50Articles
8Categories
2024-06-17Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
17 JunASUS Patches Critical Authentication Bypass Flaw in Multiple Router ModelsASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router…THEHACKERNEWS.COM
17 JunHidden Backdoor in D-Link Routers Let Attacker Login as AdminA critical vulnerability has been discovered in several models of D-Link wireless routers, allowing unauthenticated attackers to gain administrative access to the devices. The CVE-2024-6045 vulnerability has a CVSS score of 8.8, indicating a high severity level. CVE-2024-6045 – V…GBHACKERS.COM
17 JunIndia faces evolved cyber espionage with novel Discord hackAn espionage campaign suspected of links to Pakistan is using a novel approach to operate malware within infected Indian government systems, according to research by Volexity . The threat actors — tracked as UTA0137 — use emojis on the messaging service Discord for C2 communicati…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 10[−]
17 JunUsing LLMs to Exploit VulnerabilitiesInteresting research: “ Teams of LLM Agents can Exploit Zero-Day Vulnerabilities .” Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities whe…SCHNEIER.COM
17 JunHackers Exploit Legitimate Websites to Deliver BadSpace Windows BackdoorLegitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some ca…THEHACKERNEWS.COM
17 JunPhishing Campaign Abuses Windows Search to Distribute MalwareResearchers at Trustwave warn that a phishing campaign is distributing malware via HTML attachments disguised as invoices. Notably, the HTML files abuse the Windows Search protocol to launch Windows Explorer and trick users into installing the malware.KNOWBE4.COM
17 JunNo Politician Too Small: School Board Candidates Targeted By Phishing and BEC ScamsCybercriminals are broadening their targets to include even local political candidates, as an escalating series of phishing attacks was recently directed at school board candidates in Colorado.KNOWBE4.COM
17 JunOperation Celestial Force Employing Android And Windows Malware To Attack Indian UsersA Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage campaign named Operation Celestial Force, targeting Indian entities. Since 2018, they have used GravityRAT malware, initially for Windows and later for Android, which has been deploye…GBHACKERS.COM
17 JunZadig & Voltaire - 586,895 breached accountsIn June 2024, a data brach sourced from French fashion brand Zadig & Voltaire was publicly posted to a popular hacking forum . The data included names, email and physical addresses, phone numbers and genders. When contacted about the incident, Zadig & Voltaire advised the inciden…HAVEIBEENPWNED.COM
17 JunMitigating SSRF Vulnerabilities Impacting Azure Machine LearningSummary On May 9, 2024, Microsoft successfully addressed multiple vulnerabilities within the Azure Machine Learning (AML) service, which were initially discovered by security research firms Wiz and Tenable. These vulnerabilities, which included Server-Side Request Forgeries (SSRF…MSRC.MICROSOFT.COM
17 JunDisaster recovery vs ransomware recovery: Why CISOs need to plan for bothOn the morning of August 30, 2023, a fire broke out at a data center operated by Belgian telecom giant Proximus. Soon, emergency numbers 112, 101, and 100, which are used to call the ambulance, the firefighters, and the police, became unreachable. The situation lasted for almost …CSOONLINE.COM
17 JunBootstrapping: The best AI strategy is to avoid learning today’s AI techTo prepare for a future enriched by artificial intelligence technologies, cybersecurity teams need to avoid learning about AI. That’s right — don’t learn about AI. While that might seem unreasonable or just plain batty when we’re talking about a technology expected to be a perman…CSOONLINE.COM
📢 SECURITY ADVISORIES 2[−]
17 JunCISA Conducts First AI Cyber Incident Response ExerciseThe US cybersecurity agency CISA has conducted a tabletop exercise with the private sector focused on AI cyber incident response. The post CISA Conducts First AI Cyber Incident Response Exercise appeared first on SecurityWeek .SECURITYWEEK.COM
🔥 INCIDENT REPORTING 8[−]
17 JunPanera Bread likely paid a ransom in March ransomware attackPanera Bread, an American chain of fast food restaurants, most likely paid a ransom after being hit by a ransomware attack, suggests language used an internal email sent to employees. [...]BLEEPINGCOMPUTER.COM
