106Articles
10Categories
2024-07-02Date
🚨 CISA KEV 1[−]
2 Jul KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-20399 Cisco NX-OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors a…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
2 JulChinese Hackers Exploiting Cisco Switches Zero-Day to Deliver MalwareA China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an a…THEHACKERNEWS.COM
2 JulregreSSHion RCE Flaw Impacts 700K Linux SystemsThe Qualys Threat Research Unit has identified a newly discovered vulnerability in OpenSSH, dubbed “regreSSHion” (CVE-2024-6387). This critical flaw, which allows unauthenticated remote code execution (RCE) as root, affects over 700,000 Linux systems exposed to the in…GBHACKERS.COM
2 JulCisco NX-OS Zero-Day Command Injection Vulnerability Let Hackers Gain Root AccessCisco has disclosed a critical vulnerability in its widely-used NX-OS network operating system that could allow attackers to execute arbitrary commands with root privileges on affected devices. The company urges customers to upgrade to patched versions as soon as possible. The vu…GBHACKERS.COM
2 JulWater Sigbin Exploiting Oracle WebLogic Server FlawWater Sigbin (8220 Gang) exploits vulnerabilities (CVE-2017-3506, CVE-2023-21839) in Oracle WebLogic servers to deliver cryptocurrency miners using PowerShell scripts.  They use a multi-stage loading technique with a .Net Reactor protecting the payload to deploy the PureCryp…GBHACKERS.COM
2 JulChina’s ‘Velvet Ant’ Hackers Caught Exploiting New Zero-Day in Cisco DevicesThe vulnerability, known as CVE-2024-20399, affects Cisco NX-OS software used for Nexus-series switches. Sygnia discovered the vulnerability during an investigation into the threat group Velvet Ant.THERECORD.MEDIA
2 JulCVE-2024-6387 aka regreSSHion – root cause, risks, mitigationWhich systems are vulnerable to the OpenSSH CVE-2024-6387 flaw, and how can its exploitation be prevented?KASPERSKY.COM
2 JulAI agents can find and exploit known vulnerabilities, study showsResearchers at the University of Illinois gave a team of autonomous AI agents a CVE description of a vulnerability and the agents were able to autonomously find and exploit the vulnerability in a test environment in April. Two months later, the same researchers showed that those …CSOONLINE.COM
2 JulJuniper Networks Releases Security Bulletin for Junos OS: SRX SeriesJuniper Networks released a security bulletin to address a vulnerability in Junos OS: SRX Series. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition.  Users and administrators are encouraged to review the following and apply the nece…CISA.GOV
2 JulCocoaPods flaws left iOS, macOS apps open to supply-chain attackRecently patched vulnerabilities in a software dependency management tool used by developers of applications for Apple’s iOS and MacOS platforms, could have opened the door for attackers to insert malicious code into many of the most popular apps on those platforms. One particula…CSOONLINE.COM
2 Jul KEVCisco patches actively exploited zero-day flaw in Nexus switchesCisco has released patches for several series of Nexus switches to fix a vulnerability that could allow attackers to hide the execution of bash commands on the underlying operating system. Although the flaw is rated with moderate severity because it requires administrative creden…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 28[−]
2 JulAnother Critical OpenSSH Vulnerabilitysubmitted by Lanky_Pomegranate530 to cybersecurity 2 points | 0 comments https://odysee.com/another-critical-openssh-vulnerability#c4e131950c65c52a1301fdd3daa707528b7c45ddODYSEE.COM
2 JulGrasshopper Hackers Mimic As Penetration Testing Service To Deploy MalwareHackers often mimic penetration testing services to disguise their malicious activities as legitimate security assessments.  By imitating authorized security testing, attackers can exploit the trust and access typically granted to legitimate penetration testers, allowing the…GBHACKERS.COM
