Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The …THEHACKERNEWS.COM
17 MayRemote-Access Tools the Intrusion Point to Blame for Most Ransomware AttacksAs per cybersecurity insurance firm At-Bay, remote-access tools, particularly self-managed VPNs from Cisco and Citrix, were the primary intrusion point for most ransomware attacks in 2023, accounting for over 60% of incidents.CYBERSECURITYDIVE.COM
17 MayMicrosoft Quick Assist Tool Abused for Ransomware DeliveryThe Black Basta group abuses remote connection tool Quick Assist in vishing attacks leading to ransomware deployment. The post Microsoft Quick Assist Tool Abused for Ransomware Delivery appeared first on SecurityWeek .SECURITYWEEK.COM
17 MayCloud Security Incidents Make Organizations Turn to AI-Powered PreventionOrganizations are increasingly using AI-powered measures to address the rise in cloud security incidents, as traditional tools struggle to keep up with rapid technological advancements and sophisticated cyber threats.HELPNETSECURITY.COM
17 MayIn Other News: MediSecure Hack, Scattered Spider Targeted by FBI, New Wi-Fi AttackNoteworthy stories that might have slipped under the radar: FBI is targeting Scattered Spider, Australia’s MediSecure hacked, new Wi-Fi attack. The post In Other News: MediSecure Hack, Scattered Spider Targeted by FBI, New Wi-Fi Attack appeared first on SecurityWeek .SECURITYWEEK.COM
17 MaySEC to Require Financial Firms to Have Data Breach Incident PlansThe SEC now requires certain financial institutions to have written policies for detecting, addressing, and notifying customers of data breaches involving their personal information.THERECORD.MEDIA
17 May8 out of 10 Organizations Experience a Cyber Attack and Attribute Users as the ProblemRegardless of whether your environment is on-premises, in the cloud or hybrid, new data makes it clear that users are the top cybersecurity concern, and we cover what you can do about it.KNOWBE4.COM
17 MayVerizon: The Human Element is Behind Two-Thirds of Data BreachesDespite growing security investments in prevention, detection and response to threats, users are still making uninformed mistakes and causing breaches.KNOWBE4.COM
17 MayCyber Security Today, Week in Review for Friday, May 17, 2024This episode features a discussion on the FBI takedown of the BreachForums criminal marketplace, and moreCYBERSECURITYTODAY.LIBSYN.COM
17 MayThe Week in Ransomware - May 17th 2024 - Mailbombing is backThis week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. However, that does not mean there was nothing of interest released this week about ransomware. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 18[−]
17 MayISC Stormcast For Friday, May 17th, 2024 https://isc.sans.edu/podcastdetail/8986, (Fri, May 17th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
17 MayRussian APT Hackers Attacking Critical InfrastructureRussia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals, as APT groups conduct espionage to gather valuable political and economic information. The Russian government may recruit …GBHACKERS.COM
17 MayU.S. Govt Announces Rewards up to $5 Million for North Korean IT WorkersThe U.S. government has offered a prize of up to $5 million for information that leads to the arrest and severance of North Korean IT workers working around the world. This plan, which was announced on Thursday, is meant to stop these workers from doing illegal things that are th…GBHACKERS.COM
17 MayUs Offers $5 Million for Info on North Korean IT Workers Involved in Job FraudThe U.S. government is offering a $5 million reward for information on a network of North Korean IT workers who allegedly scammed U.S. companies out of nearly $7 million through a job fraud scheme.THERECORD.MEDIA
17 MayCyber Security Today, May 17, 2024 - Malware hiding in Apache Tomcat servers, new backdoors found, and moreThis episode reports on the break up of a North Korean scheme tricking American firms into hiring who they thought were Americans app developers to work remotely, and moreCYBERSECURITYTODAY.LIBSYN.COM
17 MayWoman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US FirmsThe US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme that generates revenue for North Korea. The post Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms appeared first on SecurityWeek .SECURITYWEEK.COM
17 MayC/side Emerges From Stealth Mode With $1.7 Million InvestmentC/side has emerged from stealth mode with $1.7 million in pre-seed funding from Scribble Ventures and angel investors The post C/side Emerges From Stealth Mode With $1.7 Million Investment appeared first on SecurityWeek .SECURITYWEEK.COM
17 MayNew ‘Antidot’ Android Trojan Allows Cybercriminals to Hack Devices, Steal DataThe Antidot Android banking trojan snoops on users and steals their credentials, contacts, and SMS messages. The post New ‘Antidot’ Android Trojan Allows Cybercriminals to Hack Devices, Steal Data appeared first on SecurityWeek .SECURITYWEEK.COM
17 MayEmployee Personal GitHub Repos Expose Internal Azure and Red Hat Secretssubmitted by kid to cybersecurity 1 points | 0 comments https://www.aquasec.com/blog/github-repos-expose-azure-and-red-hat-secrets/AQUASEC.COM
17 MayChina-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RATCybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year. "Deuterbear, while similar to Waterbear…THEHACKERNEWS.COM
17 MayOff-Topic Fridaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
17 MayAnother PDF Streams Example: Extracting JPEGs, (Fri, May 17th)In my diary entry " Analyzing PDF Streams " I showed how to use my tools file-magic.py and myjson-filter.py together with my PDF analysis tool pdf-parser.py to analyze PDF streams en masse.
