🐛 COMMON VULNERABILITIES AND EXPOSURES 11[−]
27 JunCritical SQLi Vulnerability Found in Fortra FileCatalyst Workflow ApplicationA critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions…THEHACKERNEWS.COM
27 JunUpdate: MOVEit Transfer Vulnerability Targeted Amid Disclosure DramaThe non-profit cybersecurity organization, the Shadowserver Foundation, has observed exploitation attempts against CVE-2024-5806. They noted that the exploitation began soon after the vulnerability details were made public.TECHTARGET.COM
27 JunPrompt Injection Flaw in Vanna AI Exposes Databases to RCE AttacksCybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case …THEHACKERNEWS.COM
27 JunPoc Exploit Released for Fortra Filecatalyst SQL Injection VulnerabilityA Proof-of-Concept (PoC) exploit has been released for a critical SQL Injection vulnerability in Fortra FileCatalyst Workflow. This vulnerability could potentially allow attackers to modify application data. This vulnerability, CVE-2024-5276, affects all versions of Fortra FileCa…GBHACKERS.COM
27 JunCVE-2024-35260 Microsoft Dataverse Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
27 JunCVE-2024-34122 Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
27 JunCyberattackers are using more new malware, attacking critical infrastructureSecurity teams are in for an increasingly busy year as the number of attacks and the amount of new malware increase, according to BlackBerry’s latest Global Threat Intelligence Report , released Tuesday. Almost two-thirds (60%) of the attacks detected by BlackBerry cybersecurity …CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 28[−]
27 JunDo We Need Penetration Testing and Vulnerability Scanning? - Adrian Sanabria, Josh Bre... - PSW #833This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tun…YOUTUBE.COM
27 Jun7 open source security tools too good to ignoreIt has been almost 40 years since Richard Stallman wrote his manifesto defining open-source software . Since then, the computer security world has embraced his vision — at least for some software — and come to rely heavily upon it. The first tools that professionals choose are of…CSOONLINE.COM
27 JunMultiple TP-Link Omada Vulnerabilities Let Attackers Execute Remote CodeMultiple vulnerabilities have been identified in the TP-Link Omada system, a software-defined networking solution widely used by small to medium-sized businesses. These vulnerabilities, if exploited, could allow attackers to execute remote code, leading to severe security breache…GBHACKERS.COM
27 JunRussian National Indicted for Cyber Attacks on Ukraine Before 2022 InvasionA 22-year-old Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia's full-blown military invasion of Ukraine in early 2022. Amin Timovich Stigal, the defendant in ques…THEHACKERNEWS.COM
27 JunPhantom Secrets: Undetected Secrets Expose Major CorporationsMajor secrets, including cloud environment credentials, internal infrastructures, and telemetry platforms, have been found exposed on the internet due to Git-based processes and Source Code Management (SCM) platforms behavior.AQUASEC.COM
27 Jun‘Phantom’ Source Code Secrets Haunt Major OrganizationsAqua Security shows that code in repositories remains accessible even after being deleted or overwritten, continuing to leak secrets. The post ‘Phantom’ Source Code Secrets Haunt Major Organizations appeared first on SecurityWeek .SECURITYWEEK.COM
27 JunHackers Attacking Linux Cloud Servers To Gain Complete ControlMalware storage, distribution, and command and control (C2) operations are increasingly being used to leverage cloud services for recent cybersecurity threats. But, this complicates the detection process and all the prevention efforts. Security researchers at FortiGua…GBHACKERS.COM
27 JunCritical MOVEit vulnerability puts huge swaths of the Internet at severe risksubmitted by hellfire103 to cybersecurity 1 points | 1 comments https://arstechnica.com/?p=2033848ARSTECHNICA.COM
27 Jun1-Click Exploit In Kakaotalk’s Android App Allows Arbitrary Code ExecutionKakaoTalk is an Android application that is predominantly installed and used by over 100 million people. It is a widely popular application in South Korea that has payment, ride-hailing services, shopping, email etc., But the end-to-end encryption is not enabled by default on Kak…GBHACKERS.COM
