🐛 COMMON VULNERABILITIES AND EXPOSURES 56[−]
11 Jun KEVArm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU DriversArm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild. Tracked as CVE-2024-4610, the use-after-free issue impacts the following products - Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0) Valha…THEHACKERNEWS.COM
11 Jun KEVArm Warns Of Mali GPU Kernel Driver Flaws Exploited In The WildThe Mali GPU driver is a widely used Graphical Processing Unit for multiple devices, including Android and Linux. A new vulnerability has been discovered in the Mali GPU Kernel driver. It allows an authenticated, low-privileged user to gain access to freed memory. The CVE for thi…GBHACKERS.COM
11 JunArm Warns of Exploited Kernel Driver VulnerabilityArm warns that CVE-2024-4610, a Mali GPU kernel driver vulnerability addressed two years ago, is exploited in attacks. The post Arm Warns of Exploited Kernel Driver Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunApple Patches Vision Pro Vulnerability Used in Possibly ‘First Ever Spatial Computing Hack’Apple has released a visionOS update that patches CVE-2024-27812, which may be the first flaw specific to the VR headset. The post Apple Patches Vision Pro Vulnerability Used in Possibly ‘First Ever Spatial Computing Hack’ appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunTellYouThePass ransomware exploits recent PHP RCE flaw to breach serversThe TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems. [...]BLEEPINGCOMPUTER.COM
11 JunCVE-2024-30069 Windows Remote Access Connection Manager Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30070 DHCP Server Service Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30072 Microsoft Event Trace Log File Parsing Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30074 Windows Link Layer Topology Discovery Protocol Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30075 Windows Link Layer Topology Discovery Protocol Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30076 Windows Container Manager Service Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30077 Windows OLE Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30078 Windows Wi-Fi Driver Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30080 Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30082 Win32k Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-35250 Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-35255 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2023-50868 MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPUInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-29187 GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEMInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-29060 Visual Studio Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30062 Windows Standards-Based Storage Management Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30063 Windows Distributed File System (DFS) Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30064 Windows Kernel Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30065 Windows Themes Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30066 Winlogon Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30067 Winlogon Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30068 Windows Kernel Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30083 Windows Standards-Based Storage Management Service Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30084 Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30085 Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30086 Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30087 Win32k Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30088 Windows Kernel Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30089 Microsoft Streaming Service Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30090 Microsoft Streaming Service Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30091 Win32k Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30093 Windows Storage Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30094 Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30095 Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30096 Windows Cryptographic Services Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30097 Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30099 Windows Kernel Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30100 Microsoft SharePoint Server Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30101 Microsoft Office Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30102 Microsoft Office Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30103 Microsoft Outlook Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30104 Microsoft Office Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-35248 