92Articles
9Categories
2024-06-13Date
🚨 CISA KEV 1[−]
13 Jun KEVCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-32896 Android Pixel Privilege Escalation Vulnerability CVE-2024-26169 Microsoft Windows Error Reporting Service Improper Privilege Ma…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 28[−]
13 Jun256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE FlawCybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote Code Execution (RCE) flaw in Microsoft Message Queuing (MSMQ) services. The flaw, designated CVE-2024-30080, poses a significant threat to global cybersecurity. It…GBHACKERS.COM
13 Jun KEVGoogle Warns of Pixel Firmware Security Flaw Exploited as Zero-DayGoogle has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware. The company did not share any addition…THEHACKERNEWS.COM
13 JunMicrosoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate PrivilegesMicrosoft has disclosed a critical vulnerability identified as CVE-2024-30088. With a CVSS score of 8.8, this flaw affects Microsoft Windows and allows local attackers to escalate their privileges on affected installations. CVE-2024-30088 -Vulnerability Detail…GBHACKERS.COM
13 JunIvanti EPM SQL Injection Flaw Let Attackers Execute Remote CodeIn May 24, 2024, Zero-Day Initiative released a security advisory for Ivanti EPM which was associated with SQL injection Remote code execution vulnerability. This vulnerability was assigned with CVE-2024-29824 and the severity was given as 9.6 (Critical). Though ZDI did not menti…GBHACKERS.COM
13 JunHackers Exploiting MS Office Editor Vulnerability to Deploy KeyloggerResearchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group. The group has been exploiting a known vulnerability (CVE-2017-11882) in the Microsoft Office equation editor (EQNEDT32.EXE) to distribute a keylogger, posing significant us…GBHACKERS.COM
13 Jun0-day Vulnerability In 10,000 Web Apps Exploited Using XSS PayloadsA significant vulnerability, tracked as CVE-2024-37629, has been discovered in SummerNote 0.8.18. It allows Cross-Site Scripting (XSS) via the Code View Function. Summernote is a JavaScript library that helps you create WYSIWYG editors online. An attacker can insert harmful execu…GBHACKERS.COM
13 JunExploit for Veeam Recovery Orchestrator auth bypass available, patch nowA proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks. [...]BLEEPINGCOMPUTER.COM
13 JunChromium: CVE-2024-5841 Use after free in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5835 Heap buffer overflow in Tab GroupsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5837 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5844 Heap buffer overflow in Tab StripThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5833 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5839 Inappropriate Implementation in Memory AllocatorThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5836 Inappropriate Implementation in DevToolsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5834 Inappropriate implementation in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5843 Inappropriate implementation in DownloadsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5831 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5840 Policy Bypass in CORSThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5842 Use after free in Browser UIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5838 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5832 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5830 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunCVE-2024-30058 Microsoft Edge (Chromium-based) Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2024-30057 Microsoft Edge for iOS Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5846 Use after free in PDFiumThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5847 Use after free in PDFiumThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2024-5845 Use after free in AudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
13 JunCVE-2024-38083 Microsoft Edge (Chromium-based) Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 18[−]
13 Jun KEVMastering the tabletop: 3 cyberattack scenarios to prime your responseSecurity leaders live by the axiom that it is not a matter of if but when they will fall victim to a cybersecurity incident. Because of this, CISOs often strive to get ahead of the inevitable by implementing incident response and business continuity plans. But without running tab…CSOONLINE.COM
13 JunCISA Warns of Scammers Impersonating as CISA EmployeesThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a surge in impersonation scams. These scams often involve fraudsters pretending to be government employees, using their names and titles to deceive unsuspecting victims. Recently, CISA has beco…GBHACKERS.COM
13 JunPakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOSThreat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018. The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLif…THEHACKERNEWS.COM
13 JunHow shadow IT and obsolete software menace enterprise infrastructureOne-in-16 of all IT assets have reached the end-of-life stage of support, potentially exposing enterprises to known-but-unpatched vulnerabilities, according to a new study. The figure comes from an analysis of raw data aggregated from visibility into 1.2 million IT assets, includ…CSOONLINE.COM