27 JunNo Patches for Hospital Temperature Monitors' Critical FlawsResearchers Say Manufacturer Proges Plus Hasn't Responded to Vulnerability Findings Vulnerabilities in internet-connected temperature monitoring devices - and an accompanying desktop application - mainly used in hospitals could be exploited by hackers to exfiltrate sensitive data…DATABREACHTODAY.CO.UK
27 JunOdaseva raises $54M to secure Salesforce usersCloud services continue to be a weak point for enterprises when it comes to security, so companies providing effective solutions to address this continue to see a lot of interest in the market, both from customers and investors. In the latest example of that, Odaseva – which focu…TECHCRUNCH.COM
27 JunNovel Snowblind Malware Targets Banking Customers in Southeast AsiaSnowblind is effective on all modern Android devices and primarily targets banking apps. It avoids detection by modifying the app and exploiting the Linux kernel's seccomp feature to control the app's system calls.INFOSECURITY-MAGAZINE.COM
27 JunXeno RAT Attacking Users Via GitHub Repository And .gg DomainsThreat actors use RATs because they provide attackers with persistent access to compromised systems, enabling long-term espionage and exploitation. North Korean hackers and other actors who target the gaming community are using free malware on GitHub called XenoRAT. Hunt’s …GBHACKERS.COM
27 JunInfinidat Revolutionizes Enterprise Cyber Storage Protection to Reduce Ransomware and Malware Threat WindowsInfinidat , a leading provider of enterprise storage solutions, has introduced a new automated cyber resiliency and recovery solution that will revolutionize how enterprises can minimize the impact of ransomware and malware attacks. Infinidat’s InfiniSafe® Automated Cyber Protect…CSOONLINE.COM
27 Jun KEVCISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube VulnerabilitiesCISA on Wednesday warned that three older flaws in GeoServer, Linux kernel, and Roundcube webmail are exploited in the wild. The post CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
27 JunUS, Allies Warn of Memory Unsafety Risks in Open Source SoftwareMost critical open source software contains code written in a memory unsafe language, US, Australian, and Canadian government agencies warn. The post US, Allies Warn of Memory Unsafety Risks in Open Source Software appeared first on SecurityWeek .SECURITYWEEK.COM
27 JunPoC Exploit for Critical Fortra FileCatalyst Flaw PublishedThe vulnerability allows attackers to create administrative user accounts, modify and delete data in the application database, and potentially gain full control of vulnerable systems.HELPNETSECURITY.COM
27 JunCritical GitLab bug lets attackers run pipelines as any userA critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user. [...]BLEEPINGCOMPUTER.COM
27 JunCISA Releases Seven Industrial Control Systems AdvisoriesCISA released seven Industrial Control Systems (ICS) advisories on June 27, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-179-01 TELSAT marKoni FM Transmitter ICSA-24-179-02 SDG Technologies…CISA.GOV
27 JunToward greater transparency: Unveiling Cloud Service CVEsWelcome to the second installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we discuss our commitment to provide comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our cust…MSRC.MICROSOFT.COM
27 JunStartups scramble to assess fallout from Evolve Bank data breachFintech-friendly Evolve Bank disclosed a data breach, saying it may have impacted customers and partners. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
27 JunCybercriminals Set Sights on Digital Identities of Singapore CitizensSingapore has become the latest target for cybercriminals looking to steal digital identities and exploit them for nefarious purposes.KNOWBE4.COM
27 JunCollaborate on Shifting Left: Why 'AppSec Is a Team Sport'Developers are using more and more open-source code because they "want to move fast," said Cycode's Lotem Guy. But the speed of development and the continuous deployment that follows means security teams have to catch up to the fast-moving development life cycle.DATABREACHTODAY.CO.UK
27 JunIdentity Theft Reports Fall, But Attempts at ID Misuse RiseJames E. Lee of ITRC Discusses Key Trends Revealed in the 2023 Identity Report Fewer victims reported identity crimes in 2023, but the number of attempts to commit multiple identity crimes grew, according to the trends report released by the Identity Theft Resource Center. That m…DATABREACHTODAY.CO.UK
