84Articles
8Categories
2024-06-03Date
🚨 CISA KEV 1[−]
3 Jun KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2017-3506 Oracle WebLogic Server OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious c…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
3 JunCritical wpDataTables Vulnerability Let Attackers Perform SQL InjectionA critical security vulnerability has been discovered in the wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin, a popular plugin used by WordPress websites to create dynamic tables and charts. The vulnerability, CVE-2024-3820, allows attackers to perfo…GBHACKERS.COM
3 JunChromium: CVE-2024-5498 Use after free in Presentation APIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
3 JunChromium: CVE-2024-5497 Out of bounds memory access in Keyboard InputsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
3 JunChromium: CVE-2024-5499 Out of bounds write in Streams APIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
3 JunChromium: CVE-2024-5495 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
3 JunChromium: CVE-2024-5496 Use after free in Media SessionThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
3 JunChromium: CVE-2024-5494 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
3 JunChromium: CVE-2024-5493 Heap buffer overflow in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 20[−]
3 JunWhat are non-human identities and why do they matter?Identity and access management (IAM) is so critical to cybersecurity that it has generated such universal axioms as “identity is the new perimeter” or “hackers don’t hack in, they log in” to underscore its importance. That’s not surprising when reputable sources such as the Veriz…CSOONLINE.COM
3 JunMicrosoft: The brand attackers love to imitateCybercriminals are increasingly imitating well-known brands as a means for infiltrating corporate networks and stealing sensitive data, according to recent research from Cisco Talos Intelligence . This attack vector sees cybercriminals exploiting trust in well-known brands on soc…CSOONLINE.COM
3 Jun8220 Gang Exploiting Oracle WebLogic Server Flaw To Deploy CryptominerThe Oracle WebLogic Server vulnerabilities enable hackers to access unauthorized systems that are used for business data and applications.  This can enable threat actors to bring in external programs and complete system control, consequently assuming admin privileges. The en…GBHACKERS.COM
3 JunFlyingYeti targets Ukraine using WinRAR exploit to drop Malwaresubmitted by kid to cybersecurity 3 points | 0 comments https://securityaffairs.com/164017/hacking/flyingyeti-targets-ukraine.htmlSECURITYAFFAIRS.COM
3 JunAfter Snowflake, Hugging Face reports security breachHugging Face, a platform for building AI and ML models, has warned users of a breach that could expose access authentication secrets on Spaces, a community repository for AI projects. “Earlier this week our team detected unauthorized access to our Spaces platform, specifically re…CSOONLINE.COM
3 JunPoC Published for Exploited Check Point VPN VulnerabilityPoC code targeting a recent Check Point VPN zero-day has been released as Censys identifies 14,000 internet-accessible appliances. The post PoC Published for Exploited Check Point VPN Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunCarnavalHeist Weaponizing Word Documents To Steal Login CredentialsHackers take advantage of Word documents as weapons due to their widespread use and trust. This is facilitated by the ease with which users can be deceived into opening them.  These documents may have macros or exploits that are dangerous when activated to run malicious code…GBHACKERS.COM
3 JunImproved Guidance for Azure Network Service TagsSummary Microsoft Security Response Center (MSRC) was notified in January 2024 by our industry partner, Tenable Inc., about the potential for cross-tenant access to web resources using the service tags feature. Microsoft acknowledged that Tenable provided a valuable contribution …MSRC.MICROSOFT.COM
3 JunIdentities of Cybercriminals Linked to Malware Loaders RevealedLaw enforcement reveals the identities of eight cybercriminals linked to recently disrupted malware loaders. The post Identities of Cybercriminals Linked to Malware Loaders Revealed appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunAuthorities Ramp Up Efforts to Capture the Mastermind Behind EmotetLaw enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allegedly the mastermind behind the Emotet malware.  Odd is also said to go by the nicknames Aron, C700, Cbd748, Ivanov Odd, Mors, Morse, Ver…THEHACKERNEWS.COM
3 JunThe growing dichotomy of AI-powered code in cloud-native securityAI-generated code promises to reshape cloud-native application development practices, offering unparalleled efficiency gains and fostering innovation at unprecedented levels. However, amidst the allure of newfound technology lies a profound duality—the stark contrast between the …CSOONLINE.COM
