🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
10 JunSolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)submitted by kid to cybersecurity 2 points | 0 comments https://www.helpnetsecurity.com/2024/06/07/cve-2024-28995/HELPNETSECURITY.COM
10 JunPoc Exploit Released For Veeam Authentication Bypass VulnerabilityA proof-of-concept (PoC) exploit has been released for a critical authentication bypass vulnerability in Veeam Backup Enterprise Manager. The vulnerability, identified as CVE-2024-29849, has a CVSS score of 9.8, indicating its high severity. This article delves into the details o…GBHACKERS.COM
10 JunPHP Patches Critical Remote Code Execution VulnerabilityPHP has released patches for CVE-2024-4577, a critical vulnerability that could lead to arbitrary code execution on remote servers. The post PHP Patches Critical Remote Code Execution Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunExploit for critical Veeam auth bypass available, patch nowA proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates. [...]BLEEPINGCOMPUTER.COM
10 JunCritical PyTorch flaw puts sensitive AI data at riskPopular machine learning framework PyTorch fixed a critical vulnerability that could allow attackers to execute arbitrary commands on master nodes, potentially leading to theft of sensitive AI-related data. The vulnerability, tracked as CVE-2024-5480, was reported through Huntr.c…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 20[−]
10 JunSleuthcon: Cybercrime emerges in Morocco and law enforcement gets creativeAt this year’s Sleuthcon , cybersecurity professionals and law enforcement officials provided insights into various malicious actors driving the ongoing surge in cybercrime and offered glimpses into solutions that can thwart the rising tide of attackers. Based on the range of tal…CSOONLINE.COM
10 JunAI system poisoning is a growing threat — is your security regime ready?Consulting firm Protiviti recently worked with a client company experiencing an unusual attack: a hacker trying to manipulate the data being fed into one of the company’s AI systems. Company leaders are still unraveling the attack, but Protiviti managing director John Stevenson s…CSOONLINE.COM
10 JunSticky Werewolf Expands Cyber Attack Targets in Russia and BelarusCybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks targeting entities in Russia and Belarus. The phishing attacks were aimed at a pharmaceutical company, a Russian research institute dealing with micro…THEHACKERNEWS.COM
10 JunDuckduckgo Launches Anonymous AI ChatbotsDuckDuckGo has unveiled a new feature, AI Chat, which offers users an anonymous way to access popular AI chatbots. This innovative service includes models like OpenAI’s GPT 3.5 Turbo, Anthropic’s Claude 3 Haiku, and two open-source models, Meta Llama 3 and MistralR…GBHACKERS.COM
10 JunWhen two-factor authentication is useless | Kaspersky official blogScammers have learned how to intercept one-time passwords using phishing kits and OTP bots in Telegram.KASPERSKY.COM
10 JunExploiting Mistyped URLsInteresting research: “ Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains “: Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By di…SCHNEIER.COM
10 JunAzure Service Tags Vulnerability: Microsoft Warns of Potential Abuse by HackersMicrosoft is warning about the potential abuse of Azure Service Tags by malicious actors to forge requests from a trusted service and get around firewall rules, thereby allowing them to gain unauthorized access to cloud resources. "This case does highlight an inherent risk in usi…THEHACKERNEWS.COM
10 JunNew York Times Responds to Source Code LeakThe New York Times has issued a statement after someone leaked source code allegedly belonging to the news giant. The post New York Times Responds to Source Code Leak appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunCritical PyTorch Vulnerability Can Lead to Sensitive AI Data TheftA critical vulnerability in the PyTorch distributed RPC framework could be exploited for remote code execution. The post Critical PyTorch Vulnerability Can Lead to Sensitive AI Data Theft appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunUK and Canada privacy watchdogs investigating 23andMe data breachPrivacy watchdogs in the U.K. and Canada have launched a joint investigation into the data breach at 23andMe last year. On Monday, the U.K,’s Information Commissioner’s Office (ICO) and the Office of the Privacy Commissioner of Canada (OPC) announced their investigati…TECHCRUNCH.COM
10 JunMore_eggs Malware Disguised as Resumes Targets Recruiters in Phishing AttackCybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry…THEHACKERNEWS.COM
10 JunGoogle Search Result Link Hover (Edge/Chrome)submitted by stevedidwhat_infosec to cybersecurity 2 points | 0 comments Hey all! While investigating some malvertising campaigns today, I noticed that one of the sponsored google search results, upon hovering, appeared to be changing/resolving through rather than simply showing …INFOSEC.PUB