27 JunHack all the things, patch all the things - PSW #833Zyxl NAS devices are under attack and the exploit is pretty simple, A new UEFI vulnerability with a name that some people don't like, that time you setup a load balancer and forgot about it, I love it when there is a vulnerability in a Wifi driver, Polyfill is filling the Interne…YOUTUBE.COM
27 JunSustaining Digital Certificate Security - Entrust Certificate DistrustPosted by Chrome Root Program, Chrome Security Team The Chrome Security Team prioritizes the security and privacy of Chrome’s users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store mu…SECURITY.GOOGLEBLOG.COM
27 JunVirtual Escape; Real Reward: Introducing Google’s kvmCTFMarios Pomonis, Software Engineer Google is committed to enhancing the security of open-source technologies, especially those that make up the foundation for many of our products, like Linux and KVM. To this end we are excited to announce the launch of kvmCTF, a vulnerability rew…SECURITY.GOOGLEBLOG.COM
📋 SECURITY BULLETINS 2[−]
27 JunGitLab Security Updates Patch 14 VulnerabilitiesGitLab CE and EE updates resolve 14 vulnerabilities, including a critical- and three high-severity bugs. The post GitLab Security Updates Patch 14 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 3[−]
27 JunSecurity Analysis of the EU’s Digital WalletA group of cryptographers have analyzed the eiDAS 2.0 regulation (electronic identification and trust services) that defines the new EU Digital Identity Wallet.SCHNEIER.COM
27 JunFBI Warns of Phishing Campaign Targeting the Healthcare IndustryThe US FBI and the Department of Health and Human Services (HHS) have released a joint advisory warning of a social engineering campaign that’s targeting the healthcare industry.KNOWBE4.COM
🔥 INCIDENT REPORTING 20[−]
27 JunBSNL Data Breach Exposes Millions of Users to Fraud and Security RisksBharat Sanchar Nigam Limited (BSNL), India’s state-owned telecommunications provider, has suffered a major data breach orchestrated by a threat actor known as “kiberphant0m”. The cyberattack has compromised over 278GB of sensitive data, putting millions of users…GBHACKERS.COM
27 JunChinese Cyberspies Employ Ransomware in Attacks for DiversionCyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft. [...]BLEEPINGCOMPUTER.COM
27 JunChinese Cyberspies Employ Ransomware in Attacks for DiversionThe adoption of ransomware in cyberespionage attacks helps adversaries blur the lines between APT and cybercriminal activity, leading to potential misattribution or concealing the true nature of the operation.BLEEPINGCOMPUTER.COM
27 JunChinese State Actors Use Ransomware to Conceal Real Intentsubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/chinese-state-ransomware-conceal/INFOSECURITY-MAGAZINE.COM
27 JunEvolve Bank Data Leaked After LockBit’s ‘Federal Reserve Hack’The LockBit ransomware group claimed to have hacked the US Federal Reserve, but leaked data from an Arkansas-based bank. The post Evolve Bank Data Leaked After LockBit’s ‘Federal Reserve Hack’ appeared first on SecurityWeek .SECURITYWEEK.COM
27 JunFederal Reserve "breached" data may actually belong to Evolve Banksubmitted by kid to cybersecurity 2 points | 0 comments https://www.malwarebytes.com/blog/news/2024/06/federal-reserve-breached-data-may-actually-belong-to-evolve-bankMALWAREBYTES.COM
27 JunMicrosoft warns of novel jailbreak affecting many generative AI modelsMicrosoft is warning users of a newly discovered AI jailbreak attack that can cause a generative AI model to ignore its guardrails and return malicious or unsanctioned responses to user prompts. The direct prompt injection hack that Microsoft has named Skeleton Key, enables attac…CSOONLINE.COM
27 JunInfinidat Revolutionizes Enterprise Cyber Storage Protection to Reduce Ransomware and Malware Threat WindowsInfinidat, a leading provider of enterprise storage solutions, has introduced a new automated cyber resiliency and recovery solution that will revolutionize how enterprises can minimize the impact of ransomware and malware attacks. Infinidat’s InfiniSafe® Automated Cyber Protecti…GBHACKERS.COM