13 JunNew Attack Technique 'Sleepy Pickle' Targets Machine Learning ModelsThe security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and …THEHACKERNEWS.COM
13 Jun11 times the US government got hacked in 2023Poor patch management, unsupported systems, and inadequate authentication controls have left some US federal government systems open to hackers, resulting in 11 major incidents in the fiscal year to September 30, 2023, according to a new report from the US Office of Management an…CSOONLINE.COM
13 JunCISA Releases Twenty Industrial Control Systems AdvisoriesCISA released twenty Industrial Control Systems (ICS) advisories on June 13, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-165-01 Siemens Mendix Applications ICSA-24-165-02 Siemens SIMATIC S…CISA.GOV
13 JunGenAI, Security, and More Lies - Aubrey King - PSW #832We will discuss LLM security in general and some of the issues covered in the OWASP Top 10 for LLMs! Segment Resources: * https://genai.owasp.org/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-832YOUTUBE.COM
13 JunPhishing With Deepfakes for HK$200 MillionMy hacker story occurred not too long ago at the Hong Kong office of an undisclosed multinational corporation. The hackers pulled off a first-of-its-kind scam that leveraged a phishing email as the initial attack vector followed by a deepfake video call.KNOWBE4.COM
13 JunCybercriminals Use New V3B Phishing Kit to Mimic 54 Different Banks in the European UnionA new phishing- as-a-service toolkit that leverages credential interception and anti-detection capabilities has put EU banks at severe risk of fraud.KNOWBE4.COM
13 JunBreach Roundup: US Federal Cyber Incidents Go UpAlso: Ukraine Arrests Alleged Ransomware Developer; Patches Galore; and Burnout This week, feds counted cyber incidents; Ukraine made arrest; BlackBasta seemed to exploit flaw; 51 flaws in Patch Tuesday; SolarWinds, JetBrains patched flaws; Alan Turning Institute debunked paper o…DATABREACHTODAY.CO.UK
13 JunChina Using Hacking Competitions to Develop Domestic TalentGovernment Nurtures Homegrown Talent and Hack-for-Hire Ecosystem, Research Finds China boasts many of the world's most talented zero-day vulnerability researchers as well as a strict cybersecurity law compelling individuals to assist the state, and the government doesn't appear t…DATABREACHTODAY.CO.UK
13 JunNew York Times warns freelancers of GitHub repo data breachThe New York Times notified an undisclosed number of contributors that some of their sensitive personal information was stolen and leaked after its GitHub repositories were breached in January 2024. [...]BLEEPINGCOMPUTER.COM
13 JunBricking PCs and IoT Hacking - PSW #832Skyrocketing IoT vulnerabilities, bricked computers?, MACBORG!, raw dogging source code, PHP strikes again and again, if you have a Netgear WNR614 replace it now, Arm Mali, new OpenSSH feature, weird headphones, decrypting firmware, and VPNs are still being hacked! Visit https://…YOUTUBE.COM
13 JunCryptohack Roundup: Norway Freezes Hacked Ronin FundsAlso: Personal Data Theft From OKX; Terraform-SEC Settlement Terms This week, the Norwegian government froze funds from the Ronin hack, a hacker stole personal data of OKX users, Terraform Labs' SEC released settlement terms, "Ethereum's most secure wallet" was breached, Orbit Ch…DATABREACHTODAY.CO.UK
13 JunFrench Bug Bounty Platform YesWeHack Raises $28 MillionYesWeHack has raised more than $52 million to date to build and market a crowdsourced vulnerability reporting platform. The post French Bug Bounty Platform YesWeHack Raises $28 Million appeared first on SecurityWeek .SECURITYWEEK.COM
13 JunEasily Exploitable Critical Vulnerabilities Found in Open Source AI/ML ToolsProtect AI warns of a dozen critical vulnerabilities in open source AI/ML tools reported via its bug bounty program. The post Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 4[−]
13 JunRSAC Fireside Chat: What it will take to achieve Digital Trust in our hyper-connected futureConfidence in the privacy and security of hyper-connected digital services is an obvious must have. Related: NIST’s quantum-resistant crypto Yet, Digital Trust today is not anywhere near the level it needs to be. At RSAC 2024 I had a wide-ranging … (more…) The post RS…LASTWATCHDOG.COM
13 JunSmashing Security podcast #376: iOS 18 for cheaters, and a model cop extortionist?Apple announces a new privacy feature in iOS that will allow you to hide and lock away your apps - but will be philanderers who benefit the most? And an ex-police officer is arrested for extortion.GRAHAMCLULEY.COM
13 JunWhy SaaS Security is Suddenly Hot: Racing to Defend and ComplyRecent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other industries are expected to follow. Many companies still don’t have efficient methods to manage related time-sensitive SaaS security and…THEHACKERNEWS.COM
13 JunWatch out! CISA warns it is being impersonated by scammersThe US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are impersonating its employees, in an attempt to commit fraud. Impersonation scams are on the rise, warns the agency. Read more, and learn how to protect yourself, in my article on the Tripwi…TRIPWIRE.COM
