🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
18 JunVMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXiVMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 (C…THEHACKERNEWS.COM
18 JunCritical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080)submitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2024/06/18/cve-2024-37079-cve-2024-37080/HELPNETSECURITY.COM
⚠️ VULNERABILITY DISCLOSURE 26[−]
18 JunHackers Plead Guilty After Breaching Law Enforcement PortalJustice Says Sagar Steven Singh and Nicholas Ceraolo Doxed and Threatened Victims Hackers Sagar Steven Singh and Nicholas Ceraolo pleaded guilty Monday in federal court to conspiring to commit computer intrusion and aggravated identity theft after illegally accessing a nonpublic …DATABREACHTODAY.CO.UK
18 JunPolice Dismantle Asian Crime Ring Behind $25M Android FraudHackers Used Dozens of Servers to Distribute Malicious Android Apps Law enforcement authorities in Singapore, Malaysia, Hong Kong and Taiwan took down a cybercrime ring that used dozens of servers and hundreds of phishing pages across multiple jurisdictions to run a malware-enabl…DATABREACHTODAY.CO.UK
18 JunSingapore Police Extradites Malaysians Linked to Android Malware FraudThe Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023. The unnamed individuals, aged 26 and 47, engaged in scams that tricked unsuspectin…THEHACKERNEWS.COM
18 JunSingapore Police Arrested Two Individuals Involved in Hacking Android DevicesThe Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for their suspected involvement in malware-enabled scams targeting Singaporeans since June 2023. The suspects will be charged in court today. The SPF, in collaboration with the Hong Kong Police Force (HKPF) an…GBHACKERS.COM
18 JunEuropol Taken Down 13 Websites Linked to Terrorist OperationsEuropol and law enforcement agencies from ten countries have taken down 13 websites linked to terrorist operations. The joint operation, known as Operation HOPPER II, targeted online platforms used by religious and politically motivated terrorist organizations to spread propagand…GBHACKERS.COM
18 JunNew ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux SystemsMemory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data. ARM’s Memory Tagging Extension (MTE) aims to mitigate by tagging memory and checking tags on access. The following researchers found speculative execution attacks can leak…GBHACKERS.COM
18 Jun9 ways CSOs lose their jobsCSOs work hard to protect their enterprises and careers. Yet all that hard work can disappear in an instant. All that’s necessary is a little inattention, a false assumption, or perhaps following some misguided advice. Are you planning to keep your job? Then learn the following n…CSOONLINE.COM
18 JunCCSP certification: Exam, cost, requirements, training, salaryCCSP certification Certified Cloud Security Professional ( CCSP ) is a cloud-focused security certification for experienced security pros responsible for applying best practices to cloud security architecture and design. CCSP is offered by the International Information System Sec…CSOONLINE.COM
18 JunThe Annual SaaS Security Report: 2025 CISO Plans and PrioritiesSeventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alli…THEHACKERNEWS.COM
18 JunNextCloud Vulnerability: Ability to by-pass second factorsubmitted by kid to cybersecurity 3 points | 0 comments https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7cGITHUB.COM
18 JunCybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar StealerThreat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-p…THEHACKERNEWS.COM
18 JunCISA Releases One Industrial Control Systems AdvisoryCISA released one Industrial Control Systems (ICS) advisory on June 18, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-170-01 RAD Data Communications SecFlow-2 CISA encourages users and admin…CISA.GOV
18 JunTwo men guilty of breaching law enforcement portal in blackmail schemeTwo men have pleaded guilty to hacking into a federal law enforcement database to steal personal information of those they were extorting. [...]BLEEPINGCOMPUTER.COM
18 JunCISA and Partners Release Guidance for Modern Approaches to Network Access SecurityToday, CISA, in partnership with the Federal Bureau of Investigation (FBI), released guidance, Modern Approaches to Network Access Security , along with the following organizations: New Zealand’s Government Communications Security Bureau (GCSB); New Zealand’s Computer…CISA.GOV