27 JunDesigned Receivable Solutions Data Breach Impacts 585,000 PeopleHealthcare services provider Designed Receivable Solutions says the number of individuals affected by a recent data breach has increased to 585,000. The post Designed Receivable Solutions Data Breach Impacts 585,000 People appeared first on SecurityWeek .SECURITYWEEK.COM
27 JunRust-Based P2PInfect Botnet Evolves with Miner and Ransomware PayloadsThe peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivat…THEHACKERNEWS.COM
27 JunTeamViewer's corporate network was breached in alleged APT hackThe remote access software company TeamViewer is warning that its corporate environment was breached in a cyberattack yesterday, with a cybersecurity firm claiming it was by an APT hacking group. [...]BLEEPINGCOMPUTER.COM
27 JunUS Announces Charges, Reward for Russian National Behind Wiper Attacks on UkraineThe US Justice Department has announced charges against Amin Stigal for conducting wiper cyberattacks on Ukraine in 2022. The post US Announces Charges, Reward for Russian National Behind Wiper Attacks on Ukraine appeared first on SecurityWeek .SECURITYWEEK.COM
27 JunBreach Roundup: Cyber Insurance Doesn't Cover Breach CostsAlso: The US Supreme Court; Polyfill; BEC Compromise for Frozen Chicken This week, cyber insurance policies fell short, the Supreme Court rejected efforts to fight disinformation, Polyfill apparently was hijacked, cybercriminals stole chicken, Levi warned of a credential stuffing…DATABREACHTODAY.CO.UK
27 JunU.S. indicts Russian GRU hacker, offers $10 million rewardThe U.S. indicted Russian national Amin Timovich Stigal for his alleged role in cyberattacks targeting Ukrainian government computer networks in an operation from the Russian foreign military intelligence agency (GRU) prior to invading the country. [...]BLEEPINGCOMPUTER.COM
27 JunCryptohack Roundup: Conviction in Home Invasions CaseAlso: $5M for Info on the Crypto Queen; Attacks on BtcTurk and CoinStats This week, crypto stealer convicted, reward for info on Crypto Queen increased, BtcTurk and CoinStats suffered cyberattacks, Lazarus blamed for Alex Lab hack, Nigeria refuted allegations of ill treatment, se…DATABREACHTODAY.CO.UK
27 JunNews Alert: Infinidat introduces advanced cyber resiliency and recovery solution for enterprisesWaltham, Mass., June 27, 2024, CyberNewsWire — Infinidat , a leading provider of enterprise storage solutions, has introduced a new automated cyber resiliency and recovery solution that will revolutionize how enterprises can minimize the impact of ransomware and malware att…LASTWATCHDOG.COM
27 JunBlack Suit ransomware gang claims attack on KADOKAWA corporationThe Black Suit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. [...]BLEEPINGCOMPUTER.COM
27 JunBlackSuit ransomware gang claims attack on KADOKAWA corporationThe BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. [...]BLEEPINGCOMPUTER.COM
27 JunFormer IT employee accessed data of over 1 million US patientsGeisinger, a prominent healthcare system in Pennsylvania, has announced a data breach involving a former employee of Nuance, an IT services provider contracted by the organization. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 20[−]
27 JunISC Stormcast For Thursday, June 27th, 2024 https://isc.sans.edu/podcastdetail/9038, (Thu, Jun 27th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
27 Junfwd:cloudsec North America 2024 - 44 videossubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/e29ca14b-d744-4de4-8a79-06a2d943d393.png fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both at…INFOSEC.PUB
27 JunGoogle Announced Chrome Enterprise Core Features for IT, Security TeamsGoogle has unveiled new features for Chrome Enterprise Core, formerly known as Chrome Browser Cloud Management. As organizations increasingly rely on cloud computing, hybrid work models, and Bring Your Device (BYOD) policies, the need for robust browser management has never been …GBHACKERS.COM
27 JunNew Medusa RAT Attacking Android Devices to Steal SMS & Screen ControlsA new variant of the Medusa malware family was discovered disguised as a “4K Sports” app, which exhibits changes in command structure and capabilities compared to previous versions. Researchers believe these changes are aimed at improving efficiency and strength…GBHACKERS.COM
