67Articles
7Categories
2024-06-14Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
14 JunSolarWinds Serv-U Vulnerability Let Attackers Access sensitive filesSolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a threat actor to read sensitive files on the host machine. This vulnerability existed in the SolarWinds Serv-U File Transfer solution and was assigned with CVE-2024-28995 R…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 17[−]
14 JunWhat is Tor Browser? Software for protecting your identity onlineTor Browser definition The Tor Browser is a web browser that anonymizes your web traffic using the Tor network, making it easy to protect your identity online. If you’re investigating a competitor, researching an opposing litigant in a legal dispute, or just think it’s creepy for…CSOONLINE.COM
14 Jun KEVDeepfakes: Coming soon to a company near youDeepfakes, the bane of celebrities and the fear of politicians, are poised to take off in the corporate world, as cybercriminals see them as a new way to make easy money, some security experts say. CIOs, CISOs, and other corporate leaders need to be ready for AI-assisted attacks …CSOONLINE.COM
14 JunCyber Security Today, June 14, 2024 - Employee downloaded file that led to hospital chain's ransomware attackThis episode reports on the latest ransomware news, another North Korean threat actor putting malicious packages on the NPM registry, vulnerabilities in some open source AI apps, and moreCYBERSECURITYTODAY.LIBSYN.COM
14 JunCISA Warns of Progress Telerik Vulnerability ExploitationCISA urges federal agencies to apply mitigations for an exploited Progress Telerik vulnerability as soon as possible. The post CISA Warns of Progress Telerik Vulnerability Exploitation appeared first on SecurityWeek .SECURITYWEEK.COM
14 JunSmishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems CustomersHackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes. Resecurity researchers have recently revealed that the Smishing Triad group has launched a fresh smishing campaign targeting Pakistani mobile users. The gang members send …GBHACKERS.COM
14 JunSleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-UsersHackers are targeting, attacking, and exploiting ML models. They want to hack into these systems to steal sensitive data, interrupt services, or manipulate outcomes in their favor. By compromising the ML models, hackers can degrade the system performance, cause financial losses, …GBHACKERS.COM
14 JunExploiting ML models with pickle file attacks: Part 1submitted by kid to cybersecurity 1 points | 0 comments https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/ Nice article.TRAILOFBITS.COM
14 JunEdge Devices: The New Frontier for Mass Exploitation AttacksThe increase in mass exploitation involving edge services and devices is likely to worsen. The post Edge Devices: The New Frontier for Mass Exploitation Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
14 JunMicrosoft president faces tough questions from Congress on China, securityMicrosoft’s president Brad Smith faced tough questioning on the company’s security track record and presence in China during a Congressional hearing on Thursday. The House Committee on Homeland Security convened a hearing to consider last summer’s Microsoft Exchange Online hack, …CSOONLINE.COM
14 JunShared irresponsibilities and the importance of product privacy: Apple vs Microsoft - ESW #365This week, we've got data security being both funded AND acquired. We discuss Lacework's fall from unicorn status and why rumors that it went to Fortinet for considerably more than Wiz was willing to pay make sense. Microsoft Recall and Apple Intelligence are the perfect bookends…YOUTUBE.COM
14 JunIncreasing KYB Coverage, Is your SSO on point, & The Future of Identity Management - V... - ESW #365Several recent trends underscore the increasing importance of Know Your Business (KYB) practices in today's business landscape. One significant trend is the rise in financial crimes, including money laundering, fraud, and terrorist financing. Technological advancements have trans…YOUTUBE.COM