18 JunLearning EBPF - Liz Rice - ASW VaultCheck out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revol…YOUTUBE.COM
18 JunTwo Men Plead Guilty to Hacking Law Enforcement Database for DoxingSagar Steven Singh and Nicholas Ceraolo pleaded guilty to hacking a database maintained by a US federal law enforcement agency. The post Two Men Plead Guilty to Hacking Law Enforcement Database for Doxing appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunCritical Code Execution Vulnerabilities Patched in VMware vCenter ServerSerious vulnerabilities that can allow remote code execution and privilege escalation have been patched in VMware vCenter Server. The post Critical Code Execution Vulnerabilities Patched in VMware vCenter Server appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunScattered Spider arrest in Spain unlikely to stop cybercrime groupThreat intel experts predict that the activities of the infamous Scattered Spider cybercrime group will likely continue even after the arrest of an alleged ringleader in Spain. A 22-year-old British man believed to be the ringleader of Scattered Spider was arrested in Palma de Ma…CSOONLINE.COM
18 JunScathing report on Medibank cyberattack highlights unenforced MFAA scathing report by Australia's Information Commissioner details how misconfigurations and missed alerts allowed a hacker to breach Medibank and steal data from over 9 million people. [...]BLEEPINGCOMPUTER.COM
18 JunBrazilian Entities Increasingly Targeted by Nation-State Phishing AttacksMandiant has published a report looking at cyber threats targeting Brazil, finding that more than 85% of government-backed phishing activity comes from threat actors based in China, North Korea and Russia.KNOWBE4.COM
18 JunThe Overlooked Truth: User Experience in CybersecurityWe live in a world where the term "cybersecurity" tends to make folks either shiver with anxiety or yawn with boredom. The narrative has always been about hacking, phishing , and all sorts of digital skullduggery. However, the overlooked truth is that users don't adopt best secur…KNOWBE4.COM
18 JunVMware fixes critical vCenter RCE vulnerability, patch nowVMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. [...]BLEEPINGCOMPUTER.COM
18 JunScattered Spider Pivots to SaaS Application Attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/remote-workforce/scattered-spider-pivots-saas-application-attacksDARKREADING.COM
18 JunWebinar | Balancing Security and Resources: Endpoint Least Privilege in Corporate EnvironmentsDATABREACHTODAY.CO.UK
18 JunGerman BSI Forces Microsoft to Disclose Security MeasuresCompany Publishes Information on Double Key Encryption Under Regulatory Pressure Following a legal intervention made by the German federal cybersecurity agency, Microsoft has disclosed additional information on encryption measures it adopted to secure its customer data. A new whi…DATABREACHTODAY.CO.UK
18 JunResearchers Uncover Chinese Hacking Cyberespionage CampaignChinese Threat Actor 'Velvet Ant' Evaded Detection for Years in Victim Network A Chinese threat actor used state-sponsored techniques to carry out a cyberespionage campaign targeting a major organization's networks after exploiting legacy technology to gain multiple footholds acr…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 10[−]
18 JunCISA Conducts First-Ever AI Security Incident Response DrillUS Cyber Defense Agency Developing AI Security Incident Collaboration Playbook The Cybersecurity and Infrastructure Security Agency is hosting a series of tabletop exercises through its flagship public-private collaborative while developing a new playbook for both sectors to bett…DATABREACHTODAY.CO.UK
18 JunCISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident ResponseOn June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by conducting the federal government’s inaugural tabletop exercise focused on artificial intelligence (AI) security incidents. This groundbreaking event, led by the Joint Cyber Defens…GBHACKERS.COM
18 JunCISA Releases the FY 2024 Rural Emergency Medical Communications Demonstration Project (REMCDP) Notice of Funding OpportunityCISA.GOV
18 JunChemical Firms Boost Cybersecurity Ahead of New RegulationsNew Report Finds Chemical Firms Are Investing in Cyber, Raising CISO Visibility Chemical companies have significantly boosted their cyber budgets over the past five years, according to a 2023 cyber survey published Monday, as awareness of cybersecurity vulnerabilities has steadil…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 14[−]