17 JunKeytronic Says Personal Information Stolen in Ransomware AttackKeytronic confirms that personal information was compromised after a ransomware group leaked allegedly stolen data. The post Keytronic Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
17 JunInsurance Company Globe Life Investigating Data BreachUS insurance company Globe Life is investigating a data breach involving unauthorized access to consumer and policyholder information. The post Insurance Company Globe Life Investigating Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
17 Jun200,000 Impacted by Data Breach at Los Angeles County Public Health AgencyThe LA County’s Department of Public Health says the personal information of 200,000 was compromised in a data breach. The post 200,000 Impacted by Data Breach at Los Angeles County Public Health Agency appeared first on SecurityWeek .SECURITYWEEK.COM
17 JunHunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in GermanyThe notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric’s systems in Germany. The announcement was made via a post on the social media platform Twitter by the account MonThreat, which is known for tracking cyber threat…GBHACKERS.COM
17 JunA new fear for CSOs: The sky is fallingAs if CSOs didn’t have enough to worry about, how about upwards of four million more ways that cybercriminals could affect businesses — and society in general — through attacks on spacecraft and the infrastructure that develops, launches, and supports them? That’s what a new stud…CSOONLINE.COM
17 JunHamas Hackers Sling Stealthy Spyware Across Egypt, Palestinesubmitted by kid to cybersecurity 6 points | 2 comments https://www.darkreading.com/cyberattacks-data-breaches/hamas-hackers-stealthy-spyware-egypt-palestineDARKREADING.COM
17 JunPreventative defense tactics in the real worldDon’t get hacked in the first place – it costs far less than dealing with the aftermath of a successful attackWELIVESECURITY.COM
🕵️ THREAT INTELLIGENCE 16[−]
17 JunHackers use F5 BIG-IP malware to stealthily steal data for yearsA group of suspected Chinese cyberespionage actors named 'Velvet Ant' are deploying custom malware on F5 BIG-IP appliances to gain a persistent connection to the internal network and steal data. [...]BLEEPINGCOMPUTER.COM
17 JunTech Leaders to Gather for AI Risk Summit at the Ritz-Carlton, Half Moon Bay June 25-26, 2024SecurityWeek’s AI Risk Summit + CISO Forum bring together business and government stakeholders to provide meaningful guidance on risk management and cybersecurity in the age of artificial intelligence. The post Tech Leaders to Gather for AI Risk Summit at the Ritz-Carlton, Half M…SECURITYWEEK.COM
17 JunAim Security Raises $18M to Secure Customers’ Implementation of AI AppsAim Security has raised a total of $28 million to date and is on a mission to help companies to implement AI products with confidence. The post Aim Security Raises $18M to Secure Customers’ Implementation of AI Apps appeared first on SecurityWeek .SECURITYWEEK.COM
17 JunUK Man Suspected of Being ‘Scattered Spider’ Leader ArrestedA British man has been arrested in Spain for allegedly being the ringleader of the notorious Scattered Spider cybercrime group. The post UK Man Suspected of Being ‘Scattered Spider’ Leader Arrested appeared first on SecurityWeek .SECURITYWEEK.COM
17 JunNigerian Faces Prison in US After BEC Fraud ConvictionNigerian national Ebuka Raphael Umeti was convicted in the US for operating a business email compromise (BEC) scheme. The post Nigerian Faces Prison in US After BEC Fraud Conviction appeared first on SecurityWeek .SECURITYWEEK.COM
17 JunChina-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 DevicesA suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an …THEHACKERNEWS.COM
17 JunNiceRAT Malware Targets South Korean Users via Cracked SoftwareThreat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport …THEHACKERNEWS.COM
17 JunNew NetSupport Campaign Delivered Through MSIX Packages, (Mon, Jun 17th)It&#;x26;#;39;s amazing to see how attackers reuse and combine known techniques to target their victims with new campaigns! Last week, I spotted some malicious MSIX packages on VT that drop a NetSupport[ 1 ] client preconfigured to phone…ISC.SANS.EDU