10 JunNew York Times plays down impact of source code leakInternal source code from The New York Times (NYT) has been leaked online following a breach on the newspaper’s GitHub repository. Links to a torrent purportedly carrying a 273GB archive of source code from the NYT were posted on notorious internet message board 4chan last week. …CSOONLINE.COM
10 JunCyber incident forces Cleveland to shut down city hallsubmitted by Alphane_Moon to cybersecurity 3 points | 0 comments https://therecord.media/cyber-incident-cleveland-city-hall-shutdownTHERECORD.MEDIA
10 JunDeep Learning to Combat AI Threats & Disrupting the Browser Security Market - Carl Fro... - BSW #353The recent rise in adversarial AI has made it clear: organizations must fight AI with better AI. Gone are the days of relying on legacy, antiquated endpoint detection and response offerings, or cybersecurity tools that are based on ineffective machine learning models. In this int…YOUTUBE.COM
10 JunSnowflake: No breach, just compromised credentials, say researchersMost Snowflake customers can heave a sigh of relief: The cloud data platform’s systems do not appear to have been compromised, cybersecurity researchers at Mandiant reported Monday. But they may have to make changes to how they authenticate to Snowflake all the same, as company i…CSOONLINE.COM
10 JunNo Snow, No Flakes: Pondering Cloud Security Shared Responsibility, Again!Disclaimer : this blog is very obviously inspired by current events, but it is absolutely not about those events. Meoooow! Lawyercats, stay away! No mice here. Dall-E via Copilot Lawyer Cat, Steampunk Vibe So, I hear there was some kinda incident and so Mandiant is investigating,…MEDIUM.COM
10 Jun KEVArm warns of actively exploited flaw in Mali GPU kernel driversArm has issued a security bulletin warning of a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers that is being exploited in the wild. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 5[−]
🔥 INCIDENT REPORTING 12[−]
10 JunALPHV Ransomware Deployment Started With RDP Access And ScreenConnect InstallationsRansomware is used by hackers to abuse victims’ data, locking it until a ransom is paid. This method of cyber attack is profitable as it takes advantage of data’s proximity and vitality to individuals and companies, so they have no choice but to pay for quick returns.…GBHACKERS.COM
10 JunChristie’s Says Ransomware Attack Impacts 45,000 PeopleAuction house Christie's says the data breach caused by the recent ransomware attack impacts the information of 45,000 individuals. The post Christie’s Says Ransomware Attack Impacts 45,000 People appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunLondon Hospitals Seek Biologics Backup After Ransomware HitUrgent Appeal Issued for O Type Blood; Attack Disrupts Patient Blood Type Matching The ransomware attack on a U.K. pathology services vendor has disrupted multiple London hospitals' ability to match patients' blood with available stocks. Lacking an IT system-level plan B, officia…DATABREACHTODAY.CO.UK
10 JunUrgent call for O-type blood donations following London hospitals ransomware attacksubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://therecord.media/london-hospitals-ransomware-urgent-call-blood-donations-otypeTHERECORD.MEDIA
10 JunUnit 42 — A Leader in The Forrester Wave for Cybersecurity Incident ResponsePalo Alto Networks Named a Leader in the Forrester WaveTM for Cybersecurity Incident Response Services. The post Unit 42 — A Leader in The Forrester Wave for Cybersecurity Incident Response appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
10 Jun23andMe data breach under investigation in UK and CanadaPrivacy authorities in Canada and the United Kingdom have launched a joint investigation to assess the scope of sensitive customer information exposed in last year's 23andMe data breach. [...]BLEEPINGCOMPUTER.COM
10 JunLondon hospitals face blood shortage after Synnovis ransomware attackEngland's NHS Blood and Transplant (NHSBT) has issued an urgent call to O Positive and O Negative blood donors to book appointments and donate after last week's cyberattack on pathology provider Synnovis impacted multiple hospitals in London. [...]BLEEPINGCOMPUTER.COM
10 JunSnowflake Attacks: Mandiant Links Data Breaches to Infostealer InfectionsMandiant says it has no evidence to suggest that unauthorized access to Snowflake customer accounts stemmed from a breach of Snowflake's enterprise environment. The post Snowflake Attacks: Mandiant Links Data Breaches to Infostealer Infections appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunCylance confirms data breach linked to 'third-party' platformCybersecurity company Cylance confirmed the legitimacy of data being sold on a hacking forum, stating that it is old data stolen from a "third-party platform." [...]BLEEPINGCOMPUTER.COM