2 JulCisco Patches NX-OS Zero-Day Exploited by Chinese CyberspiesCisco has patched an NX-OS command injection zero-day exploited by China-linked cyberespionage group Velvet Ant. The post Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulCritical Flaw in PTC License Server Can Allow Lateral Movement in Industrial OrganizationsPTC has patched a critical vulnerability in the Creo Elements/Direct License Server that can be exploited for unauthenticated command execution. The post Critical Flaw in PTC License Server Can Allow Lateral Movement in Industrial Organizations appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulHackers Using Dropbox And Google Docs To Deliver Orcinius MalwareA new Orcinius Trojan has been discovered, employing VBA Stomping to hide its infection. The multi-stage trojan uses Dropbox and Google Docs to stay updated and deliver second-stage payloads. Typically, VBA stomping removes the VBA source code in a Microsoft Office document, leav…GBHACKERS.COM
2 Jul10 most powerful cybersecurity companies todayCISOs and other security execs often find themselves in a difficult position. Attackers are always getting better, and now they can use genAI to help craft ransomware emails or create deepfakes . At the same time, security practitioners are bombarded by vendors with an alphabet s…CSOONLINE.COM
2 JulNew Intel CPU Vulnerability 'Indirector' Exposes Sensitive DataModern CPUs from Intel, including Raptor Lake and Alder Lake, have been found vulnerable to a new side-channel attack that could be exploited to leak sensitive information from the processors. The attack, codenamed Indirector by security researchers Luyi Li, Hosein Yavarzadeh, an…THEHACKERNEWS.COM
2 JulReport: Cyber Workforce Grows 15% at Large OrganizationsLarge organizations have significantly bolstered their cybersecurity workforce in 2024, with an average of one expert dedicated to cybersecurity for every 1,086 employees in companies with over $1 billion in revenue, as per a report by Wavestone.INFOSECURITY-MAGAZINE.COM
2 JulDev Rejects CVE Severity, Makes his GitHub Repository Read-OnlyThe open source project 'ip' has been archived on GitHub due to a dubious CVE report filed against it. This is not an isolated incident, as open-source developers have seen an increase in unsubstantiated CVE reports for their projects.BLEEPINGCOMPUTER.COM
2 JulNew campaign uses malware ‘cluster bomb’ to effect maximum impactIn a newly discovered campaign, an Eastern European threat actor is found using a novel “cluster bomb” approach to package a cascading malware deployment within a single infection. Dubbed “Unfirling Hemlock,” the actor is dropping up to 10 unique malware files on the same infecte…CSOONLINE.COM
2 JulHow Hacked YouTube Channels Spread Scams and MalwareThe most common attack methods against YouTube channels involve phishing attacks to steal login credentials, exploiting weak or reused passwords, and even bypassing two-factor authentication by stealing session cookies.WELIVESECURITY.COM
2 JulGoogle to offer $250,000 for Full VM Escape Zero-day VulnerabilityGoogle has unveiled kvmCTF, a new vulnerability reward program (VRP) explicitly targeting the Kernel-based Virtual Machine (KVM) hypervisor. This initiative, first announced in October 2023, underscores Google’s commitment to enhancing the security of foundational technolog…GBHACKERS.COM
2 JulNew Orcinius Trojan Uses VBA Stomping to Mask InfectionThis multi-stage trojan utilizes Dropbox and Google Docs to update and deliver payloads. It uses the VBA stomping technique, removing the VBA source code in a Microsoft Office document, leaving only compiled p-code.SONICWALL.COM
2 JulSplunk Patches High-Severity Vulnerabilities in Enterprise ProductSplunk has patched multiple vulnerabilities in Splunk Enterprise, including high-severity remote code execution bugs. The post Splunk Patches High-Severity Vulnerabilities in Enterprise Product appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulCISA Releases Seven Industrial Control Systems AdvisoriesCISA released seven Industrial Control Systems (ICS) advisories on July 2, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-184-01 Johnson Controls Kantech Door Controllers ICSA-24-184-02 mySCA…CISA.GOV
2 JulGoogle Patches 25 Android Flaws, Including Critical Privilege Escalation BugGoogle ships an Android security update with fixes for 15 vulnerabilities, including a critical-severity flaw in Framework. The post Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulRapid7 To Acquire Attack Surface Management Startup Noetic CyberCybersecurity firm Rapid7 has announced to acquired Noetic Cyber, a startup specializing in cyber asset attack surface management (CAASM). The terms of the deal were not disclosed.CRN.COM