18 JunWhat Makes Healthcare a Prime Target for Ransomware?Rubrik's Steve Stone on Reducing Data-Related Vulnerabilities in Healthcare Healthcare organizations are particularly vulnerable to ransomware, risking significant data loss. Steve Stone, head of Rubrik’s Zero Labs, outlines why healthcare faces higher risks and how organizations…DATABREACHTODAY.CO.UK
18 JunThe Dangers of Over-Relying on Too Few Critical VendorsMany healthcare organizations have discovered major gaps in business operations preparedness - the ability to quickly rebound from major IT disruptions, such as those caused by the Change Healthcare cyberattack. Jigar Kadakia, CISO of Emory Healthcare, said it's time to come up w…DATABREACHTODAY.CO.UK
18 JunManaging Chaos in Massive Healthcare Sector CyberattacksThe chaos experienced by thousands of healthcare organizations in the wake of the massive Change Healthcare cyberattack and IT outage in February is proof that most organizations are simply unprepared for such devastating incidents, said Bryan Chnowski, deputy CISO at Nuvance Hea…DATABREACHTODAY.CO.UK
18 JunBlackbaud Settles With California for $6.75 Million Over 2020 Data BreachBlackbaud was ordered to pay $6.75 million to the California Attorney General’s Office over the 2020 data breach. The post Blackbaud Settles With California for $6.75 Million Over 2020 Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunRethinking Democracy for the Age of AIThere is a lot written about technology’s threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly s…SCHNEIER.COM
18 JunNHS Ransomware Attack: What Makes Healthcare a Prime Target for Ransomware?Rubrik's Steve Stone on Reducing Data-Related Vulnerabilities in Healthcare Healthcare organizations are particularly vulnerable to ransomware, risking significant data loss. Steve Stone, head of Rubrik’s Zero Labs, outlines why healthcare faces higher risks and how organizations…DATABREACHTODAY.CO.UK
18 JunNHS Ransomware Attack: Healthcare Industry Infrastructures Are CriticalRubrik's Steve Stone on Reducing Data-Related Vulnerabilities in Healthcare Healthcare organizations are particularly vulnerable to ransomware, risking significant data loss. Steve Stone, head of Rubrik’s Zero Labs, outlines why healthcare faces higher risks and how organizations…DATABREACHTODAY.CO.UK
18 JunMITRE Engenuity ATT&CK Evaluations for Managed Services (menuPass + ALPHV BlackCat)Our view on the latest round of the MITRE Engenuity ATT&CK Evaluations for Managed Services.SOPHOS.COM
18 JunNot Just Another 100% Score: MITRE ENGENIUTY ATT&CKThe latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable …TRENDMICRO.COM
18 JunData breach at Total Fitness exposed almost half a million people’s photos – no password requiredUK-based gym chain Total Fitness has been accused of sloppy security, following the discovery of an unsecured database containing the images of 470,000 members and staff - all accessible to anyone on the internet, no password required. Read more in my article on the Hot for Secur…BITDEFENDER.COM
18 JunCalifornia AG Slaps Blackbaud With $6.75M Fine for 2020 HackState Is Latest Regulator to Take Action Against Fundraising Software Firm Blackbaud will pay $6.75 million and improve its data security practices under a settlement with California's attorney general. The settlement is the latest between the fundraising software firm and state …DATABREACHTODAY.CO.UK
18 JunAMD investigates breach after data for sale on hacking forumAMD is investigating whether it suffered a cyberattack after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains AMD employee information, financial documents, and confidential information. [...]BLEEPINGCOMPUTER.COM
18 JunMicrosoft Defender Experts for XDR recognized in the latest MITRE Engenuity ATT&CK® Evaluation for Managed ServicesMicrosoft Defender Experts for XDR delivered excellent results during round 2 of the MITRE Engenuity ATT&CK® Evaluations for Managed Services menuPass + ALPHV BlackCat. The post Microsoft Defender Experts for XDR recognized in the latest MITRE Engenuity ATT&CK® Evaluatio…MICROSOFT.COM
🕵️ THREAT INTELLIGENCE 16[−]
18 JunISC Stormcast For Tuesday, June 18th, 2024 https://isc.sans.edu/podcastdetail/9028, (Tue, Jun 18th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
