🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
31 MayCISA Warns of Exploited Linux Kernel VulnerabilityCISA instructs federal agencies to mitigate CVE-2024-1086, a Linux kernel flaw leading to privilege escalation. The post CISA Warns of Exploited Linux Kernel Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
31 MayHackers Exploiting Stored XSS Vulnerabilities in WordPress PluginsIn recent cyberattacks, hackers are actively exploiting stored cross-site scripting (XSS) vulnerabilities in various WordPress plugins. According to Fastly reports, these vulnerabilities, identified as CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000, are targeted due to inadequa…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 15[−]
31 MayTwo-factor authentication (2FA) explained: How it works and how to enable itWhat is 2FA? Two-factor authentication (2FA) is a security access method that requires users to provide two forms of identification (aka factors), typically a password in conjunction with a second factor such as a physical token, code generated by an app on the user’s phone, or a…CSOONLINE.COM
31 May3 reasons users can’t stop making security mistakes — unless you address themRisks associated with cybersecurity continue to evolve, but one challenge remains a constant for CISOs: managing human error. Even with advanced solutions and sophisticated protocols in place, employees continue to inadvertently expose sensitive data and systems to cyber threats.…CSOONLINE.COM
31 MayOpenAI, Meta, TikTok Disrupt Multiple AI-Powered Disinformation CampaignsOpenAI on Thursday disclosed that it took steps to cut off five covert influence operations (IO) originating from China, Iran, Israel, and Russia that sought to abuse its artificial intelligence (AI) tools to manipulate public discourse or political outcomes online while obscurin…THEHACKERNEWS.COM
31 MayBBC Data Breach Impacts 25,000 EmployeesThe BBC has disclosed a data breach impacting over 25,000 current and former employees, but the incident did not involve ransomware. The post BBC Data Breach Impacts 25,000 Employees appeared first on SecurityWeek .SECURITYWEEK.COM
31 MayOkta alerts customers against new credential-stuffing attacksA cross-origin authentication feature in Okta’s customer identity cloud (CIC) is open to credential-stuffing attacks, the identity and access management company said in a security advisory . The company said it observed several attempts by threat actors to exploit the vulnerable …CSOONLINE.COM
31 MayBug in EmbedAI can allow poisoned data to sneak into your LLMsEmbedAI, an application used to interact with documents by utilizing the capabilities of large language models (LLMs), is experiencing a data poisoning vulnerability, according to cybersecurity research firm, Synopsys. “This vulnerability could result in an application becoming c…CSOONLINE.COM
31 MayFlyingYeti Exploits WinRAR Vulnerability For Targeted Malware AttacksEver since Russia’s invasion of Ukraine on February 24, 2022, there have been heavy tensions between the nations and worldwide. After this incident, Ukraine imposed an eviction and termination moratorium on utility services for unpaid debt, ending in January 2024. However, …GBHACKERS.COM
31 MayHackers Weaponizing MS Office-Cracked Versions to Deliver MalwareAttackers in South Korea are distributing malware disguised as cracked software, including RATs and crypto miners, and registering themselves with the Task Scheduler to ensure persistence. Even after removing the initial malware, the Task Scheduler triggers PowerShell commands to…GBHACKERS.COM
31 MayELLIO and ntop partnership to boost high-speed network traffic monitoring with real-time data on opportunistic scans, botnets, and mass attacksELLIO, a provider of real-time, highly accurate intelligence for filtering of unwanted network traffic and cybernoise, and ntop, a provider of open-source and commercial high-speed traffic monitoring applications, have announced a partnership to enhance visibility into malicious …GBHACKERS.COM
31 MayLaw Enforcement Operation Takes Aim At An Often Overlooked Cybercrime LynchpinPACKETSTORMSECURITY.COM
31 MayEuropol identifies 8 cybercriminals tied to malware loader botnetsEuropol and German law enforcement have revealed the identities of eight cybercriminals linked to the various malware droppers and loaders disrupted as part of the Operation Endgame law enforcement operation. [...]BLEEPINGCOMPUTER.COM
31 May KEVCISA warns of actively exploited Linux privilege elevation flawThe U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, including a Linux kernel privilege elevation flaw. [...]BLEEPINGCOMPUTER.COM