2 JulPatelco shuts down banking systems following ransomware attackPatelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact. [...]BLEEPINGCOMPUTER.COM
2 JulRansomware Attack on U.K. Health Service Laboratory Disrupts Major London Hospital ServicesWhat likely started as a quick ransomware “smash and grab” has turned into a headline case resulting in responses from both U.K. and U.S. law enforcement.KNOWBE4.COM
2 JulHacked Customer Support Portal Being Used to Send Phishing EmailsA hacked customer support portal belonging to router manufacturer Mercku is being used to respond to customer queries with phishing emails, BleepingComputer reports.KNOWBE4.COM
2 JulGoogle now pays $250,000 for KVM zero-day vulnerabilitiesGoogle has launched kvmCTF, a new vulnerability reward program (VRP) first announced in October 2023 to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor that comes with $250,000 bounties for full VM escape exploits. [...]BLEEPINGCOMPUTER.COM
2 JulMillions Affected by Prudential Ransomware Hack in FebruaryInsurance Giant Says Hackers Stole Data of 2.5 Million Individuals A February ransomware attack against Prudential Financial affected 2.5 million customers, the financial giant disclosed after initially calculating the totally as 36,000. In an emailed statement, Prudential said t…DATABREACHTODAY.CO.UK
2 JulUS Supreme Court ruling will likely cause cyber regulation chaosThe US Supreme Court has issued a decision that could upend all federal cybersecurity regulations, moving ultimate regulatory approval to the courts and away from regulatory agencies. A host of likely lawsuits could gut the Biden administration’s spate of cyber incident reporting…CSOONLINE.COM
2 JulFeds Hit Health Entity With $950K Fine in Ransomware AttackSettlement Is Another Signal of HHS OCR's Latest Enforcement Priority The U.S. Department of Health and Human Services has hit a Pennsylvania-based healthcare system with a $950,000 settlement for potential HIPAA violations found during an investigation into a 2017 ransomware att…DATABREACHTODAY.CO.UK
2 JulCisco Patches an Exploited Zero-Day VulnerabilityChina-Nexus Hackers Velvet Ant Exploited the Bug in April, Cisco and Sygnia Say Cisco on Monday patched a zero-day vulnerability discovered months ago that allowed a China-nexus hacker to execute arbitrary commands as root on the compromised devices. The threat group, dubbed Velv…DATABREACHTODAY.CO.UK
2 JulPasskey Redaction Attacks Subvert GitHub, Microsoft Authenticationsubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.darkreading.com/cloud-security/passkey-redaction-attacks-subvert-github-microsoft-authentication Adversary-in-the-middle attacks can strip out the passkey option from login pages that users see, leaving target…DARKREADING.COM
2 JulVulnerabilities in PanelView Plus devices could lead to remote code executionMicrosoft discovered and responsibly disclosed two vulnerabilities in Rockwell’s PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS). PanelView Plus devices are graphic term…MICROSOFT.COM
📋 SECURITY BULLETINS 1[−]
2 JulKorean ERP Vendor’s Update Systems Subverted to Spew MalwareA South Korean ERP vendor's product update server was breached by attackers who used it to distribute malware instead of legitimate updates, according to AhnLab, a local cybersecurity firm.THEREGISTER.COM
📢 SECURITY ADVISORIES 11[−]
2 JulIndustrial cyberattacks fuel surge in OT cybersecurity spendingEnterprise spending on OT cybersecurity is predicted to increase by almost 70% to $21.6 billion globally by 2028, up from $12.75 billion in 2023, driven by attacks and regulation, according to ABI Research.CYBERSECURITYDIVE.COM
2 JulIt all adds up: Pretexting in executive compromiseExecutives hold the keys to the corporate kingdom. If attackers can gain the trust of executives using layered social engineering techniques, they may be able to access sensitive corporate information such as intellectual property, financial data or administrative control logins …SECURITYINTELLIGENCE.COM