Microsoft Dynamics 365 Business Central Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-35249 Microsoft Dynamics 365 Business Central Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-35252 Azure Storage Movement Client Library Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-35253 Microsoft Azure File Sync Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-35254 Azure Monitor Agent Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-35263 Microsoft Dynamics 365 (On-Premises) Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-35265 Windows Perception Service Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-37325 Azure Science Virtual Machine (DSVM) Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2024-30052 Visual Studio Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
11 JunCertified Ethical Hacker (CEH): Certification cost, training, and valueCertified Ethical Hacker (CEH) certification Certified Ethical Hacker (CEH) is an early-career certification for security pros interested in assessing target systems using techniques often associated with hackers to help identify vulnerabilities for employers or clients. Stylized…CSOONLINE.COM
11 JunThe risks in mergers and acquisitions CISOs need to knowWhen a large company announces the acquisition of another organization, it’s often perceived as just being a financial transaction. However, the merger and acquisition (M&A) process is far more complex and can help uncover various aspects of both businesses involved. Amid the…CSOONLINE.COM
11 JunChina-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft TacticsCybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new campaign. "In the latest version, ValleyRAT introduced new commands, such as capturing screenshots, process filtering, forced shutdown, and clearing W…THEHACKERNEWS.COM
11 JunDarkGate Malware Being Spread Via Excel Docs Attached To Phishing EmailsA phishing campaign is spreading the DarkGate malware using new techniques to evade security filters, according to researchers at Cisco Talos.KNOWBE4.COM
11 JunNew HR-Themed Credential Harvesting Phishing Attack Uses Legitimate Signature Platform YousignA new phishing campaign is exploiting the eSignature platform Yousign.KNOWBE4.COM
11 JunFortinet grabs cloud security player LaceworkFortinet has reached an agreement to buy cloud security company Lacework for an undisclosed amount. Founded in 2015, Lacework is known for its cloud-based machine learning, AI and automation technology that lets customers manage and secure cloud workflows. Its security technology…NETWORKWORLD.COM
11 JunCyberheistNews Vol 14 #24 [NEW 2024 RESEARCH] Reveals that 34% of Green Users Will Fail a Phishing TestKNOWBE4.COM
11 JunCISA Releases Six Industrial Control Systems AdvisoriesCISA released six Industrial Control Systems (ICS) advisories on June 11, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-163-01 Rockwell Automation ControlLogix, GuardLogix, and CompactLogix …CISA.GOV
11 JunLet’s Go into the rabbit hole (part 2) — the challenges of dynamically hooking Golang programsGolang is the most used programming language for developing cloud technologies. Tools such as Kubernetes , Docker , Containerd and gVisor are written in Go. Despite the fact that the code of these programs is open source, there is no way to analyze and extend their behaviour dyna…QUARKSLAB.COM
11 JunSinister "More_eggs" Malware Cracks Into Companies by Targeting Hiring ManagersJob seekers, beware - cybercriminals have a nasty new way to slide their malicious code on corporate networks. Researchers have uncovered a devious phishing campaign that's distributing the powerful More_eggs backdoor by disguising it as resume submissions for open roles.KNOWBE4.COM
11 JunCity of Cleveland shuts down IT systems after cyberattackThe City of Cleveland, Ohio, is currently dealing with a cyberattack that has forced it to take citizen-facing services offline, including the public offices and facilities at Erieview and the City Hall. [...]BLEEPINGCOMPUTER.COM
11 JunMFA soon compulsory for AWS users, passwordless authentication an optionAWS has added support for FIDO2 passkeys, a passwordless authentication method under the Fast Identity Online (FIDO) framework, for multifactor authentication — and will soon make MFA mandatory for signing in to AWS accounts. “Beginning in July 2024, root users of standalone acco…CSOONLINE.COM
11 JunFortinet Releases Security Updates for FortiOSFortinet has released security updates to address a vulnerability in FortiOS. A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following Fortinet Security Bulletin and apply t…CISA.GOV
11 JunMicrosoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEsToday is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability. [...]BLEEPINGCOMPUTER.COM