31 MayHugging Face says it detected ‘unauthorized access’ to its AI model hosting platformLate Friday afternoon, a time window companies usually reserve for unflattering disclosures, AI startup Hugging Face said that its security team earlier this week detected “unauthorized access” to Spaces, Hugging Face’s platform for creating, sharing and hosting…TECHCRUNCH.COM
31 MayA Vulnerability in Check Point Security Gateways Could Allow for Credential AccessA vulnerability has been discovered in Check Point Security Gateway Products that could allow for credential access. A Check Point Security Gateway sits between an organization’s environment and the Internet to enforce policy and block threats and malware. Successful exploitation…CISECURITY.ORG
📢 SECURITY ADVISORIES 3[−]
31 MayIn Other News: Apple WPS Surveillance, Canadian Gov Wants Backdoors, NIST AI ProgramNoteworthy stories that might have slipped under the radar: Apple WPS can be abused for surveillance, Canadian government wants backdoors, NIST launches AI program. The post In Other News: Apple WPS Surveillance, Canadian Gov Wants Backdoors, NIST AI Program appeared first on Sec…SECURITYWEEK.COM
31 MayNew Logpoint CEO Mikkel Drucker Seeks Growth Via M&A, MSSPsSIEM Provider Focuses on Acquisitions, Partner Channels, European Union Compliance New Logpoint CEO Mikkel Drucker is leading the charge for profitable growth with a strategy centered on acquisitions, expanding partner channels and adhering to strict European Union compliance sta…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 18[−]
31 MayCops Swarm Global Cybercrime Botnet Infrastructure in 2 Massive Opssubmitted by 0nekoneko7 to securitynews 3 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/cops-swarm-global-botnet-cybercrime-infrastructure-in-two-massive-opsDARKREADING.COM
31 MayBeware of Fake Browser Updates That Deliver Bitrat & Lumma StealereSentire’s Threat Response Unit (TRU) uncovered a sophisticated malware campaign involving fake browser updates. This campaign has been responsible for delivering two dangerous malware variants:BitRAT and Lumma Stealer. The attackers use fake update mechanisms to trick user…GBHACKERS.COM
31 MayHackers Boast Ticketmaster Breach on Relaunched BreachForumsThe ShinyHunters hacking group has claimed the theft of 560 million Ticketmaster users’ data on a fresh BreachForums portal. The post Hackers Boast Ticketmaster Breach on Relaunched BreachForums appeared first on SecurityWeek .SECURITYWEEK.COM
31 May"K1w1" InfoStealer Uses gofile.io for Exfiltration, (Fri, May 31st)Python remains a nice language for attackers and I keep finding interesting scripts that are usually not very well detected by antivirus solutions. The one I found has a VT score of 7/65&#;x26;#;x21; (SHA256:a6230d4d00a9d8ecaf5133b02d9b61fe78283ac4826a…ISC.SANS.EDU
31 MayDDoS-as-a-Service Botnet Backed by Mirai Attacking Gaming CommunityDDoS-as-a-Service botnets are used by hackers to facilitate the most easily and cheaply launch of devastating distributed denial-of-service (DDoS) attacks. Purposely, these botnets are made up of hacked devices that can be rented or leased to cause service disruptions or outages …GBHACKERS.COM
31 MayMicrosoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT DevicesMicrosoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security postur…THEHACKERNEWS.COM
31 MayShinyHunters claims Santander breach, selling data for 30M customersA threat actor known as ShinyHunters is claiming to be selling a massive trove of Santander Bank data, including information for 30 million customers, employees, and bank account data, two weeks after the bank reported a data breach. [...]BLEEPINGCOMPUTER.COM
31 MaySnowflake account hacks linked to Santander, Ticketmaster breachesA threat actor claiming recent Santander and Ticketmaster breaches says they stole data after hacking into an employee's account at cloud storage company Snowflake. However, Snowflake disputes these claims, saying recent breaches were caused by poorly secured customer accounts. […BLEEPINGCOMPUTER.COM
31 May91% of Every Ransomware Attack Today Includes Exfiltrating Your DataNew insight into ransomware attacks show that cyber attacks are a top concern for organizations – with many not aware they were a victim until after the attack.KNOWBE4.COM
31 MayMysterious Cyber Attack Took Down 600,000+ Routers in the U.S.More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users' access to the internet. The mysterious event, which took place between Octobe…THEHACKERNEWS.COM
31 MaySenator Urges FTC, SEC to Investigate UHG's CyberattackAsks Agencies Not to 'Scapegoat' Firm's CISO, But to Hold CEO and Board Accountable U.S. Sen. Ron Wyden, D-Ore., is urging the U.S. Securities and Exchange Commission and the Federal Trade Commission to open investigations into the February cyberattack on UnitedHealth Group's Cha…DATABREACHTODAY.CO.UK