2 JulPreparing for Q-Day as NIST Nears Approval of PQC StandardsQ-Day, the day when a quantum computer can break modern encryption, is approaching rapidly, leaving our society vulnerable to cyberattacks. Recent advancements in quantum technology suggest that Q-Day is coming sooner than expected.HELPNETSECURITY.COM
🔥 INCIDENT REPORTING 15[−]
2 JulMeta's 'Pay or Consent' Approach Faces E.U. Competition Rules ScrutinyMeta's decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the social media behemoth of breaching the bloc's competition rules by forcing users to choose between seeing ads or paying to avoid them. The European C…THEHACKERNEWS.COM
2 JulTeamViewer Confirms that Russian Actors Behind the Recent HackTeamViewer has confirmed that the cyberattack on its systems was orchestrated by Russian threat actors, specifically the APT29 or Midnight Blizzard group. The attack, detected on June 26, 2024, was contained in TeamViewer’s internal corporate IT environment. Importantly, th…GBHACKERS.COM
2 JulPoland to Probe Russia-Linked Cyberattack on State News AgencyPolish prosecutors are investigating a suspected Russian attack on the country's state news agency, the Polish Press Agency (PAP). The attack, which occurred in May, aimed to spread disinformation and cause disruptions in Poland's system or economy.THERECORD.MEDIA
2 JulUpdate: Hackers Copied Employee Directory Data and Encrypted Passwords in TeamViewer IntrusionSoftware company TeamViewer has confirmed that a compromised employee account allowed hackers from a group tracked as APT29, linked to the Russian government, to breach its internal IT environment and steal encrypted passwords.THERECORD.MEDIA
2 JulHow MFA Failures are Fueling a 500% Surge in Ransomware LossesThe cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in its annual "State of Ransomware 2024" report that the average ransom payment has incr…THEHACKERNEWS.COM
2 JulEvolve Bank Shares Data Breach Details as Fintech Firms Report Being HitFintech companies Wise and Affirm are impacted by the data breach at Evolve Bank, which has shared additional details on the recent ransomware attack. The post Evolve Bank Shares Data Breach Details as Fintech Firms Report Being Hit appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulCyber-Insurance Premiums Decline as Firms Build ResilienceCyber insurance premiums have seen significant reductions in price due to improved cybersecurity measures implemented by organizations. Despite an 18% increase in ransomware incidents, premiums have decreased in 2023/24.INFOSECURITY-MAGAZINE.COM
2 JulRSAC Fireside Chat: Amplifier Security taps LLMs to help organizations foster a security cultureSecurity teams rely on an ever-growing stack of cybersecurity tools to keep their organization safe. Related: The worst year ever for breaches Yet there remains a glaring disconnect between security systems and employees. Now comes a start-up, Amplifier Security , … (more…)…LASTWATCHDOG.COM
2 JulAffirm says cardholders impacted by Evolve Bank data breachBuy now, pay later loan company Affirm is warning that holders of its payment cards had their personal information exposed due to a data breach at its third-party issuer, Evolve Bank & Trust (Evolve). [...]BLEEPINGCOMPUTER.COM
2 JulRansomware Attack Demands Reach a Staggering $5.2m in 2024According to a new analysis by Comparitech, the average ransom demand per ransomware attack in the first half of 2024 was over $5.2m (£4.1m). This was calculated from 56 known ransom demands issued by threat actors during that period.INFOSECURITY-MAGAZINE.COM
2 JulYieldstreet says some of its customers were affected by the Evolve Bank data breachEvolve, a popular financial institution for fintech startups, announced that a cyberattack affected “the data and personal information of some Evolve retail bank customers and financial technology partners’ customers.” © 2024 TechCrunch. All rights reserved. For personal use only…TECHCRUNCH.COM
2 JulNewsletter writer covering Evolve Bank’s data breach says the bank sent him a cease and desist letterThe situation around a data breach that’s affected an ever-growing number of fintech companies has gotten even weirder. Evolve Bank & Trust announced last week that it was hacked and confirmed the stolen data has been posted to the dark web. Now Evolve has sent a cease and de…TECHCRUNCH.COM