18 JunBSides Buffalo 2024 - 12 talkssubmitted by ashar to security_cpe 0 points | 0 comments https://www.bsidesbuffalo.org/wp-content/uploads/2022/03/cropped-BSides-Buffalo-Logo-KD-Twitterbanner-1.png BSides Buffalo 2024 Schedule BSides Buffalo 2024: General Track Playlist BSides Buffalo 2024: Introsec Track playli…BSIDESBUFFALO.ORG
18 JunD-Link router - Hidden Backdoorsubmitted by kid to cybersecurity 1 points | 0 comments https://www.twcert.org.tw/en/cp-139-7880-629f5-2.htmlTWCERT.ORG.TW
18 JunTotal Fitness UK leak exposes 474K members' personal pics, some of kidssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/news/totalfitness-gym-leak-exposes-members-personal-pics-some-of-kids/CYBERNEWS.COM
18 JunHuntress Lands $150M to Boost Posture, Recovery CapabilitiesSeries D Funds to Drive Posture, Recovery Plays for Endpoint, Identity for SMBs With $150 million of Series D funding led by Kleiner Perkins, Meritech Capital and Sapphire Ventures, Huntress is set to build or buy posture and recovery capabilities for endpoint and identity protec…DATABREACHTODAY.CO.UK
18 JunCyberheistNews Vol 14 #25 Microsoft and KnowBe4 Collaborate on Ribbon Phish Alert Button for OutlookKNOWBE4.COM
18 JunPalo Alto Networks Hits the Mark in MITRE Managed Services EvaluationUnit 42 MDR identified the most important details of the cyberthreat in the MITRE managed services evaluation - learn more. The post Palo Alto Networks Hits the Mark in MITRE Managed Services Evaluation appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
18 JunAs We Implement Zero Trust, Let's Not Forget About Metrics - George Finney - CSP #179Many organizations are starting today down the Zero Trust path. Zero Trust is a strategy (vs an architecture) and to prove the value of this investment, we need to start thinking about metrics to demonstrate value. Join us as we discuss some of the metric directions to consider w…YOUTUBE.COM
18 JunBack To School: Networking 101 - SWN VaultCheck out this interview from the SWN Vault, hand picked by main host Doug White! This Secure Digital Life segment was originally published on September 25, 2018. This week, Russ takes the reigns in the absence of Dr. Doug to talk about Networking 101! We are going to go back to …YOUTUBE.COM
18 JunNew BadSpace Backdoor Deployed in Drive-By AttacksThe BadSpace backdoor is being distributed via drive-by attacks involving infected websites and JavaScript downloaders. The post New BadSpace Backdoor Deployed in Drive-By Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunNon-human Identity Lifecycle Firm Entro Security Raises $18 MillionEntro’s platform is designed to bring order to the increasingly chaotic management of non-human identities. The post Non-human Identity Lifecycle Firm Entro Security Raises $18 Million appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunNew TikTag Attack Targets Arm CPU Security FeatureResearchers have targeted the MTE security feature in Arm CPUs and showed how attackers could bypass protections. The post New TikTag Attack Targets Arm CPU Security Feature appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunChinese Hackers Leveraged Legacy F5 BIG-IP Appliance for PersistenceChina-linked threat actor Velvet Ant leveraged a legacy F5 BIG-IP appliance for three-year access to a victim’s network. The post Chinese Hackers Leveraged Legacy F5 BIG-IP Appliance for Persistence appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunPerks of Independence for Synopsys' Software Integrity GroupGM Jason Schmitt on How Francisco Partners, Clearlake $2.1B Buy Will Propel Growth Synopsys' Software Integrity Group will become a standalone company under Francisco Partners and Clearlake once the $2.1 billion transaction closes. General Manager Jason Schmitt explains the signi…DATABREACHTODAY.CO.UK
18 JunIMF Touts Fiscal Policy Change, Taxes to Soften AI ImpactAgency Suggests Taxing AI-Related Carbon Emissions, Excess Profits The International Monetary Fund suggested that governments consider a fiscal approach to remedy the damages artificial intelligence has brought to the environment and the economy. The agency proposed imposing a gr…DATABREACHTODAY.CO.UK
18 Junsubmitted by BreadfruitFew1853 to cybersecurity 1 points | 0 comments @cybersecurity When I open PDF form from OpenStreetMaps, it starts dumping ‘.part’ files When I open PDF form from OpenStreetMaps, it starts dumping ‘.part’ files this PDF form from OpenStreetMaps, it starts du…SH.ITJUST.WORKS
🌐 CYBER THREAT LANDSCAPE 4[−]