14 JunUnlocking Business Value, Beyond Outages, & Combat Account and Platform Fraud - Ajay G... - ESW #365Enterprises often struggle with achieving business value in identity programs. This is typically the result of technology choices that require a disproportionately greater amount of effort and focus and underestimating the workforce required for organizational change management. …YOUTUBE.COM
14 Jun KEVCISA warns of Windows bug exploited in ransomware attacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs. [...]BLEEPINGCOMPUTER.COM
14 JunWe Love What’s Broken … Yes, This Of Course Means SIEM!We Love What’s Broken … Yes, This Of Course Means SIEM! SIEM challenges never stopped me from loving this technology , but I am very cognizant of YMMV. Anyhow, CardinalOps released their annual “state of SIEM” report , and here are some fun highlights. CardinalOps State of SIEM 2…MEDIUM.COM
14 JunLondon hospitals cancel over 800 operations after ransomware attackNHS England revealed today that multiple London hospitals impacted by last week's Synnovis ransomware attack were forced to cancel hundreds of planned operations and appointments. [...]BLEEPINGCOMPUTER.COM
14 JunPhishing Campaign Targets Job Seekers With WARMCOOKIE BackdoorA phishing campaign is impersonating recruiting firms to target job seekers with a new strain of malware, according to researchers at Elastic Security.KNOWBE4.COM
14 JunThe growing threat of identity-related cyberattacks: Insights into the threat landscapeThe last 12 months have witnessed a rapid-fire round of innovation and adoption of new technologies. Powerful new identities, environments and attack methods are shaping the quickly changing cybersecurity threat landscape, rendering it more complex and causing the diffusion of ri…CSOONLINE.COM
📢 SECURITY ADVISORIES 5[−]
14 JunIn Other News: Fuxnet ICS Malware, Google User Tracking, CISA Employee ScamsNoteworthy stories that might have slipped under the radar: Overview of the ICS malware Fuxnet, Google accused of tracking users, scammers impersonate CISA staff. The post In Other News: Fuxnet ICS Malware, Google User Tracking, CISA Employee Scams appeared first on SecurityWeek …SECURITYWEEK.COM
🔥 INCIDENT REPORTING 10[−]
14 JunAscension Hack Caused By an Employee Who Downloaded a Malicious FileAscension, a leading healthcare provider, has made significant strides in its investigation and recovery efforts following a recent cybersecurity breach. With the assistance of third-party cybersecurity experts, the company has identified that attackers accessed files from a smal…GBHACKERS.COM
14 JunZKTeco Biometric System Found Vulnerable to 24 Critical Security FlawsAn analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database…THEHACKERNEWS.COM
14 JunThreat Actor Claiming Leak Of 5 Million Ecuador’s Citizen DatabaseA threat actor has claimed responsibility for leaking the personal data of 5 million Ecuadorian citizens. The announcement was made via a post on social media tweets from the DarkWebInformer account. The breach has raised significant concerns about data security and privacy in th…GBHACKERS.COM
14 JunWhy Regulated Industries are Turning to Military-Grade Cyber DefensesAs cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage.  Which is wh…THEHACKERNEWS.COM
14 JunInsurance giant Globe Life investigating web portal breachAmerican financial services holding company Globe Life says attackers may have accessed consumer and policyholder data after breaching one of its web portals. [...]BLEEPINGCOMPUTER.COM
14 JunAscension Says Personal, Health Information Stolen in Ransomware AttackAscension says patient information was stolen in an early-May ransomware attack that involved an employee downloading malware. The post Ascension Says Personal, Health Information Stolen in Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
14 JunKeytronic confirms data breach after ransomware gang leaks stolen filesPCBA manufacturing giant Keytronic is warning it suffered a data breach after the Black Basta ransomware gang leaked 530GB of the company's stolen data two weeks ago. [...]BLEEPINGCOMPUTER.COM
14 JunThe Global Reach of Cyber Threats: Why Security Awareness Training is More Important Than EverBased on news cycles within cybersecurity, it's easy to fall into the trap of thinking that threats only come from certain parts of the world or that they only target specific industries. However, the reality is that cyber attacks know no borders, and no organisation is immune.KNOWBE4.COM