3 JunExploit for critical Progress Telerik auth bypass released, patch nowResearchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers. [...]BLEEPINGCOMPUTER.COM
3 JunAzure Service Tags tagged as security risk, Microsoft disagrees​Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers' private data. [...]BLEEPINGCOMPUTER.COM
3 JunLive Nation SEC filing confirms “unauthorized activity” in wake of alleged Ticketmaster hackFollowing a cybercrime group’s claims that it stole data from 560 million Ticketmaster customers , the ticket sales and distribution firm’s parent company told the US Securities and Exchange Commission (SEC) on Friday that it had identified unauthorized activity with a cloud part…CSOONLINE.COM
3 JunHarnessing the Power of Data and AI & The Evolving Role of the CISO - James Doggett, S... - BSW #352Semperis CISO Jim Doggett shares insights into the evolving role of the CISO. The daily onslaught of cyberattacks not only increases business risk, but also puts a company’s most important data at risk – data on the company, its employees, customers, and partners. Now, more than …YOUTUBE.COM
3 JunTelegram Combolists and 361M Email AddressesPresently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device. Last week, a security researcher sent me 122GB of data scraped out of thousands of Telegram channels. It contained 1.7k files with 2B lines and 361M unique email addr…TROYHUNT.COM
3 JunTelegram Combolists - 361,468,099 breached accountsIn May 2024, 2B rows of data with 361M unique email addresses were collated from malicious Telegram channels . The data contained 122GB across 1.7k files with email addresses, usernames, passwords and in many cases, the website they were entered into. The data appears to have bee…HAVEIBEENPWNED.COM
3 JunCox fixed an API auth bypass exposing millions of modems to attacks​Cox Communications has fixed an authorization bypass vulnerability that enabled remote attackers to abuse exposed backend APIs to reset millions of modems' settings and steal customers' sensitive personal information. [...]BLEEPINGCOMPUTER.COM
3 JunHope is Not a Security plan, & Neither is Ignoring the Risk—Invest in a Security SolutionThe kaleidoscopic nature of the digital era means more dynamics are constantly being added to the cyber landscape. As an AI-embracing cohort, people are not exempt from these changes and have been taken to like. What are we, if not versatile? The digital evolutionary leap has hel…GBHACKERS.COM
3 JunTelegram Combolists - 361,468,099 breached accountsIn May 2024, 2B rows of data with 361M unique email addresses were collated from malicious Telegram channels . The data contained 122GB across 1.7k files with email addresses, usernames, passwords and in many cases, the website they were entered into. The data appears to have bee…HAVEIBEENPWNED.COM
📢 SECURITY ADVISORIES 11[−]
3 JunYour KnowBe4 Compliance Plus Fresh Content Updates from May 2024Check out the May updates in Compliance Plus so you can stay on top of featured compliance training content.KNOWBE4.COM
3 JunSnowflake Recommends Customers Take Steps to Prevent Unauthorized AccessOn June 2, Snowflake indicated a recent increase in cyber threat activity targeting customer accounts on its cloud data platform. Snowflake issued a recommendation for users to query for unusual activity and conduct further analysis to prevent unauthorized user access.   Use…CISA.GOV
3 JunUS Senate finance chair slams Change Healthcare for ‘negligence’ in ransomware attackA US Senate committee chair is urging the administration of President Joe Biden to hold UnitedHealth Group (UHG) accountable for negligent cybersecurity practices in a ransomware attack against subsidiary Change Healthcare that disrupted medical payment and claims processing acro…CSOONLINE.COM
3 JunEmotional Intelligence for Cyber Leaders - Jessica Hoffman - BSW #352Since the 1995 publication of Daniel Goleman’s international bestseller Emotional Intelligence, Why It Can Matter More Than IQ, a global movement has developed to bring “EQ” into practice in businesses, schools, and communities around the globe. But what is its impact on Cybersec…YOUTUBE.COM
🔥 INCIDENT REPORTING 13[−]
3 JunThreat Actors Claiming Breach Of Heineken Employees DataThreat actors have claimed responsibility for a data breach involving Heineken employees. The news broke through a post on the social media platform tweeted by the account DarkWebInformer, which specializes in monitoring and reporting on dark web activities. Details of the Breach…GBHACKERS.COM
3 JunCyber Security Today, June 3, 2024 - Four cloud-related data breachesThis episode reports on confirmation of cyber attacks on Ticketmaster, Santander bank, a Canadian broadcaster, and moreCYBERSECURITYTODAY.LIBSYN.COM