🔥 INCIDENT REPORTING 13[−]
13 JunIndian National Jailed For Hacked Servers Of Company That Fired HimAn Indian national was sentenced to two years and eight months in jail for unauthorized access to his former employer’s computer systems, resulting in substantial financial losses. Background of the Incident Kandula Nagaraju, a 39-year-old Indian national, was employed by S…GBHACKERS.COM
13 JunUkraine Police Arrest Suspect Linked to LockBit and Conti Ransomware GroupsThe Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti ransomware groups. The unnamed 28-year-old native of the Kharkiv region allegedly specialized in the development of crypters to encrypt and obf…THEHACKERNEWS.COM
13 JunScattered Spider Now Affiliated with RansomHub Following BlackCat Exitsubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/scattered-spider-affiliated/INFOSECURITY-MAGAZINE.COM
13 JunHow ShrinkLocker ransomware leverages BitLocker | Kaspersky official blogHow the ShrinkLocker ransomware leverages the Windows full-volume encryption utility BitLocker to block access to computers it infects.KASPERSKY.COM
13 JunLearning From Others' Gaps in the Wake of Major AttacksIt's critical for CISOs to study what went wrong in major ransomware IT disruptions and breaches hitting the healthcare sector and to look closely within their own organizations for similar gaps or vulnerabilities, said Michael Prakhye, CISO of Adventist HealthCare.DATABREACHTODAY.CO.UK
13 JunToronto District School Board hit by a ransomware attackThe Toronto District School Board (TDSB) is warning that it suffered a ransomware attack on its software testing environment and is now investigating whether any personal information was exposed. [...]BLEEPINGCOMPUTER.COM
13 JunPanera warns of employee data breach after March ransomware attackU.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack. [...]BLEEPINGCOMPUTER.COM
13 JunMicrosoft President Admits to Major Security FailuresBrad Smith Says the Tech Giant 'Accepts Responsibility' for Cyber Breaches Microsoft President Brad Smith testified Thursday to the House Homeland Security Committee that the tech giant "accepts responsibility" for a series of security failures identified in a federal report foll…DATABREACHTODAY.CO.UK
13 JunWorker-Downloaded Malware Caused Ascension Ransomware AttackAll Patients, Employees Offered Credit Monitoring While Investigation Continues Ransomware attackers stole files that potentially contain patient and employee data from seven of Ascension's 25,000 servers. The hackers gained access to the organization's network when an employee i…DATABREACHTODAY.CO.UK
13 JunAscension hacked after employee downloaded malicious fileAscension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device. [...]BLEEPINGCOMPUTER.COM
13 JunTruist Bank confirms breach after stolen data shows up on hacking forumLeading U.S. commercial bank Truist confirmed its systems were breached in an October 2023 cyberattack after a threat actor posted some of the company's data for sale on a hacking forum. [...]BLEEPINGCOMPUTER.COM
13 JunCity of Cleveland Scrambling to Restore Systems Following CyberattackThe City of Cleveland says emergency services, utilities, and airport are unaffected by a recent cyberattack. The post City of Cleveland Scrambling to Restore Systems Following Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
🕵️ THREAT INTELLIGENCE 18[−]
13 JunISC Stormcast For Thursday, June 13th, 2024 https://isc.sans.edu/podcastdetail/9022, (Thu, Jun 13th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
13 JunThe Art of JQ and Command-line Fu [Guest Diary], (Thu, Jun 13th)[This is a Guest Diary by Kaela Reed, an ISC intern as part of the SANS.edu BACS program] ISC.SANS.EDU
13 JunNew Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux SystemsA previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years. While this backdoor was previously categorized as a variant of Gh0st RAT and Rekoobe, Trend Micro security res…THEHACKERNEWS.COM
13 JunA CISO game plan for cloud securityAs businesses increasingly migrate to the cloud, chief information security officers (CISOs) face numerous critical challenges in ensuring robust cloud security. Don’t believe me? Experts highlighted this at the recent Gartner Security & Risk Management Summit. Gartner projec…INFOWORLD.COM
13 JunAI and the Indian ElectionAs India concluded the world’s largest election on June 5, 2024, with over 640 million votes counted, observers could assess how the various parties and factions used artificial intelligence technologies—and what lessons that holds for the rest of the world. The campa…SCHNEIER.COM
13 JunBeware WARMCOOKIE Backdoor Knocking Your InboxWARMCOOKIE is a new Windows backdoor that is deployed by a phishing effort with a recruiting theme dubbed REF6127. The WARMCOOKIE backdoor can be used to take screenshots of the target computer, deliver additional payloads, and fingerprint a system. “This malware represents a for…GBHACKERS.COM
13 JunArid Viper Launches Mobile Espionage Campaign with AridSpy MalwareThe threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy. "The malware is distributed through dedicated websites impersonating various messaging apps, a job opportunit…THEHACKERNEWS.COM