10 JunLawmakers: UHG Violating HIPAA Breach Notification RuleBipartisan U.S. Senators Demand Change Healthcare Breach Notification by June 21 Two U.S. senators are demanding UnitedHealth Group report a HIPAA breach and notify affected individuals no later than June 21, alleging the company is already violating HIPAA by dragging out the not…DATABREACHTODAY.CO.UK
10 JunGitloker attacks abuse GitHub notifications to push malicious oAuth appsThreat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 22[−]
10 JunISC Stormcast For Monday, June 10th, 2024 https://isc.sans.edu/podcastdetail/9016, (Mon, Jun 10th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
10 JunBeware of Fake KMSPico Activators that Deliver Vidar Stealer MalwareResearchers detected an attack involving a fake KMSPico activator tool, which delivered Vidar Stealer through several events. The attack leveraged Java dependencies and a malicious AutoIt script to disable Windows Defender and decrypt the Vidar payload via the shellcode. The user…GBHACKERS.COM
10 JunRSAC Fireside Chat: Jscrambler levels-up JavaScript security, slows GenAI-fueled privacy lossCould we be on the verge of Privacy Destruction 2.0, thanks to GenAI? Related: Next-level browser security That’s a question that spilled out of a thought-provoking conversation I had with Pedro Fortuna , co-founder and CTO of Jscrambler , at … (more…) The post RSAC Firesid…LASTWATCHDOG.COM
10 JunCisco Finds 15 Vulnerabilities in AutomationDirect PLCsCisco Talos researchers have found over a dozen vulnerabilities in AutomationDirect PLCs, including flaws that could be valuable to attackers. The post Cisco Finds 15 Vulnerabilities in AutomationDirect PLCs appeared first on SecurityWeek .SECURITYWEEK.COM
10 Jun22 Chinese Nationals Sentenced to Long Prison Terms in Zambia for Multinational CybercrimesA Zambian court has sentenced 22 Chinese nationals to long prison terms for cybercrimes that included internet fraud and online scams targeting Zambians and other people. The post 22 Chinese Nationals Sentenced to Long Prison Terms in Zambia for Multinational Cybercrimes appeared…SECURITYWEEK.COM
10 JunEverything You Can Do to Fight Social Engineering and PhishingSocial engineering and phishing are not just IT buzzwords; they are potent threats capable of devastating damage to your organization.KNOWBE4.COM
10 Jun[New Feature] Find Out if They've Got a Bad Reputation in Record Time with PhishER Plus Threat IntelThe PhishER Plus platform just got smarter with the addition of the new PhishER Plus Threat Intel feature that integrates web reputation data into the PhishER Plus console.KNOWBE4.COM
10 JunNew Agent Tesla Campaign Targeting Spanish-Speaking Peoplesubmitted by kid to cybersecurity 3 points | 0 comments https://www.fortinet.com/blog/threat-research/new-agent-tesla-campaign-targeting-spanish-speaking-peopleFORTINET.COM
10 JunNvidia Patches High-Severity GPU Driver VulnerabilitiesNvidia patches multiple high-severity vulnerabilities in GPU display drivers and virtual GPU software. The post Nvidia Patches High-Severity GPU Driver Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
10 JunFree Android VPNs Suffering Encryption Failures, New ReportVPN apps for Android increase privacy and security over the internet since connection data is encrypted, consequently making it impossible for hackers or other parties to access communication data. They also help unblock region-restricted content through IP address hiding, …GBHACKERS.COM
10 JunCriminal IP Unveils Innovative Fraud Detection Data Products on Snowflake MarketplaceAI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced that it has started selling its paid threat detection data from its CTI search engine ‘Criminal IP‘ on the Snowflake Marketplace. Criminal IP is committed to offering advanced cybersecurity sol…GBHACKERS.COM
10 JunFortinet Expands Cloud Security Portfolio with Lacework AcquisitionFortinet announces plans to acquire Lacework, a late-stage cloud security startup that was once listed as a “unicorn” company valued north of $1 billion. The post Fortinet Expands Cloud Security Portfolio with Lacework Acquisition appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunNews Alert: Criminal IP unveils innovative fraud detection data products on Snowflake MarketplaceTorrance, Calif., June 10, 2024, CyberNewsWire — AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced that it has started selling its paid threat detection data from its CTI search engine ‘ Criminal IP ‘ on the Snowflake … (more…) The…LASTWATCHDOG.COM
10 JunMicrosoft Now Promises Extra Security for AI-Driven RecallConcerns Remain Over Screenshot-Capture Feature and Microsoft's Security Practices How in the world has Microsoft's leadership managed to get the debut of its forthcoming Recall feature for Windows so wrong on the security and privacy fronts? In the face of serious concerns, Redm…DATABREACHTODAY.CO.UK