3 JunHugging Face Hack: Spaces Secrets ExposedHugging Face, a leading AI and machine learning platform, has reported unauthorized access to its Spaces platform, explicitly targeting Spaces secrets. This breach has raised concerns about the security of sensitive information and the potential impact on users. Unauthorized Acce…GBHACKERS.COM
3 JunResearcher Uncovers Flaws in Cox Modems, Potentially Impacting MillionsNow-patched authorization bypass issues impacting Cox modems that could have been abused as a starting point to gain unauthorized access to the devices and run malicious commands. "This series of vulnerabilities demonstrated a way in which a fully external attacker with no prereq…THEHACKERNEWS.COM
3 JunSnowflake Data Breach Impacts Ticketmaster, Other OrganizationsTicketmaster and other organizations have been affected by a data breach at cloud AI data platform Snowflake. The post Snowflake Data Breach Impacts Ticketmaster, Other Organizations appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunTicketmaster Confirms Breach Potentially Impacting 560 Million Userssubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/ticketmaster-confirms-breach-560/INFOSECURITY-MAGAZINE.COM
3 JunResearchers Uncover RAT-Dropping npm Package Targeting Gulp UsersCybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan (RAT) on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masqueradin…THEHACKERNEWS.COM
3 JunRussia’s Military Intelligence Service Launches Spear Phishing AttacksResearchers at Recorded Future warn that BlueDelta, a threat actor tied to Russia’s GRU, is launching spear phishing attacks against European defense and transportation entities.KNOWBE4.COM
3 Jun361 million stolen accounts leaked on Telegram added to HIBPA massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been co…BLEEPINGCOMPUTER.COM
3 JunLawmakers Urge Pentagon to Diversify Cybersecurity VendorsConcerns Grow Over Department of Defense Plans to Invest More in Microsoft Products A bipartisan pair of senators sent a letter to the Department of Defense expressing "serious concern" after a draft memo stated that all department components must further invest in and implement …DATABREACHTODAY.CO.UK
3 JunFeds Say Change Healthcare Can Handle Breach NotificationHHS OCR Advises HIPAA-Covered Entities to Coordinate Notification Duties With UHG Tens of thousands of hospitals and medical practices can breathe a little easier now. Federal regulators have given the green light for Change Healthcare to handle the breach notification to tens of…DATABREACHTODAY.CO.UK
3 JunCollection agency FBCS ups data breach tally to 3.2 million peopleDebt collection agency Financial Business and Consumer Solutions (FBCS) now says over 3.2 million people have been impacted by a data breach that occurred in February. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 18[−]
3 JunISC Stormcast For Monday, June 3rd, 2024 https://isc.sans.edu/podcastdetail/9006, (Mon, Jun 3rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
3 JunSecrets Exposed in Hugging Face HackAI tool development platform Hugging Face has detected a Spaces hack that resulted in the exposure of secrets. The post Secrets Exposed in Hugging Face Hack appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunAndariel Hackers Target South Korean Institutes with New Dora RAT MalwareThe North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. "Keylogger, Infostealer, and proxy tools on …THEHACKERNEWS.COM
3 JunSeeing Like a Data StructureTechnology was once simply a tool—and a small one at that—used to amplify human intent and capacity . That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, t…SCHNEIER.COM
3 JunA Wireshark Lua Dissector for Fixed Field Length Protocols, (Mon, Jun 3rd)I developed a Wireshark dissector in Lua to parse binary protocols (over TCP) that are composed of fields with fixed lengths. I got this idea while taking a SANS ICS training: for protocol reversing, it would be useful to have a dissector where I can configure the fields (length,…ISC.SANS.EDU
3 JunSASE Threat Report: 8 Key Findings for Enterprise SecurityThreat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cyber…THEHACKERNEWS.COM
3 JunLack of skills and budget slow zero-trust implementationsubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2024/05/31/zero-trust-implementation-driver-for-organizations/HELPNETSECURITY.COM
3 JunDDoS-as-a-Service: The Rebirth Botnetsubmitted by kid to cybersecurity 1 points | 0 comments https://sysdig.com/blog/ddos-as-a-service-the-rebirth-botnet/SYSDIG.COM