13 JunPakistan's 'Cosmic Leopard' Is Targeting India With RATsThreat Actor Uses Admin Panel to Track Multiple Campaigns A likely Pakistani cyberespionage operation has expanded its tool set since it first targeted Indian officials, likely in 2016. That's probable evidence the threat actor has "seen a high degree of success," say researchers…DATABREACHTODAY.CO.UK
13 JunTreasury Seeks Industry, Academic Insight on AI Use, RisksDepartment Is Asking for Information About How AI Is Used in Financial Products The financial services industry is no stranger to artificial intelligence - leading the sector's U.S. regulator to pose questions such as whether institutions can explain AI outcomes and the technolog…DATABREACHTODAY.CO.UK
13 JunNetSPI Strengthens Attack Surface Management With Hubble BuyAcquiring Hubble Means NetSPI Can Now Manage External and Internal Attack Surfaces NetSPI acquired startup Hubble to bolster its attack surface management capabilities, promising a consolidated offering for both internal and external visibility within four months. The transaction…DATABREACHTODAY.CO.UK
13 JunVisual Studio Code Has a Malicious Extension ProblemResearchers Infiltrate Major Organizations Using Fake Extension Cybersecurity researchers say an experiment in developing a fake, malicious extension for Microsoft's Visual Studio Code, the world's most popular integrated development environment, succeeded beyond their wildest ex…DATABREACHTODAY.CO.UK
13 JunArid Viper poisons Android apps with AridSpyESET researchers discovered Arid Viper espionage campaigns spreading trojanized apps to Android users in Egypt and PalestineWELIVESECURITY.COM
13 JunPyte Raises $5 Million for Secure Data Collaboration SolutionsPyte has raised $5 million for its secure computation platform, bringing the total investment in the company to $12 million. The post Pyte Raises $5 Million for Secure Data Collaboration Solutions appeared first on SecurityWeek .SECURITYWEEK.COM
13 JunEvent Preview: AI Risk Summit + CISO Forum at the Ritz-Carlton, Half Moon Bay | June 25-26, 2024SecurityWeek host its AI Risk Summit + CISO Forum Summer Summit on June 25-26, 2024, at the Ritz-Carlton, Half Moon Bay. The post Event Preview: AI Risk Summit + CISO Forum at the Ritz-Carlton, Half Moon Bay | June 25-26, 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
13 JunAWS Announces Authentication and Malware Protection EnhancementsAWS announced passkey MFA for IAM and root users, IAM Access Analyzer updates, and Amazon GuardDuty Malware Protection for S3. The post AWS Announces Authentication and Malware Protection Enhancements appeared first on SecurityWeek .SECURITYWEEK.COM
13 JunKnow Your Adversary: Why Tuning Intelligence-Gathering to Your Sector Pays DividendsWithout tuning your approach to fit your sector, amongst other variables, you’ll be faced with an unmanageable amount of noise. The post Know Your Adversary: Why Tuning Intelligence-Gathering to Your Sector Pays Dividends appeared first on SecurityWeek .SECURITYWEEK.COM
13 JunLife360 Says Personal Information Stolen From Tile Customer Support PlatformLife360 says hackers attempted to extort it after stealing personal information from a Tile customer support platform. The post Life360 Says Personal Information Stolen From Tile Customer Support Platform appeared first on SecurityWeek .SECURITYWEEK.COM
13 JunPrevalence and Impact of Password Exposure Vulnerabilities in ICS/OTAnalysis and insights on the prevalence and impact of password exposure vulnerabilities in ICS and other OT products. The post Prevalence and Impact of Password Exposure Vulnerabilities in ICS/OT appeared first on SecurityWeek .SECURITYWEEK.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
13 JunCybercriminals Employ PhantomLoader to Distribute SSLoad MalwareThe nascent malware known as SSLoad is being delivered by means of a previously undocumented loader called PhantomLoader, according to findings from cybersecurity firm Intezer. "The loader is added to a legitimate DLL, usually EDR or AV products, by binary patching the file and e…THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
13 JunTransatlantic Cable podcast episode 351 | Kaspersky official blogEpisode 351 of the Kaspersky podcast has Apple, OpenAI, “text message blasters” and Tamagotchi’s!KASPERSKY.COM
📡 INFOSEC NEWS 6[−]
13 JunPhishing, BEC attackers target candidates in local election, among othersAn escalating series of email-borne attacks were sent to candidates, including the authorSOPHOS.COM
13 JunYouTube tests harder-to-block server-side ad injection in videosYouTube reportedly now injects ads directly into video streams to make it more difficult for ad blockers to block advertisements. [...]BLEEPINGCOMPUTER.COM
13 JunDownload our cloud access security broker (CASB) enterprise buyer’s guideFrom the editors of CSO, this enterprise buyer’s guide helps security IT staff understand what cloud access security brokers (CASBs) can do for their organizations and how to choose the right solution.US.RESOURCES.CSOONLINE.COM
13 JunMicrosoft delays Windows Recall amid privacy and security concernsMicrosoft is delaying the release of its AI-powered Windows Recall feature to test and secure it further before releasing it in a public preview on Copilot+ PCs. [...]BLEEPINGCOMPUTER.COM