31 MayISMG Editors: Is SASE Living Up to the Hype in 2024?Also: Apple Wi-Fi Vulnerabilities; Cyberattack on Ascension Hospital In the latest weekly update, ISMG editors discussed the current state of Secure Access Service Edge solutions in 2024, vulnerabilities in Apple's Wi-Fi-based positioning system, and the patient safety questions …DATABREACHTODAY.CO.UK
31 MayHacked, leaked, exposed: Why you should never use stalkerware appsUsing stalkerware is creepy, unethical, potentially illegal, and puts your data and that of your loved ones in danger. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
31 MayStalkerware app pcTattletale announces it is ‘out of business’ after suffering data breach and website defacementUS spyware vendor pcTattletale has shut down its operations following a serious data breach that exposed sensitive information about its customers, as well as data stolen from some of their victims. pcTattletale was promoted as "employee and child monitoring software" designed to…BITDEFENDER.COM
31 MayLive Nation finally confirms massive Ticketmaster data breachLive Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. [...]BLEEPINGCOMPUTER.COM
31 MayLive Nation confirms Ticketmaster was hacked, says personal information stolen in data breachLive Nation says its Ticketmaster subsidiary was hacked. A hacker claims to be selling 560 million customer records. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
31 MayTicketmaster confirms massive breach after stolen data for sale onlineLive Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 21[−]
31 MayISC Stormcast For Friday, May 31st, 2024 https://isc.sans.edu/podcastdetail/9004, (Fri, May 31st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
31 MayGUEST ESSAY: Taking a systematic approach to achieving secured, ethical AI model developmentAI has the potential to revolutionize industries and improve lives, but only if we can trust it to operate securely and ethically. Related: The key to the GenAI revolution By prioritizing security and responsibility in AI development, we can harness … (more…) The post GUEST…LASTWATCHDOG.COM
31 MayVirusTotal Celebrates 20th Anniversary, What’s Next?VirusTotal, a leading online service for analyzing files and URLs for viruses, worms, trojans, and other malicious content, is celebrating its 20th anniversary. Since its inception in 2004, VirusTotal has become an indispensable tool for cybersecurity professionals and enthusiast…GBHACKERS.COM
31 MayOpenAI accuses Russia, China, Iran, and Israel of misusing its GenAI tools for covert OpsOpenAI said malicious actors from China, Russia, Iran, and Israel have been using its generative AI tools to run covert influence campaigns to manipulate public opinion, adding that the company successfully exposed and shut down five such operations over the last three months. Th…CSOONLINE.COM
31 MayRussian Hackers Target Europe with HeadLace Malware and Credential HarvestingThe Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. APT28, also known by the names BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Tw…THEHACKERNEWS.COM
31 MayInformation of Hundreds of European Politicians Found on Dark WebThe email addresses and other information of hundreds of British, French and EU politicians have been found on the dark web. The post Information of Hundreds of European Politicians Found on Dark Web appeared first on SecurityWeek .SECURITYWEEK.COM
31 MayMysterious Threat Actor Used Chalubo Malware to Brick 600,000 RoutersOver 600,000 SOHO routers belonging to a single ISP and infected with the Chalubo trojan were rendered inoperable. The post Mysterious Threat Actor Used Chalubo Malware to Brick 600,000 Routers appeared first on SecurityWeek .SECURITYWEEK.COM
31 MayOpenAI’s Altman Sidesteps Questions About Governance, Johansson at UN AI SummitAltman spent part of his virtual appearance fending off thorny questions about governance, an AI voice controversy and criticism from ousted board members. The post OpenAI’s Altman Sidesteps Questions About Governance, Johansson at UN AI Summit appeared first on SecurityWeek .SECURITYWEEK.COM
31 MayYour KnowBe4 Fresh Content Updates from May 2024Check out the 60 new pieces of training content added in May, alongside the always fresh content update highlights, events and new features.KNOWBE4.COM
31 MayLilacSquid Hackers Attacking IT Industries To Harvest Confidential DataHackers target IT industries as they hold valuable data, possess critical infrastructure, and often have access to sensitive information from various sectors. Compromising IT companies can provide hackers with high-impact opportunities for espionage, financial gain, and dis…GBHACKERS.COM