3 JunRSAC Fireside Chat: NightVision shines a light on software vulnerabilities, speeds up remediationWhen Log4J came to light in 2021, Kinnaird McQuade , then a security engineer at Square , drew the assignment of testing endpoints at some 5,000 users of the popular mobile payments service. Related: The big lesson from Log4J “It … (more…) The post RSAC Fireside Chat: Night…LASTWATCHDOG.COM
3 JunMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
3 JunForrester Names Palo Alto Networks a Leader in XDRPalo Alto Networks was named a leader in extended detection and response platforms by Forrester for Cortex XDR. The post Forrester Names Palo Alto Networks a Leader in XDR appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
3 JunNew Transparent Phishing Attacks Leverage Cloudflare Worker Serverless ComputingAn increasing number of phishing campaigns from several threat groups are being tracked as they leverage legitimate Cloudflare services as part of account compromise attacks.KNOWBE4.COM
3 JunSnowflake Clients Targeted With Credential AttacksCompany Says Single-Factor Authentication Accounts Are to Blame - Not a Flaw Hackers are targeting clients of artificial intelligence data platform provider Snowflake that lack multifactor authentication, the company warns. Threat actors are compromising organizations’ Snowflake …DATABREACHTODAY.CO.UK
3 JunAI in Elections: Manipulating Voters With Easy Voice Cloning6 Popular AI Tools Contain Guardrails Insufficient to Prevent Misuse: Study Anyone can use easily accessible artificial intelligence tools to create convincing audio deepfakes, according to a Center for Countering Digital Hate study that says the voices of politicians such as Don…DATABREACHTODAY.CO.UK
3 JunScaling Threat Intel, Consulting: Mandiant's Way With GoogleMandiant's Sandra Joyce, Jurgen Kutscher Talk Post-Acquisition Growth, Innovations Sandra Joyce and Jurgen Kutscher highlight the significant advancements in Mandiant's threat intelligence and consulting services following Google's September 2022 acquisition, emphasizing improved…DATABREACHTODAY.CO.UK
3 JunMicrosoft is again named the overall leader in the Forrester Wave for XDR​Microsoft has been named a leader in The Forrester Wave™: Extended Detection and Response (XDR) platforms, Q2, 2024, and received the highest scores in both strategy and current offering categories, as well as in the market presence category. The post Microsoft is again named th…MICROSOFT.COM
3 JunMicrosoft is named a leader in the Forrester Wave for XDR​Microsoft has been named a leader in The Forrester Wave™: Extended Detection and Response (XDR) platforms, Q2, 2024, and received the highest scores in both strategy and current offering categories, as well as in the market presence category. The post Microsoft is named a leader…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
3 JunBeware: Fake Browser Updates Deliver BitRAT and Lumma Stealer MalwareFake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholis…THEHACKERNEWS.COM
📡 INFOSEC NEWS 11[−]
3 JunAI Will Increase the Quantity—and Quality—of Phishing ScamsA piece I coauthored with Fredrik Heiding and Arun Vishwanath in the Harvard Business Review : Summary. Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to art…SCHNEIER.COM
3 JunSecrets Exposed In Hugging Face AttackPACKETSTORMSECURITY.COM
3 JunIt's Time to Up-Level Your EDR SolutionYou may have EDR, but did you know you can add threat detection and response to improve a SecOps team’s efficiency and outcomes - read more.TRENDMICRO.COM
3 JunVerizon users report blurry photos in Android messaging appsVerizon customers using Android phones report that they receive blurry images through text messages on different services and apps, with no response from Verizon as to why. [...]BLEEPINGCOMPUTER.COM
3 JunFake tech support scams: what they are and how to stay safe | Kaspersky official blogHow the most prevalent fake tech-support scams work, and how to protect yourselfKASPERSKY.COM
3 JunData firm execs convicted for helping fraudsters target the elderlyA former senior executive and former sales manager of Epsilon Data Management LLC (Epsilon) were convicted of selling data of millions of Americans to perpetrators of mail fraud schemes. [...]BLEEPINGCOMPUTER.COM
3 JunMicrosoft India’s X account hijacked in Roaring Kitty crypto scamThe official Microsoft India account on Twitter, with over 211,000 followers, was hijacked by cryptocurrency scammers to impersonate Roaring Kitty, the handle used by notorious meme stock trader Keith Gill. [...]BLEEPINGCOMPUTER.COM
3 JunGuide to Better Extended Threat Detection and Response (XDR)Discover how XDR can enhance threat detection and response to improve a SecOps team’s efficiency and outcomes.TRENDMICRO.COM
3 JunThe murky world of password leaks – and how to check if you’ve been hitPassword leaks are increasingly common and figuring out whether the keys to your own kingdom have been exposed might be tricky – unless you know where to lookWELIVESECURITY.COM