2 JulEvolve Ransomware Hack Affects Affirm and Fintech CompaniesStartups and Evolve Client Are Monitoring the Situation for Potential Fallout A ransomware attack against Evolve Bank & Trust triggered a small cascade of secondary breach notifications by current and past clients of the banking-as-a-service company. Russian-speaking ransomware-a…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 21[−]
2 Jul3 million iOS and macOS apps were exposed to potent supply-chain attackssubmitted by neme to cybersecurity 1 points | 1 comments https://arstechnica.com/security/2024/07/3-million-ios-and-macos-apps-were-exposed-to-potent-supply-chain-attacks/ARSTECHNICA.COM
2 JulAustralian Man Charged for Fake Wi-Fi Scam on Domestic FlightsAn Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data. The unnamed 42-year-old "allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal…THEHACKERNEWS.COM
2 Jul147: TornadoIn this episode, Geoff White (https://x.com/geoffwhite247) tells us what happened to Axie Infinity and Tornado cash. It’s a digital heist of epic proportions that changes everything. This story comes from part of Geoff’s book “Rinsed” which goes into the world of money laundering…DARKNETDIARIES.COM
2 JulRapid7 to Acquire Noetic Cyber to Enhance Attack Surface VisibilityRapid7, Inc., a leader in extended risk and threat detection, has announced a definitive agreement to acquire Noetic Cyber, a pioneering company in cyber asset surface management (CAASM). This strategic move aims to bolster Rapid7’s existing cybersecurity solutions by integrating…GBHACKERS.COM
2 JulNational Australia Bank Raises Alarm About Cyber Threats to Major BanksAustralia's four major banks, including ANZ Bank, Commonwealth Bank, National Australia Bank (NAB), and Westpac, are constantly under attack from threat actors seeking to steal sensitive information and money from unsuspecting customers.THECYBEREXPRESS.COM
2 JulCapraRAT Mimics As Popular Android Apps Attacking Android UsersTransparent Tribe (aka APT36) has been active since 2016, focusing on social engineering strategies to target Indian government and military personnel. The CapraTube campaign of Transparent Tribe (aka APT36) was revealed in September 2023, in which threat actors employed weaponiz…GBHACKERS.COM
2 JulPublic Surveillance of BarsThis article about an app that lets people remotely view bars to see if they’re crowded or not is filled with commentary—on both sides—about privacy and openness.SCHNEIER.COM
2 JulLatest Intel CPUs Impacted by New Indirector Side-Channel AttackResearchers at the University of California, San Diego have discovered a new type of attack called 'Indirector' that targets modern Intel processors, including those from the Raptor Lake and Alder Lake generations.BLEEPINGCOMPUTER.COM
2 JulCyberinsurance Premiums are Going Down: Here’s Why and What to ExpectThe change in premium rates is more likely to be the insurers’ correction than the insureds’ improvement in security. The post Cyberinsurance Premiums are Going Down: Here’s Why and What to Expect appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulFrom the SOC to Everyday Success: Data-Driven Life Lessons from a Security AnalystBy taking a data-driven approach to life, grounded in truth and facts, we can improve our chances of making better decisions and achieving better results. The post From the SOC to Everyday Success: Data-Driven Life Lessons from a Security Analyst appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulCritical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain AttacksEVA Information Security has shared details on three CocoaPods vulnerabilities impacting millions of macOS and iOS applications. The post Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulHackers Using Polyglot Files In the Wild, Here Comes PolyConv For DetectionPolyglot files have to fit in several file format specifications and respond differently depending on the calling program. This poses a significant risk to endpoint detection and response (EDR) systems and file uploaders, which mainly rely on format identification for analysis. B…GBHACKERS.COM
2 JulGoverning Cyber Humanely: Leveraging Wellness Techniques - Jothi Dugar - CSP #181We discuss the topic of Human Centric Cybersecurity and the importance of empowering the 'people' aspect of the People, Process, Tech framework. In this conversation we raise the importance of well-being amongst Tech and Cyber leaders and how to keep calm through the chaos to lea…YOUTUBE.COM