31 MayOff-Topic Fridaysubmitted by shellsharks to cybersecurity 3 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
31 MayNSA Warns iPhone And Android Users To Turn It Off And On Againsubmitted by Renn to cybersecurity 4 points | 2 comments https://www.forbes.com/sites/daveywinder/2024/05/30/nsa-warns-iphone--android-users-to-turn-it-off-and-on-again/FORBES.COM
31 MaySecuring Backups - SWN VaultCheck out this episode from the Secure Digital Life Vault, hand picked by main host Doug White! This segment was originally published on June 14, 2017. Doug and Russ talk about different types of backups, how they work and out-of-band strategies. Visit https://www.securityweekly.…YOUTUBE.COM
31 MayRussia and China are using OpenAI tools to spread disinformationsubmitted by Alphane_Moon to cybersecurity 0 points | 1 comments https://arstechnica.com/ai/2024/05/russia-and-china-are-using-openai-tools-to-spread-disinformation/ARSTECHNICA.COM
31 MayFirst-Party Fraud's Big Comeback in Banking and LendingFraud Experts Share Challenges and Solutions for Managing Customer-Driven Losses Banks lose tens of billions of dollars every year to credit card fraud, bad checks and intentional loan defaults, but the main culprits are not third-party scammers. Most of these crimes are being co…DATABREACHTODAY.CO.UK
31 MayThe Hard Evidence That Phishing Training and Testing Really WorksBy Roger Grimes. Security awareness training (SAT) and simulated phishing works to significantly reduce cybersecurity risk. We have the data, customer testimonials, and government recommendations to prove it.KNOWBE4.COM
31 MayHacker Sells Apparent Santander Bank Customer DataShinyHunters Advertises Data Set of '30 Million Customers' for $2 Million A hacker is selling the purported data of 30 million customers of Spanish multinational bank Santander for $2 million on a criminal online forum the FBI recently attempted to shut down. Sample data posted o…DATABREACHTODAY.CO.UK
31 MayFriday Squid Blogging: Baby Colossal SquidThis video might be a juvenile colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here .SCHNEIER.COM
31 MayOpenAI Disrupts AI-Deployed Influence OperationsLow-Impact Disinformation Campaigns Based in Russia, China, Iran, Israel OpenAI said it disrupted covert influence operations including from China and Russia that attempted to use its artificial intelligence services to manipulate public opinion. The operations do not appear to h…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 3[−]
31 MayCyber Centre publishes report on cyber threats to major international sporting eventsCANADA.CA
31 MayWhat's in Biden's Security Memo for the Healthcare Sector?A recent White House memo on bolstering the security and resiliency of critical infrastructure sectors calls for comprehensive mapping and risk assessment of all critical components and interdependencies within the healthcare ecosystem, said Greg Garcia of the Healthcare Sector C…DATABREACHTODAY.CO.UK
📡 INFOSEC NEWS 9[−]
31 MayHow AI Will Change DemocracyI don’t think it’s an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn’t …SCHNEIER.COM
31 MayBeyond Threat Detection – A Race to Digital SecurityDigital content is a double-edged sword, providing vast benefits while simultaneously posing significant threats to organizations across the globe. The sharing of digital content has increased significantly in recent years, mainly via email, digital documents, and chat. In turn, …THEHACKERNEWS.COM
31 MayHow to sell your TV without losing your shirt (and banking data) | Kaspersky official blogWe talk about a scam targeting sellers on message boards.KASPERSKY.COM
31 MayHackers steal $305 million from DMM Bitcoin crypto exchangeJapanese crypto exchange DMM Bitcoin confirmed on Friday that it had been victim of a hack resulting in the theft of 4,502.9 bitcoin, or about $305 million. According to crypto security firm Elliptic, this is the eighth largest crypto theft in history. DMM Bitcoin sai…TECHCRUNCH.COM
31 MayCyber Security Today Week in Review for week ending May 31, 2024This week guest Terry Cutler of Cyology Labs and I discuss the controversy around Microsoft's new Recall feature, lessons learned from the MITRE hack, and moreCYBERSECURITYTODAY.LIBSYN.COM
31 MayDMM Bitcoin warns that hackers stole $300 million in BitcoinJapanese bitcoin exchange DMM Bitcoin is warning that 4,502.9 Bitcoin (BTC), or approximately $308 million (48.2 billion yen), has been stolen from one of its wallets today, making it the most significant cryptocurrency heist of 2024. [...]BLEEPINGCOMPUTER.COM
31 MayWhat happens when facial recognition gets it wrong – Week in security with Tony AnscombeA woman in London has been misidentified as a shoplifter by a facial recognition system amid fresh concerns over the technology's accuracy and reliabilityWELIVESECURITY.COM