10 JunFortinet Acquires Unicorn Lacework to Enhance Cloud SecurityDeal Integrates Lacework's CNAPP into Fortinet's Security Fabric and SASE Platform Fortinet plans to purchase trouble late-stage startup Lacework to integrate its AI-driven cloud native application protection platform into the Fortinet Security Fabric. The deal enhances Fortinet'…DATABREACHTODAY.CO.UK
10 JunSnowflake Hacking Spree Puts At Risk 165 OrganizationsAn investigation into infostealer-driven attacks on Snowflake customers shows that approximately 165 clients potentially had data stolen by financially-motivated hackers, says cyber threat intel firm Mandiant. It attributed the attacks to a cluster of threat activity that it now …DATABREACHTODAY.CO.UK
10 JunPsychological Strategies for Bridging the IT-OT DivideIlionx's Trish McGill on Tackling Geopolitical Risks and Human Barriers Security leaders face significant challenges in securing OT environments, especially with increasing geopolitical disruptions and psychological barriers. Trish McGill, IT and OT cybersecurity expert at Ilionx…DATABREACHTODAY.CO.UK
10 JunMicrosoft, Google Offering Cyber Help to Rural HospitalsVendors' Free, Discounted Services Part of Biden's Health Sector Cyber Initiative Google and Microsoft have agreed to provide free or highly discounted cyber assistance to rural and critical-access hospitals to support of an evolving strategy from the White House aimed at bolster…DATABREACHTODAY.CO.UK
10 JunThe State of the Cybersecurity Market, At Least According to Gartner - Padraic O'Reilly - BSW #353Did you miss Gartner Security & Risk Management last week in National Harbor, MD? Don't worry, Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins us to discuss the hot topics that were presented at the conference last week, including: - Artificial Intelli…YOUTUBE.COM
10 JunChatGPT Integration Fortifies Apple's Siri and Writing ToolsAI Integration Boosts Siri's User Writing Tools As Apple Plays Catch Up to Rivals Apple partnered with OpenAI to integrate ChatGPT into Siri and introduce artificial intelligence capabilities through free access with privacy protections as well as optional paid features. The move…DATABREACHTODAY.CO.UK
10 JunFCC Advances BGP Security Rules for Broadband ProvidersRegulatory Body Approves Notice of Proposed Rulemaking Targeting BGP Hijacking The U.S. Federal Communications Commission unanimously approved a notice of proposed rulemaking that would require major U.S. internet providers to establish and submit confidential Border Gateway Prot…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 1[−]
📡 INFOSEC NEWS 13[−]
10 JunCyber Security Today, June 10, 2024 - Microsoft backs down on RecallMicrosoft has listened to criticism about the supposedly helpful tool, and moreCYBERSECURITYTODAY.LIBSYN.COM
10 JunCybersecurity CPEs: Unraveling the What, Why & HowStaying Sharp: Cybersecurity CPEs Explained Perhaps even more so than in other professional domains, cybersecurity professionals constantly face new threats. To ensure you stay on top of your game, many certification programs require earning Continuing Professional Education (CPE…THEHACKERNEWS.COM
10 JunGoogle Takes Down Influence Campaigns Tied to China, Indonesia, and RussiaGoogle has revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs as part of a coordinated influence operation connected to the People’s Republic of China (PRC). "The coordinated inauthentic network uploaded content in Chinese and English about China and U.S. f…THEHACKERNEWS.COM
10 JunMicrosoft Bows To Public Pressure, Disables Controversial Windows Recall By DefaultPACKETSTORMSECURITY.COM
10 JunMandiant says hackers stole a ‘significant volume of data’ from Snowflake customersThe security firm said the attacks targeting Snowflake customers is "ongoing," suggesting the number of affected companies may rise. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
10 JunApple’s AI promise: “Your data is never stored or made accessible by Apple”And publicly reviewable server code means experts can "verify this privacy promise."ARSTECHNICA.COM
10 JunNetgear WNR614 flaws allow device takeover, no fix availableResearchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses. [...]BLEEPINGCOMPUTER.COM
10 JunApple enters AI arms race with new Apple Intelligence featureApple unveiled its new 'Apple Intelligence' feature today at its 2024 Worldwide Developer Conference, finally unveiling its generative AI strategy that will power new personalized experiences on Apple devices. [...]BLEEPINGCOMPUTER.COM
10 JunWeLiveSecurity wins Best Cybersecurity Vendor Blog award!The award is an excellent opportunity for us to thank our readers and to recognize the depth of talent of ESET’s security researchers and writersWELIVESECURITY.COM
10 JunApple’s AI promise: “Your data is never stored or made accessible to Apple”And publicly reviewable server code means experts can "verify this privacy promise."ARSTECHNICA.COM