11 JunJetBrains warns of IntelliJ IDE bug exposing GitHub access tokensJetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens. [...]BLEEPINGCOMPUTER.COM
11 JunCISOs may be too reliant on EDR/XDR defensesAttackers are easily sidestepping endpoint detection and response (EDR) and extended detection and response (XDR) defenses, often catching enterprises unaware, according to a new study of cybersecurity threats. The study of global cyberthreats, by EDR/XDR vendor Trellix, highligh…CSOONLINE.COM
11 JunMicrosoft Releases June 2024 Security Updates Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following advis…CISA.GOV
11 JunMicrosoft Patch Tuesday June 2024, (Tue, Jun 11th)Microsoft&#;x26;#;39;s June 2024 update fixes a total of 58 vulnerabilities. 7 of these vulnerabilities are associated with Chromium and Microsoft&#;x26;#;39;s Brave browser. Only one vulnerability is rated critical. One of …ISC.SANS.EDU
11 JunPatch Tuesday: Remote Code Execution Flaw in Microsoft Message QueuingThe Windows vulnerability carries a CVSS severity score of 9.8/10 and can be exploited by via specially crafted malicious MSMQ packets. The post Patch Tuesday: Remote Code Execution Flaw in Microsoft Message Queuing appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunCleveland Cyber Incident Prompts Shutdown of City IT SystemsCleveland Investigating Cyber Incident that Forced City to Shutdown IT Systems The city of Cleveland, Ohio is launching an investigation into an apparent cyber event that forced a shutdown of its information technology systems throughout the start of the week, officials said Tues…DATABREACHTODAY.CO.UK
11 JunRansomware Gang TellYouThePass Exploits PHP VulnerabilityFlaw Allows Unauthenticated Attackers to Execute Arbitrary Code A ransomware operation with a history of exploiting widespread internet vulnerabilities lost little time in making use of a critical severity vulnerability in scripting language PHP. The TellYouThePass ransomware gro…DATABREACHTODAY.CO.UK
11 JunCritical Patches Issued for Microsoft Products, June 11, 2024Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, o…CISECURITY.ORG
📋 SECURITY BULLETINS 2[−]
11 JunAdobe Plugs Code Execution Holes in After Effects, IllustratorPatch Tuesday: Adobe fixes critical flaws and warns of the risk of code execution attacks on Windows and macOS platforms. The post Adobe Plugs Code Execution Holes in After Effects, Illustrator appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunPatch Tuesday, June 2024 “Recall” EditionMicrosoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows administrators. The software giant also responded to a torrent of negative feedback on a new feature of Redmond's…KREBSONSECURITY.COM
📢 SECURITY ADVISORIES 11[−]
11 JunHackers Weaponizing MSC Files In Targeted Attack CampaignHackers utilize MSC or Microsoft Management Console files in themed attack campaigns as these files contain commands and scripts that enable them to perform different administrative tasks on the target system. By mimicking legitimate files, MSC files can evade various secur…GBHACKERS.COM
11 JunSSLoad Malware Employs MSI Installer To Kick-Start Delivery ChainMalware distributors use MSI installers as Windows OS already trusts them to run with administrative rights by bypassing security controls. For this reason, MSI files are a convenient means of spreading ransomware, spyware, and other malware that can be passed off as genuine soft…GBHACKERS.COM
11 JunMicrosoft Recall's Security & Privacy, Hacking Web APIs, Secure Design Pledge - ASW #288Looking at use cases and abuse cases of Microsoft's Recall feature, examples of hacking web APIs, CISA's secure design pledge, what we look for in CVEs, a nod to PHP's history, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://sec…YOUTUBE.COM
🔥 INCIDENT REPORTING 15[−]
11 JunSnowflake Breach Exposes 165 Customers' Data in Ongoing Extortion CampaignAs many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought. Google-owned Mandiant, which…THEHACKERNEWS.COM
11 JunPrivacy Regulators Probe Impact of 23andMe's Mega-Breach6.9 Million Individuals' Genetic Details Stolen via 2023 Credential-Stuffing Attack Privacy regulators in the U.K. and Canada have launched a joint investigation into 23andMe following the direct-to-consumer genetic testing service suffering a massive data breach in October 2023 …DATABREACHTODAY.CO.UK
11 JunTop 10 Critical Pentest Findings 2024: What You Need to KnowOne of the most effective ways for information technology (IT) professionals to uncover a company’s weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable insights into a…THEHACKERNEWS.COM
11 JunPure Storage confirms data breach after Snowflake account hackPure Storage, a leading provider of cloud storage systems and services, confirmed on Monday that attackers breached its Snowflake workspace and gained access to what the company describes as telemetry information [...]BLEEPINGCOMPUTER.COM