27 JunICO Scams Leverage 2024 Olympics to Lure Victims, Use AI for Fake SitesIn this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO). Similar schemes have been found to use AI-generated images for their fake ICO websites.TRENDMICRO.COM
27 JunDangerous AI Workaround: 'Skeleton Key' Unlocks Malicious Contentsubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/application-security/dangerous-ai-workaround-skeleton-key-unlocks-malicious-contentDARKREADING.COM
27 JunApple AirPods Bug Allows Eavesdroppingsubmitted by kid to cybersecurity 3 points | 0 comments https://www.darkreading.com/vulnerabilities-threats/apple-airpods-bug-allows-eavesdroppingDARKREADING.COM
27 JunGoogle TAG details nightmare whack-a-mole with Dragonbridge disinfo groupsubmitted by kid to cybersecurity 2 points | 0 comments https://www.scmagazine.com/news/google-details-nightmare-whack-a-mole-scenario-with-dragonbridge-disinfo-campaignSCMAGAZINE.COM
27 JunResurgent malware targets Outlook and Thunderbird users but bypasses Russiasubmitted by kid to cybersecurity 3 points | 0 comments https://cybernews.com/security/malware-targets-outlook-thunderbird-bypasses-russia/CYBERNEWS.COM
27 JunGas Chromatograph Hacking Could Have Serious Impact: Security FirmCritical vulnerabilities have been found in an Emerson gas chromatograph and Claroty warns that attacks could have a serious impact. The post Gas Chromatograph Hacking Could Have Serious Impact: Security Firm appeared first on SecurityWeek .SECURITYWEEK.COM
27 JunPalo Alto Networks Cybersecurity Academy Supports Future Cyber LeadersPalo Alto Networks Cybersecurity Academy's hardware and education teach students to fortify defenses, respond to customers, maintain cyberthreat services. The post Palo Alto Networks Cybersecurity Academy Supports Future Cyber Leaders appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
27 JunCloudflare's recent blog regarding polyfill shows that Cloudflare never authorized Polyfill to use their name in their productsubmitted by kryllic to security 1 points | 0 comments https://blog.cloudflare.com/automatically-replacing-polyfill-io-links-with-cloudflares-mirror-for-a-safer-internet Contrary to what is stated on the polyfill.io website, Cloudflare has never recommended the polyfill.io servic…CLOUDFLARE.COM
27 JunInside the Mind of a CISO: Survey and AnalysisInside the Mind of a CISO 2024 is a survey of 209 security leaders to understand the thinking and operational methods and motivations of CISOs. The post Inside the Mind of a CISO: Survey and Analysis appeared first on SecurityWeek .SECURITYWEEK.COM
27 JunRussian Indicted for Wiper Malware Campaign Against UkraineUS Critical Infrastructure, NATO Also Targeted by Russian Threat Actors, Feds Say The U.S. government charged Russian civilian Amin Stigal with assisting Moscow's GRU military intelligence unit in its use of WhisperGate malware against Ukraine beginning in the weeks leading up to…DATABREACHTODAY.CO.UK
27 JunPrecision AI — Revolutionizing Cybersecurity with Our Latest CampaignKeanu Reeves and director David Leitch's expertise and personal involvement demonstrate cybersecurity’s struggle, showing why Precision AI is the solution. The post Precision AI — Revolutionizing Cybersecurity with Our Latest Campaign appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
27 JunRussian Threat Actor Launches Spear Phishing Attacks Against French DiplomatsFrance’s cybersecurity agency ANSSI has issued an alert outlining a Russian spear phishing campaign targeting French diplomats, the Record reports. The agency attributes the campaign to “Nobelium,” a threat actor tied to Russia’s Foreign Intelligence Service (the SVR).KNOWBE4.COM
27 JunFBI, HHS Warn Health Sector of Payment Diversion SchemesScammers Use Social Engineering and Phishing to Fool Workers and IT Help Desk Staff Federal authorities warn of social engineering and phishing scams - sometimes targeting IT help desk workers - that allow attackers to steal login credentials and access healthcare sector entities…DATABREACHTODAY.CO.UK
27 JunNew Unfurling Hemlock threat actor floods systems with malwareA threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files. [...]BLEEPINGCOMPUTER.COM