18 JunNew Malware Targets Exposed Docker APIs for Cryptocurrency MiningCybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads. Included among the tools deployed is a remote access tool that's capable of downloading and exec…THEHACKERNEWS.COM
18 JunHackers can crack 59% of passwords in an hour | Kaspersky official blogAttackers can crack 45% of passwords in a minute and 59% in an hour either using a modern graphics card or by renting a cloud service for a dollar or two.KASPERSKY.COM
18 JunMultifactor Authentication Bypass: Attackers Refine TacticsPush Fatigue Attacks Succeed 5% of the Time, Surge in the Morning, Researchers Find Multifactor authentication is a must-have security defense for repelling outright credential stuffing and password spraying attacks. But no defense is foolproof. Attackers have been refining their…DATABREACHTODAY.CO.UK
📡 INFOSEC NEWS 20[−]
18 JunLive Virtual Summit | Measuring Your Data's Risk & The Cost of UnpreparednessDATABREACHTODAY.CO.UK
18 JunGetting a Firmer Grip on AI Privacy Concerns in HealthcareArtificial intelligence technologies offer tremendous promise in healthcare, but it's crucial for organizations to carefully assess the complex data privacy concerns involved with different types of AI products and deployments, said Karen Habercoss, chief privacy officer at UChic…DATABREACHTODAY.CO.UK
18 JunHow the Growing Demands of Healthcare Are Complicating RiskHealthcare is increasingly complex and interconnected, and the push to exchange more digital patient information among providers adds to the threat of busy staff falling victim to phishing and other scams that can jeopardize data, said Krista Arndt, CISO of United Musculoskeletal…DATABREACHTODAY.CO.UK
18 JunConvicted BEC scammer could face over 100 years in prisonA US court has found a Nigerian national guilty of charges related to a US $1.5 million business email compromise (BEC) scam and could face the rest of his life in prison as a consequence. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
18 JunRecovering an ECU firmware using disassembler and branchesThis blogpost explains how we recovered the firmware of a fleet-sharing Electronic Control Unit (ECU) which has been erased from a FAT memory using Capstone disassembler to locate scattered parts, to be able to reverse-engineer it.QUARKSLAB.COM
18 JunHow ShinyHunters Hackers Allegedly Pilfered Ticketmaster Data From SnowflakePACKETSTORMSECURITY.COM
18 JunUK national accused of hacking dozens of US companies arrested in SpainTechCrunch has learned that the arrested hacker is the alleged leader of the group that masterminded the Twilio hacks in 2022. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
18 JunFTC files complaint against Adobe for deceptive cancellation practicesThe Federal Trade Commission has filed a complaint in US federal court against Adobe and two executives, Maninder Sawhney and David Wadhwani, for deceptive practices related to their subscription plans. [...]BLEEPINGCOMPUTER.COM
18 JunSignal Foundation Warns Against EU's Plan to Scan Private Messages for CSAMA controversial proposal put forth by the European Union to scan users' private messages for detection child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy…THEHACKERNEWS.COM
18 JunSecurity bug allows anyone to spoof Microsoft employee emailsA researcher has found a bug that allows anyone to impersonate Microsoft corporate email accounts, making phishing attempts look credible and more likely to trick their targets. As of this writing, the bug has not been patched. To demonstrate the bug, the researcher sent an…TECHCRUNCH.COM
18 JunVideo Meta Data: DJI Drones, (Sun, Jun 16th)Many years ago, I wrote about the EXIF data in pictures taken with Smartphones. Smartphones often record extensive meta data including GPS and accelerometer data.
ISC.SANS.EDU
18 JunONNX phishing service targets Microsoft 365 accounts at financial firmsA new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments. [...]BLEEPINGCOMPUTER.COM
18 JunMicrosoft says bug causes Windows apps to display Open With dialogsMicrosoft has confirmed that Windows 10 apps will mistakenly display an "How do you want to open this file?" dialog box when attempting to right-click on the program's icon and perform a registered task. [...]BLEEPINGCOMPUTER.COM
18 JunMicrosoft says bug causes Windows 10 apps to display Open With dialogsMicrosoft has confirmed that Windows 10 apps will mistakenly display an "How do you want to open this file?" dialog box when attempting to right-click on the program's icon and perform a registered task. [...]BLEEPINGCOMPUTER.COM