11 JunBlackBerry Cylance Data Offered for Sale on Dark WebBlackBerry says the Cylance data offered for sale for $750,000 is old and its own systems have not been compromised. The post BlackBerry Cylance Data Offered for Sale on Dark Web appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunThe mystery of an alleged data broker’s data breachSince April, a hacker with a history of selling stolen data has claimed a data breach of billions of records — impacting at least 300 million people — from a U.S. data broker, which would make it one of the largest alleged data breaches of the year. The data, seen by …TECHCRUNCH.COM
11 JunNew Warmcookie Windows backdoor pushed via fake job offersA never-before-seen Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks. [...]BLEEPINGCOMPUTER.COM
11 JunChinese hackers breached 20,000 FortiGate systems worldwideThe Dutch Military Intelligence and Security Service (MIVD) warned today that the impact of a Chinese cyber-espionage campaign unveiled earlier this year is "much larger than previously known." [...]BLEEPINGCOMPUTER.COM
11 JunIT downtime cuts enterprise profit by 9%, says studyDowntime cost large enterprises an average of $200 million annually, cutting 9% from yearly profits, according to a study commissioned by Splunk. And while ransomware accounts for a relatively small proportion of that total, enterprises should really be budgeting more for it. For…CIO.COM
11 JunHow Cynet Makes MSPs Rich & Their Clients SecureManaged service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as the security vendor of choice for MSPs to capitalize on existing relationships with SMB clients and pro…THEHACKERNEWS.COM
11 JunHalf a Dozen Flaws in Netgear Router Put User Data at RiskVulnerabilities Could Lead to Unauthorized Data Access and Manipulation Half a dozen vulnerabilities in a moderately priced Netgear router could allow attackers to bypass authentication, putting home users and small businesses at risk. The flaws could cause unauthorized access, n…DATABREACHTODAY.CO.UK
11 JunDOJ Investigating Medical Transcribers' Mega Hack: ReportPerry Johnson & Associates' 2023 Data Theft Breach Affected About 14 Million The 2023 hack at medical transcription firm Perry Johnson & Associates, which affected dozens of clients and about 14 million individuals, triggered the largest health data breach reported to regulators …DATABREACHTODAY.CO.UK
11 JunDutch Agency Renews Warning of Chinese Fortigate CampaignChinese Cyber Espionage Campiagn Is 'Much Larger Than Previously Known' Chinese hackers breached thousands of vulnerable Fortigate network security appliances in a cyber-espionage campaign "much larger than previously known," a Dutch cybersecurity agency warned Tuesday. Even full…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 29[−]
11 JunISC Stormcast For Tuesday, June 11th, 2024 https://isc.sans.edu/podcastdetail/9018, (Tue, Jun 11th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
11 JunApple is bringing RCS to the iPhone in iOS 18submitted by aa1 to cybersecurity 0 points | 1 comments https://www.theverge.com/2024/6/10/24171315/apple-messages-rcs-ios-18-imessage-green-bubbleTHEVERGE.COM
11 JunHackers Used Homemade Mobile Antenna To Send Thousands Of Smishing TextOfficers have made two arrests in connection with using a “text message blaster,” believed to have been used to send thousands of smishing messages posing as banks and other official organizations. These messages targeted unsuspecting members of the public. Unprecedented Use of I…GBHACKERS.COM
11 JunRSAC Fireside Chat: Ontinue ups the ‘MXDR’ ante — by emphasizing wider automation, collaborationCompanies that need to protect assets spread across hybrid cloud infrastructure face a huge challenge trying to mix and match disparate security tools. Related: Cyber help for hire Why not seek help from a specialist? At RSAC 2024 , I … (more…) The post RSAC Fireside Chat: …LASTWATCHDOG.COM
11 JunNoodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking GroupsThis blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.TRENDMICRO.COM
11 JunXona Raises $18 Million for OT Remote Access PlatformOT zero trust user access platform provider Xona has raised $18 million, which brings its total investment to $32 million. The post Xona Raises $18 Million for OT Remote Access Platform appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunBruce Schneier: "AI Will Increase the Quantity—and Quality—of Phishing Scams"Wow. It does not happen often that the godfather of infosec comes out this strong about phishing risks. He co-published new research in the Harvard Business Review May 30, 2024, which in turn links back to the actual study that was published at the IEEE. This is the best budget a…KNOWBE4.COM