17 JunISC Stormcast For Monday, June 17th, 2024 https://isc.sans.edu/podcastdetail/9026, (Mon, Jun 17th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
17 JunMicrosoft and KnowBe4 Collaborate on Ribbon Phish Alert Button for OutlookIncreasing phishing attacks are a constant threat to organizations, making it crucial for users to report suspicious emails.KNOWBE4.COM
17 JunHackers Employing New Techniques To Attack Docker APIAttackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine hosts by using new binaries chkstart (remote access with payload execution), exeremo (lateral movement through SSH), and vurld (Go downloader for malware retrieval) and a…GBHACKERS.COM
17 JunFBI Arrested U.K. Hacker Linked to Scattered Spider Hacking GroupA 22-year-old British man was apprehended by authorities in Palma de Mallorca, Spain. The arrest, carried out by the United States Federal Bureau of Investigation (FBI) in collaboration with the Spanish Police, marks a breakthrough in the fight against cybercrime. According to a …GBHACKERS.COM
17 JunMeta delays launch of Meta AI in Europe over disagreement with regulatorsMeta won’t roll out its new Meta AI features in the European Union until regulators there allow it to train its large language models on local users’ data. It said it will delay its plan to train its large language models on Facebook and Instagram content from users in the Europe…CSOONLINE.COM
17 JunCSO Awards 2024 showcase world-class security strategiesFor more than a decade, the CSO Awards have recognized security projects that demonstrate outstanding thought leadership and business value. The award is an acknowledged mark of cybersecurity excellence. “From devising new threat detection methods and cyber analytics to initiativ…CSOONLINE.COM
17 JunZero Trust Is Not A SKU - Saša Zdjelar - BSW VaultCheck out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on August 9, 2022. Zero Trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on t…YOUTUBE.COM
17 JunMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 18 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions?…INFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 1[−]
17 JunFake Google Chrome errors trick you into running malicious PowerShell scriptsA new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "fixes" that install malware. [...]BLEEPINGCOMPUTER.COM
🎙️ PODCASTS 1[−]
17 JunCyber Security Today, June 17, 2024 - Microsoft faces heat in Congress, alleged cybercrook arrested, and moreThis episode reports on complaints about the proposed UN cybercrime treaty, servers used by Islamic State terrorists shut, and moreCYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 9[−]
17 JunEmpire Market owners charged for enabling $430M in dark web transactionsTwo men have been charged in a Chicago federal court for operating "Empire Market," a dark web marketplace that facilitated over $430 million in illegal transactions between February 2018 and August 2020. [...]BLEEPINGCOMPUTER.COM
17 JunAlleged Scattered Spider sim-swapper arrested in SpainA 22-year-old British national allegedly linked to the Scattered Spider hacking group and responsible for attacks on 45 U.S. companies has been arrested in Palma de Mallorca, Spain. [...]BLEEPINGCOMPUTER.COM
17 JunWhat is DevSecOps and Why is it Essential for Secure Software Delivery?Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle (either right before or after a service is deployed), the ensuing process of compiling and fixing vulnerabilitie…THEHACKERNEWS.COM
17 JunStop playing games with online security, Signal president warns EU lawmakersA controversial European Union legislative proposal to scan the private messages of citizens in a bid to detect child sexual abuse material (CSAM) is a risk to the future of web security, Meredith Whittaker warned in a public blog post Monday. She’s the president of the not…TECHCRUNCH.COM
17 JunPrivacy app maker Proton transitions to nonprofit foundation structureThe newly setup Proton Foundation will serve as the main shareholder to the existing corporate entity that is Proton AG, which will continue as a for-profit company under the auspices of the Foundation. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
17 JunVulnerabilities of ZKTeco biometric terminals | Kaspersky official blogWhat cyberthreats do biometric authentication devices pose, and how to safeguard enterprise operations from themKASPERSKY.COM