51Articles
7Categories
2024-05-27Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
27 May KEVChrome patches fourth zero-day flaw this monthGoogle released a new stable update for its Chrome browser in order to fix an actively exploited vulnerability. This brings the number of zero-day flaws patched this month to four and eight in total for the year. Four actively exploited flaws in a single month is an unusually hig…CSOONLINE.COM
27 MayGoogle Patches Chrome Zero-Day: Type Confusion in V8 JavaScriptGoogle has released a patch for a zero-day exploit in its Chrome browser. The vulnerability, identified as CVE-2024-5274, involves a confusion issue in the V8 JavaScript engine, which could allow attackers to execute arbitrary code on affected systems. CVE-2024-5274 – Detai…GBHACKERS.COM
27 MayCisco Firepower Vulnerability Let Attackers Launch SQL Injection AttacksA critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software’s web-based management interface. This vulnerability could potentially allow authenticated, remote attackers to conduct SQL injection attacks on affected systems. This vulnerabi…GBHACKERS.COM
27 May KEVNVD Leaves Exploited Vulnerabilities UncheckedIn the report published on May 23, VulnCheck showed that 30 out of 59 known exploited vulnerabilities (KEVs) registered since February 12 have not yet been analyzed by the NVD team.INFOSECURITY-MAGAZINE.COM
⚠️ VULNERABILITY DISCLOSURE 14[−]
27 MayHackers Created Rogue VMs in Recent MITRE’s Cyber AttackState-sponsored hackers recently exploited vulnerabilities in MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). They used rogue virtual machines (VMs) to evade detection and maintain persistence in a cyberattack. The attack, attributed to …GBHACKERS.COM
27 MayThe art of saying no is a powerful tool for the CISO in the era of AIMoving fast can be a good thing but not at the cost of security — as the AI boom puts immense pressure on product teams to quickly bring products to market ahead of competitors, CISOs can seize this moment to show how security is a powerful business enabler. The security of a pro…CSOONLINE.COM
27 MayHackers Exploit WordPress Plugin to Steal Credit Card DataHackers have exploited an obscure WordPress plugin to inject malware into websites, specifically targeting WooCommerce online stores to steal credit card information. This alarming trend highlights the persistent threat cybercriminals pose and the need for robust security measure…GBHACKERS.COM
27 MayHigh-Severity Flaw Affects Cisco Firepower Management CenterCisco states that there are no workarounds that address this vulnerability. The IT giant has confirmed that this vulnerability does not affect Adaptive Security Appliance (ASA) Software or Firepower Threat Defense (FTD) Software.SECURITYAFFAIRS.COM
27 MayCyber Security Today, May 27, 2024 - Security controversy over a new Microsoft tool, a new open source threat intelligence serviceThis episode reports on fake antivirus web sites to stay away from, and moreCYBERSECURITYTODAY.LIBSYN.COM
27 MayStark Industries Solutions: An Iron Hammer in the CloudAn investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia.KREBSONSECURITY.COM
27 MayAI-as-a-Service Platform Patches Critical RCE VulnerabilityAttackers could have exploited a now-mitigated critical vulnerability in the Replicate artificial intelligence platform to access private AI models and sensitive data, including proprietary knowledge and personally identifiable information.BANKINFOSECURITY.COM
27 MayFail2Ban: Ban hosts that cause multiple authentication errorsFail2Ban is an open-source tool that monitors log files and blocks IP addresses that exhibit repeated failed login attempts. It does this by updating firewall rules to reject new connections from those IP addresses for a configurable amount of time.HELPNETSECURITY.COM
27 MayWeekly Update 401Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Ah, episode 401, the unauthorised one! Ok, that was terrible, but what's not terrible is finally getting some serious dev resource…TROYHUNT.COM
27 MayAI-as-a-Service Platform "Replicate" Patches Critical RCE Vulnerabilitysubmitted by kid to cybersecurity 2 points | 0 comments https://www.bankinfosecurity.com/ai-as-a-service-platform-patches-critical-rce-vulnerability-a-25324BANKINFOSECURITY.COM
27 MayGNOME Remote Desktop Vulnerability Let Attackers Read Login CredentialsGNOME desktop manager was equipped with a new feature which allowed remote users to create graphical sessions on the system by configuring the system daemon. This daemon runs as a dedicated “gnome-remote-desktop” and also provides a D-bus interface on the D-bus system…GBHACKERS.COM
27 MayThe VC Perspective: Embracing Uncertainty & Staying the Course - Alberto Yépez - BSW VaultCheck out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on June 27, 2022. Forgepoint Capital’s Co-Founder and Managing Director, Alberto Yépez, explains what the current economic challenges mean for innovation and…YOUTUBE.COM
27 MayShifting Third Party Risk & What You Need to Know About PCI DSS 4.0 - RSAC - BSW VaultExplore how to transform your third party risk program from a business bottleneck to a business driver. Discover how evidence-based security documentation and AI can streamline risk assessments, completing them in days not months. This data-driven approach will reduce TPRM backlo…YOUTUBE.COM
27 MayTP-Link fixes critical RCE bug in popular C5400X gaming routerThe TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 7[−]
27 MayHow to choose the right network security monitoring productNetwork security monitoring products help companies maintain network security by continuously checking for potential security threats and vulnerabilities. They collect, analyze, and respond to network traffic data to detect suspicious activity, malware, unauthorized access, and o…CSOONLINE.COM
27 MayHackers target Check Point VPNs to breach enterprise networksThreat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 7[−]
27 MayHealth Information Published Online After MediSecure Ransomware Attacksubmitted by kid to cybersecurity 3 points | 0 comments https://www.infosecurity-magazine.com/news/health-info-online-medisecure/INFOSECURITY-MAGAZINE.COM