11 JunLLMs Acting DeceptivelyNew research: “ Deception abilities emerged in large language models “: Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great impor…SCHNEIER.COM
11 JunChinese Hackers using New Noodle RAT to Attack Linux ServersCybersecurity experts have identified a new type of malware called “Noodle RAT,” which Chinese-speaking hacker groups use to target Linux servers. Although this malware has been active since 2016, it has only recently been properly classified, shedding light on its ex…GBHACKERS.COM
11 JunVietnamese Entities Targeted By China-Linked Mustang Panda In Cyber Espionagesubmitted by kid to cybersecurity 1 points | 0 comments https://cyble.com/blog/vietnamese-entities-targeted-by-china-linked-mustang-panda-in-cyber-espionage/CYBLE.COM
11 JunRogue Cell Tower Shut Down in Londonsubmitted by kid to cybersecurity 7 points | 0 comments https://www.cityoflondon.police.uk/news/city-of-london/news/2024/june/two-people-arrested-in-connection-with-investigation-into-homemade-mobile-antenna-used-to-send-thousands-of-smishing-text-messages-to-the-public/CITYOFLONDON.POLICE.UK
11 JunSAP Patches High-Severity Vulnerabilities in Financial Consolidation, NetWeaverSAP has released 10 new security notes on June 2024 Security Patch Day, including two addressing high-severity vulnerabilities. The post SAP Patches High-Severity Vulnerabilities in Financial Consolidation, NetWeaver appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunDangerous Liaisons: The Interaction Between Threat Actors and High-Risk DevicesForescout's 2024 analysis of the riskiest devices highlights vulnerabilities and threat actor interactions across IT, IoT, OT, and IoMT. The post Dangerous Liaisons: The Interaction Between Threat Actors and High-Risk Devices appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunSupreme Court Will Take Up Meta’s Bid to End Lawsuit Over Cambridge Analytica Privacy ScandalThe Supreme Court will take up Meta’s bid to end the lawsuit over the Cambridge Analytica privacy scandal. The post Supreme Court Will Take Up Meta’s Bid to End Lawsuit Over Cambridge Analytica Privacy Scandal appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunRemcos RAT Distributed As UUEncoding (UUE) File To Steal LoginsResearchers identified a campaign distributing Remcos RAT, a Remote Access Trojan, where the attack uses phishing emails disguised as legitimate business communication, such as import/export or quotations. The emails contain a UUEncoded (UUE) file compressed with Power Arch…GBHACKERS.COM
11 JunNetskope secures SaaS apps with genAINetskope recently introduced generative AI and software-as-a-service security enhancements in its Netskope One secure access security edge (SASE) platform, which industry watchers say will help enterprise IT organizations reduce genAI data leakage and better categorize SaaS appli…NETWORKWORLD.COM
11 JunMultiple Vulnerabilities Plague Discontinued Netgear WNR614 RoutersRedfox Security warns of multiple vulnerabilities in Netgear WNR614 routers discontinued three years ago. The post Multiple Vulnerabilities Plague Discontinued Netgear WNR614 Routers appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunForrester Names Palo Alto Networks a Leader in OT SecurityPalo Alto Networks was named a Leader in the Forrester WaveTM: OT Security Solutions, Q2 2024 report. The post Forrester Names Palo Alto Networks a Leader in OT Security appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
11 JunCISO and the Board: Demonstrating value and relevant metrics - Max Shier - CSP #178The importance of CISO skills/metrics for the board, demonstrating the business value and necessity of good cybersecurity posture, as capabilities the CISO must master to be effective in securing the appropriate investment level. Join us as we discuss interactions with the board …YOUTUBE.COM
11 JunTwo Arrested in UK for Smishing Campaign Powered by Homemade SMS BlasterUK authorities have arrested two individuals for allegedly using a homemade mobile antenna to send mass text messages. The post Two Arrested in UK for Smishing Campaign Powered by Homemade SMS Blaster appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunBeware: Major AI Chatbots Now Intentionally Spreading Election DisinformationJust when you thought the disinformation landscape couldn't get any worse, an alarming new report from Democracy Reporting International reveals that popular AI chatbots have started intentionally spreading false information related to elections and the voting process.KNOWBE4.COM
11 JunBuzz Aldrin, the Gray Lady, Veeam, Microsoft squared, Nvidia, Josh Marpet... - SWN #392Buzz Aldrin punches me in the face, the Gray Lady, Veeam, Microsoft squared, Nvidia, Hardware, Pentests, Josh Marpet, and more on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com…YOUTUBE.COM