27 JunChatbots Will Break Guardrails If the Info Is 'Educational'Microsoft Dubs the Technique 'Skeleton Key' Artificial intelligence researchers say they came up with a new way to trick chatbots into circumventing safeguards and dispensing information that otherwise goes against their programming. They tell the bots that the information is for…DATABREACHTODAY.CO.UK
27 JunPalo Alto Networks, Cisco Dominate OT Defense Forrester WavePalo Alto Reaches OT Leaderboard While Claroty, Tenable Fall to Strong Performer Cisco remained atop Forrester's OT security rankings, Palo Alto Networks climbed into the leader space, and Claroty and Tenable fell to strong performer. The transition from a network-centric to an a…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 5[−]
27 JunCloudflare: We never authorized polyfill.io to use our nameCloudflare, a lead provider of content delivery network (CDN) services, cloud security, and DDoS protection has warned that it has not authorized the use of its name or logo on the Polyfill.io website, which has recently been caught injecting malware on more than 100,000 websites…BLEEPINGCOMPUTER.COM
27 JunKorean Telco Allegedly Infected Around 600,000 P2P Users with MalwareSouth Korean telco KT has been accused of purposely infecting customers with malware as a result of excessive use of peer-to-peer (P2P) downloading tools. Around 600,000 users of online storage services have reportedly been affected.THEREGISTER.COM
27 JunMalicious NPM Package Targets AWS Users to Deploy BackdoorReversingLabs researchers discovered a suspicious package on npm called legacyreact-aws-s3-typescript. They found that the package contained a post-install script that downloaded and executed a simple backdoor.REVERSINGLABS.COM
27 JunESET Threat Report H1 2024A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research expertsWELIVESECURITY.COM
📡 INFOSEC NEWS 14[−]
27 JunCritical ADOdb Vulnerabilities Fixed in UbuntuThese vulnerabilities include SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses. Ubuntu has released updates for various versions, including Ubuntu 22.04 LTS, 20.04 LTS, 18.04 ESM, and 16.04 ESM.TUXCARE.COM
27 JunUS charges four FIN9-linked hackers after $71 million cybercrime spreeFour alleged members of the FIN9 cybercrime gang have been charged in relation to a series of hacks that caused over US $71 million of losses for companies across the United States. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
27 JunMeta AI plans to use the personal data of its users to train generative AI | Kaspersky official blogMeta intends to utilize user data to train its generative AI.KASPERSKY.COM
27 JunHow to Use Python to Build Secure Blockchain ApplicationsDid you know it’s now possible to build blockchain applications, known also as decentralized applications (or “dApps” for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now. …THEHACKERNEWS.COM
27 JunPolyfill claims it has been 'defamed', returns after domain shut downThe owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as researchers exposed it was delivering malicious code on upwards of 100,000 websites.. The Polyfill service claims that it has been "maliciously defamed" and bee…BLEEPINGCOMPUTER.COM
27 JunPortSwigger, the company behind the Burp Suite of security testing tools, swallows $112MSometimes the most successful startup ideas come from people building tools to solve their own needs. Such was the case with Dafydd Stuttard, a security expert who goes by Daf. Nearly two decades ago, living in the small market town of Knutsford in Cheshire in the northwest…TECHCRUNCH.COM
27 JunThe Secrets of Hidden AI Training on Your DataWhile some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing's research indicates that an astounding 99.7% of organizations utilize applications embedded with AI functionalities. These AI-driven tools ar…THEHACKERNEWS.COM
27 JunWhen Consolidation is Out of Reach: Common Roadblocks When Simplifying Your IT StackDATABREACHTODAY.CO.UK
27 JunDownload our endpoint detection and response (EDR) buyer’s guideFrom the editors of CSO, this enterprise buyer’s guide helps security IT staff understand what endpoint detection and response (EDR) tools can do for their organizations and how to choose the right solution.US.RESOURCES.CSOONLINE.COM
27 JunMicrosoft pulls Windows 11 KB5039302 update causing reboot loopsMicrosoft pulled the June Windows 11 KB5039302 update after finding that it causes some devices to restart repeatedly. [...]BLEEPINGCOMPUTER.COM