ISC.SANS.EDU
17 MayBSides Kansas City 2024submitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/96cf31a2-8970-48ca-9d1e-8a00ee39151f.png BSidesKC 2024 PlaylistINFOSEC.PUB
17 MayUser Outcry as Slack Scrapes Customer Data for AI Model TrainingSlack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It's opt-in by default. The post User Outcry as Slack Scrapes Customer Data for AI Model Training appeared first on SecurityWeek .SECURITYWEEK.COM
17 MayA Former OpenAI Leader Says Safety Has ‘Taken a Backseat to Shiny Products’ at the AI CompanyJan Leike, who ran OpenAI’s “Super Alignment” team believes there should be more focus on preparing for the next generation of AI models, including on things like safety The post A Former OpenAI Leader Says Safety Has ‘Taken a Backseat to Shiny Products’ at the AI Company appeare…SECURITYWEEK.COM
17 MayHackers Target US AI Experts With Customized RATHackers Sought Specific Generative AI Software at Leading US Firm: Proofpoint A possible Chinese threat actor is using a variant of the Gh0st RAT malware to steal information from artificial intelligence experts in U.S. companies, federal agencies and academia. On the criminal gr…DATABREACHTODAY.CO.UK
17 MayFriday Squid Blogging: Emotional Support SquidWhen asked what makes this an “emotional support squid” and not just another stuffed animal, its creator says: They’re emotional support squid because they’re large, and cuddly, but also cheerfully bright and derpy. They make great neck pillows (and you ca…SCHNEIER.COM
17 MayThe who, where, and how of APT attacks – Week in security with Tony AnscombeThis week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscapeWELIVESECURITY.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
17 MayCybersecurity Leaders Expect Their SOC Budgets to Grow, KPMG FindsCybersecurity leaders expect their security operations center (SOC) budgets to grow by up to 20% over the next two years, with the average annual SOC budget currently standing at $14.6 million, according to a survey conducted by KPMG.CYBERSECURITYDIVE.COM
📡 INFOSEC NEWS 8[−]
17 MayTwo-stage Dropbox spear phishing | Kaspersky official blogCybercriminals prey on corporate credentials by sending phishing links through Dropbox after priming the victim.KASPERSKY.COM
17 MayNew XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEsA new report from XM Cyber has found – among other insights - a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: The State of Exposure …THEHACKERNEWS.COM
17 MayCritical Flaw In AI Python Package Can Lead To System And Data CompromisePACKETSTORMSECURITY.COM
17 MayUS arrests suspects behind $73M ‘pig butchering’ laundering schemeThe U.S. Department of Justice charged two suspects for allegedly leading a crime ring that laundered at least $73 million from cryptocurrency investment scams, also known as "pig butchering." [...]BLEEPINGCOMPUTER.COM
17 MayTwo students uncover security bug that could let millions do their laundry for freeCSC ServiceWorks provides laundry machines to thousands of residential homes and universities, but the company ignored requests to fix a security bug. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
17 MayOnDemand | Level Up Your Security Stack: EDR vs Endpoint Privilege ManagementDATABREACHTODAY.CO.UK