11 JunDutch intelligence says Chinese hacking campaign ‘more extensive’ than previously knownsubmitted by kid to cybersecurity 1 points | 0 comments https://thecyberpost.com/news/dutch-intelligence-says-chinese-hacking-campaign-more-extensive-than-previously-known/THECYBERPOST.COM
11 JunWARMCOOKIE backdoor masquerades as a recruiting offersubmitted by kid to cybersecurity 3 points | 0 comments https://www.elastic.co/security-labs/dipping-into-dangerELASTIC.CO
11 JunAI Will Soon Exhaust the Internet. What's Next?Researchers Expect an AI Training Data Drought in the Next 2 to 8 Years Artificial intelligence models consume training data faster than humans can produce it, and large language model researchers warn that the stocks of public text data are set to be exhausted as early as two ye…DATABREACHTODAY.CO.UK
11 JunAtos Agrees to New Financial Restructuring PlansPlan Proposed by Onepoint Includes Converting Atos Debt to Equity French IT consultancy Atos agreed to a last-minute financial restricting plan as the debt ridden company finalizes a proposed buyout by the French government. Atos said it will proceed with financial restructuring …DATABREACHTODAY.CO.UK
11 JunCyberhaven Secures $88M to Strengthen Data Security PlatformAdams Street Partners, Khosla Ventures Lead Series C Funding for Data Security Firm Cyberhaven secured $88 million in a Series C round led by Adams Street Partners and Khosla Ventures. The company wants to bolster product development, expand AI detection capabilities and increase…DATABREACHTODAY.CO.UK
11 JunUS DOD Seeks Commercial Partner for AI Governance OverhaulDefense Department Issues Open Call for Private Sector AI Governance Partner The U.S. Department of Defense is looking to the private sector while aiming to strengthen its enterprisewide governance of artificial intelligence systems by issuing an open call for a commercial partne…DATABREACHTODAY.CO.UK
11 JunChinese-Made Biometric Access System Has 24 VulnerabilitiesKaspersky Unveils 24 Flaws in ZKTeco Terminals A promise of better security through biometrics fell short after security researchers dismantled an access system manufactured by a Chinese manufacture, only to discover 24 vulnerabilities contained inside. ZKTeco specializes in hybr…DATABREACHTODAY.CO.UK
📡 INFOSEC NEWS 12[−]
11 JunNotifications from FB and theft of business account passwordsThrough a security hole attackers get the Facebook, to send phishing emails with fake notifications threatening to block business accounts.KASPERSKY.COM
11 JunApple Integrates OpenAI's ChatGPT into Siri for iOS, iPadOS, and macOSApple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced secu…THEHACKERNEWS.COM
11 JunProtecting the data of our commercial and public sector customers in the AI eraEmpowering Industries with Secure AI Solutions for Enhanced Growth and Productivity How are multiple industries leveraging Microsoft Azure OpenAI and Copilot to drive growth and ensure robust data security?DATABREACHTODAY.CO.UK
11 JunChinese Actor SecShow Conducts Massive DNS Probing on Global ScaleCybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell,…THEHACKERNEWS.COM
11 JunWindows 10 KB5039211 update released with new feature, 12 fixesMicrosoft has released the KB5039211 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 12 changes, including a Snipping Tool feature that allows you to edit Android photos in Windows. [...]BLEEPINGCOMPUTER.COM
11 JunAt last, Apple’s Messages app will support RCS and scheduling textsThese messaging features, announced at WWDC 2024, will have a significant impact on how people communicate every day. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
11 JunWindows 11 KB5039212 update released with 37 changes, fixesMicrosoft is rolling out the KB5039212 cumulative update for Windows 11 version 23H3 with thirty-seven improvements and changes, including better drag-and-drop support in the File Explorer address bar. [...]BLEEPINGCOMPUTER.COM
11 JunTop 10 IT security actions: Number 4 harden operating systems and applications (ITSM.10.090)CYBER.GC.CA
11 JunNew Windows Server KB5039227 and KB5039217 updates fix LSASS crashesMicrosoft has released the Windows Server 2022 KB5039227 and Windows Server 2019 KB5039217 cumulative updates with security fixes and fixes for a variety of bugs. [...]BLEEPINGCOMPUTER.COM
11 JunUK Sides With APP Fraud Victims - Despite Industry PressurePayments Regulator Says Banks Should Prioritize Customer Protection Over Losses The U.K. Payments Systems Regulator has denied The Payment Association's request to delay the contentious APP fraud reimbursement plan by a year. The association, the largest community in payments, ha…DATABREACHTODAY.CO.UK