🕵️ THREAT INTELLIGENCE 21[−]
14 JunISC Stormcast For Friday, June 14th, 2024 https://isc.sans.edu/podcastdetail/9024, (Fri, Jun 14th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
14 JunAWS Announced Malware Detection Tool For S3 BucketsAmazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection for Amazon Simple Storage Service (Amazon S3). This new feature expands GuardDuty Malware Protection to detect malicious file uploads to selected S3 buckets, enhancing the secu…GBHACKERS.COM
14 JunNorth Korean Hackers Target Brazilian Fintech with Sophisticated Phishing TacticsThreat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted th…THEHACKERNEWS.COM
14 JunBSidesCharm 2024 - 22 videossubmitted by ashar to security_cpe 1 points | 0 comments https://bsidescharm.org/wp-content/uploads/2024/02/Logo-Mascots-2.png BSidesCharm is a regional Security BSides held in the Baltimore region of Maryland. It operates under the umbrella principles of Security BSides as a lar…BSIDESCHARM.ORG
14 JunRockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SERockwell Automation has patched three high-severity vulnerabilities in its FactoryTalk View SE HMI software. The post Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE appeared first on SecurityWeek .SECURITYWEEK.COM
14 JunMicrosoft Delaying Recall Feature to Improve SecurityMicrosoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security. The post Microsoft Delaying Recall Feature to Improve Security appeared first on SecurityWeek .SECURITYWEEK.COM
14 JunMicrosoft president to Congress: ‘We accept responsibility’ for cybersecurity failuressubmitted by neme to cybersecurity 2 points | 0 comments https://edition.cnn.com/2024/06/13/tech/microsoft-president-congress-cybersecurity-failures/index.htmlEDITION.CNN.COM
14 JunDemo of AES GCM Misuse ProblemsThis is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode.SCHNEIER.COM
14 JunDISGOMOJI Malware Used to Target Indian Governmentsubmitted by kid to cybersecurity 2 points | 0 comments https://www.volexity.com/blog/2024/06/13/disgomoji-malware-used-to-target-indian-government/VOLEXITY.COM
14 JunOff-Topic Fridaysubmitted by shellsharks to cybersecurity 2 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
14 JunGenerative AI security requires a solid frameworkHow many companies intentionally refuse to use AI to get their work done faster and more efficiently? Probably none: the advantages of AI are too great to deny. The benefits AI models offer to organizations are undeniable, especially for optimizing critical operations and outputs…SECURITYINTELLIGENCE.COM
14 JunDarknet Diaries EP 146: ANOMsubmitted by ashar to security_cpe 1 points | 0 comments https://darknetdiaries.com/imgs/darknet-diaries-sm.jpg In this episode, Joseph Cox ( infosec.exchange/deck/@josephcox )) tells us the story of ANOM. A secure phone made by criminals, for criminals. This story comes from par…DARKNETDIARIES.COM
14 JunCCC IGER - Intergalaktische Erfahrungsreise 2024 - 9 talks in GERMANsubmitted by ashar to security_cpe 1 points | 0 comments https://fairydust.reisen/logo.svg Was ist eigentlich das IGERla? Das IGERla ist eine verkleinerte Variante der Intergalaktischen Erfahrungsreise (IGER, siehe nächster Abschnitt). Sie findet 2024 anstatt einer “großen” IGER …FAIRYDUST.REISEN
14 JunPakistani Threat Actors Caught Targeting Indian Gov EntitiesSecurity researchers at Cisco Talos and Volexity flag two Pakistani espionage campaigns targeting Indian government entities. The post Pakistani Threat Actors Caught Targeting Indian Gov Entities appeared first on SecurityWeek .SECURITYWEEK.COM
14 JunOpenAI Appoints Former NSA Director Paul Nakasone to Board of DirectorsRetired U.S. Army General Paul M. Nakasone brings cybersecurity experience to OpenAI's Board of Directors and Safety and Security Committee. The post OpenAI Appoints Former NSA Director Paul Nakasone to Board of Directors appeared first on SecurityWeek .SECURITYWEEK.COM