27 MayHackers Phish Finance Organizations in the US and Europe Using Trojanized Minesweeper CloneCERT-UA reports that research following the initial discovery of this attack revealed at least five potential breaches by the same files in financial and insurance institutions across Europe and the United States.BLEEPINGCOMPUTER.COM
27 MayWorried About Job Security, Cyber Teams Hide Security IncidentsThe frequency and severity of attacks are increasing—yet most businesses remain unprepared, according to VikingCloud. Between a growing talent shortage, alert fatigue, and new sophisticated attack methods, companies are more susceptible than ever.HELPNETSECURITY.COM
27 MayCourt Orders Optus to Release Data Breach Report to LawyersClass Action Law Firms Seek Access to Commissioned Deloitte Report Into Mega-Breach The Federal Court of Australia has rejected a request from telecommunications giant Optus to keep private a detailed digital forensic investigation report conducted by Deloitte into the massive da…DATABREACHTODAY.CO.UK
27 MayAustralian Telecom Watchdog Sues Optus Over 2022 Data BreachThe Australian Communications and Media Authority said it has filed proceedings against Optus in a federal court as the company failed to protect sensitive customer data during a data breach in September 2022 that affected close to 10 million people.BANKINFOSECURITY.COM
27 MaySav-Rx discloses data breach impacting 2.8 million AmericansPrescription management company Sav-Rx is warning over 2.8 million people in the United States that it suffered a data breach, stating that their personal data was stolen in a 2023 cyberattack. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 7[−]
27 MayFiles with TXZ extension used as malspam attachments, (Mon, May 27th)Malicious e-mail attachments come in all shapes and sizes. In general, however, threat actors usually either send out files, which themselves carry a malicious payload – such as different scripts, Office documents or PDFs – or they send o…ISC.SANS.EDU
27 MayBitsight, SecurityScorecard, Panorays Lead Risk Ratings TechAutomation, Improved Data Validation Reduce False Positives for Cyber Risk Ratings By improving data validation and incorporating automation, cyber risk ratings platforms are addressing trust issues and enhancing their role in third-party risk management. Bitsight and SecuritySco…DATABREACHTODAY.CO.UK
27 MayData Leak Exposes 500GB of Indian Police, Military Biometric Datasubmitted by kid to cybersecurity 2 points | 0 comments https://www.hackread.com/data-leak-indian-police-military-biometric-data/HACKREAD.COM
27 MaySurveillance Risk: Apple's WiFi-Based Positioning SystemStarlink Routers in Ukraine and Gaza Trackable via Apple WPS, Researchers Warn Apple's WiFi-based positioning system can be abused to track the live location of various types of devices around the globe, including Starlink routers in war zones, researchers warn. Until Apple puts …DATABREACHTODAY.CO.UK
27 MayKesakode: A Remote Hash Lookup Service To Identify Malware SamplesToday marks a significant milestone for Malcat users with the release of version 0.9.6, introducing Kesakode, a remote hash lookup service. This innovative tool is tightly integrated into Malcat’s UI and is designed to match known functions, strings, and constant sets again…GBHACKERS.COM
27 MayDon't Expect Cybersecurity 'Magic' From GTP-4o, Experts WarnOpen Questions: Degree to Which OpenAI's Tool Hallucinates, Security of AI Model While OpenAI's latest generative artificial intelligence model, GPT-40, offers many new capabilities, experts recommend tempering expectations about any affect it might have on the cybersecurity land…DATABREACHTODAY.CO.UK
27 MayDon't Expect Cybersecurity 'Magic' From GPT-4o, Experts WarnOpen Questions: Degree to Which OpenAI's Tool Hallucinates, Security of AI Model While OpenAI's latest generative artificial intelligence model, GPT-4o, offers many new capabilities, experts recommend tempering expectations about any affect it might have on the cybersecurity land…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 3[−]
27 MayPakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian TargetsThe Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. "This cluster of activity spanned from late 2023 to April 202…THEHACKERNEWS.COM
27 MayArc Browser’s Windows Launch Targeted by Google Ads MalvertisingAccording to a report by Malwarebytes, cybercriminals prepared for the product launch, setting up malicious advertisements on Google Search to lure users looking to download the new web browser.BLEEPINGCOMPUTER.COM
27 MayFake Antivirus Websites Used to Distribute Info-Stealer MalwareResearchers at Trellix Advanced Research Center spotted fake AV sites used to distribute info-stealers. The malicious websites hosted sophisticated malicious files such as APK, EXE, and Inno setup installer, including spying and stealer capabilities.SECURITYAFFAIRS.COM
📡 INFOSEC NEWS 9[−]
27 MayNew Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAICybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent p…THEHACKERNEWS.COM
27 MayEU Wants Universities to Work with Intelligence Agencies to Protect Their ResearchEurope’s leading research universities should work more closely with the continent’s intelligence agencies to help secure their research from being stolen by hostile states, EU member states recommended this week.THERECORD.MEDIA
27 MaySeizing Control of the Cloud Security CockpitCloud applications and SaaS tools have countless configuration options that are often poorly documented and can change frequently, making it difficult to ensure they are securely configured.DARKREADING.COM
27 MayReport: The Dark Side of Phishing ProtectionThe transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and emp…THEHACKERNEWS.COM
27 MayMalicious PyPI Packages Targeting Highly Specific MacOS MachinesCybersecurity researchers at Datadog Security Labs discovered malicious software packages targeting MacOS users through the Python Package Index (PyPI) and NPM repository.SECURITYLABS.DATADOGHQ.COM
27 MayMoroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card FraudMicrosoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that's behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. "Their primary motivation is to steal gift cards and profit by selling them online a…THEHACKERNEWS.COM