14 JunMicrosoft Backtracks on Recall RolloutTech Giant to Test AI Feature Via Windows Insider Program Microsoft dialed back even further its plans to roll out Recall, an automatic screenshot feature indexed by artificial intelligence that has garnered opposition from users and security and privacy advocates. The move is Mi…DATABREACHTODAY.CO.UK
14 JunUpcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak: I’m appearing on a panel on Society and Democracy at ACM Collective Intelligence in Boston, Massachusetts. The conference runs from June 26 through 29, 2024, and my panel is at 9:00 AM on Friday, June 28. I&#…SCHNEIER.COM
14 JunFriday Squid Blogging: Squid CartoonSquid humor . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here .SCHNEIER.COM
14 JunTrust in Microsoft, Apple, and the Holy AI, Moonstone Sleet, Cheating, Joshua Marpet - SWN #393Trust in Microsoft, Apple, and the Holy AI, Amen, Moonstone Sleet, Cheating, Joshua Marpet, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-393YOUTUBE.COM
14 JunESET Research Podcast: APT Activity Report Q4 2023–Q1 2024The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023WELIVESECURITY.COM
14 JunMicrosoft delays Recall launch amid privacy concernsMicrosoft has decided to delay the full launch of its controversial Recall feature following criticism over data privacy and security , with access given to a smaller group of Windows users first. The generative AI (genAI) powered Recall feature records “snapshots” of a user’s sc…COMPUTERWORLD.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
14 JunMozilla Firefox can now secure access to passwords with device credentialsMozilla Firefox finally allows you to further protect local access to stored credentials in the browser's password manager using your device's login, including a password, fingerprint, pin, or other biometrics [...]BLEEPINGCOMPUTER.COM
14 JunHow Arid Viper spies on Android users in the Middle East – Week in security with Tony AnscombeThe spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry appWELIVESECURITY.COM
📡 INFOSEC NEWS 11[−]
14 JunMicrosoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security ConcernsMicrosoft on Thursday revealed that it's delaying the rollout of the controversial artificial intelligence (AI)-powered Recall feature for Copilot+ PCs. To that end, the company said it intends to shift from general availability preview available first in the Windows Insider Prog…THEHACKERNEWS.COM
14 JunLearn to Secure Petabyte-Scale Data in a Webinar with Industry TitansData is growing faster than ever. Remember when petabytes (that's 1,000,000 gigabytes!) were only for tech giants? Well, that's so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn't just about storage anymore. This data is ALIVE—it's constantly …THEHACKERNEWS.COM
14 JunEuro 2024: Common cyberthreats | Kaspersky official blogThe latest major soccer tournament brings back old scams. Here's how to watch Euro 2024 safely.KASPERSKY.COM
14 JunLife360 Says Hacker Stole Customer DataPACKETSTORMSECURITY.COM
14 JunGoogle's Privacy Sandbox Accused of User Tracking by Austrian Non-ProfitGoogle's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users. "While the so-called 'Privacy Sandb…THEHACKERNEWS.COM
14 JunScattered Spider hackers switch focus to cloud apps for data theftThe Scattered Spider gang has started to steal data from software-as-a-service (SaaS) applications and establish persistence through creating new virtual machines. [...]BLEEPINGCOMPUTER.COM
14 JunFormer IT staff gets 2.5 years for wiping 180 virtual serversA former quality assurance employee of National Computer Systems (NCS) was sentenced to two years and eight months in prison for reportedly deleting 180 virtual servers after being fired. [...]BLEEPINGCOMPUTER.COM
14 JunMicrosoft removes Copilot app ‘incorrectly’ added on Windows PCsMicrosoft says it removed a Copilot app that was "incorrectly" added to Windows 10 and Windows 11 systems in April due to buggy Microsoft Edge updates. [...]BLEEPINGCOMPUTER.COM
14 JunFormer IT employee gets 2.5 years for wiping 180 virtual serversA former quality assurance employee of National Computer Systems (NCS) was sentenced to two years and eight months in prison for reportedly deleting 180 virtual servers after being fired. [...]BLEEPINGCOMPUTER.COM