2 JulCONFidence 2023 Krakow - 23 videos - POLISH and ENGLISHsubmitted by ashar to security_cpe 2 points | 0 comments https://confidence-conference.org/wp-content/uploads/2023/08/confidence-logo.png CONFidence 2023 playlist CONFidence 2023 ScheduleINFOSEC.PUB
2 JulHow To Avoid Being Phished - SWN VaultCheck out this interview from the SWN Vault, hand picked by main host Doug White! This Secure Digital Life segment was originally published on March 6, 2017. Have you ever wondered what phishing is? Do you know what spear phishing attacks are? Doug and Russ explain how to protect…YOUTUBE.COM
2 JulSextortion Epidemic Targeting Teenagers Calls for Urgent ActionA few weeks ago I was privileged to visit the 8th grade of a high-school here in Cape Town and talk to the students about cybersecurity, social media, and emerging technology. It was a very rewarding experience but also an eye-opener with regards to the level of cyber awareness a…KNOWBE4.COM
2 JulError Code podcast. EP 40: Hacking IoT Surveillance Cameras For Espionage Operations - 28 minutessubmitted by ashar to security_cpe 2 points | 0 comments https://pbcdn1.podbean.com/imglogo/ep-logo/pbblog15244354/errorcodelogo_4c3bvb_300x300.png Error Code podcast. EP 40: Hacking IoT Surveillance Cameras For Espionage Operations That camera above your head might not seem like…INFOSEC.PUB
2 JulMeta, YouTube Update AI Content PoliciesMeta Changes AI Content Labelling, YouTube Updates Privacy Guidelines Meta and YouTube updated their artificial intelligence policies to address the altered content appearing on their platform. The changes come as part of industry effort to distinguish real content from fake, esp…DATABREACHTODAY.CO.UK
2 JulExperts Warn of Cyber Regulatory Chaos Post-Chevron OverturnThe Supreme Court's Chevron Ruling Brings Uncertainty for Cyber and AI Policy The U.S Supreme Court's decision to overturn a 40-year precedent known as the Chevron deference - which allowed federal cyber authorities to broadly interpret decades-old statutory authorities - will li…DATABREACHTODAY.CO.UK
2 JulMeta and YouTube Update Their AI Content PoliciesMeta Changes AI Content Labeling; YouTube Updates Privacy Guidelines Meta and YouTube updated their artificial intelligence policies to address the altered content appearing on their platforms. The changes come as part of industry efforts to distinguish real content from fake con…DATABREACHTODAY.CO.UK
2 JulRapid7 Purchases Noetic for Better Attack Surface ManagementDeal Aims to Enhance Internal and External Attack Visibility, Security Efficiency Rapid7's acquisition of Noetic Cyber aims to deliver improved attack surface management by offering comprehensive visibility into internal and external assets. The deal will aid security outcomes an…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 5[−]
2 JulSanctioned and Exposed, Predator Spyware Maker Group Has Gone Awfully QuietThe group behind the Predator spyware, Intellexa Alliance, has significantly reduced its operations, indicating that it has been impacted by recent sanctions and exposure.CYBERSCOOP.COM
2 JulCISOs Becoming More Comfortable With Risk LevelsThe cyber threats landscape has led to changes in the way CISOs evaluate their business's risk appetite, causing tensions with CEO and C-suite members, according to Netskope.HELPNETSECURITY.COM
2 JulCapraRAT Spyware Variant Disguised as Popular Apps to Target Android UsersThe recent campaign shows updates to the group's techniques and social engineering tactics, as well as efforts to maximize the spyware's compatibility with older and modern versions of the Android operating system.SILICONANGLE.COM
🎙️ PODCASTS 1[−]
2 JulThe AI Fix #5: An angry AI girlfriend, and artificial intelligence is stupidFind out why AI is stupid, what Toys "R" Us has done that's even more annoying than putting that "R" in its name, why Graham Cluley has an angry AI girlfriend, and much much more in episode five of "The AI Fix" podcastGRAHAMCLULEY.COM
📡 INFOSEC NEWS 13[−]
2 JulAuthZed Raises $12 Million to Accelerate Permissions Systems in Series A FundingThe new funding will accelerate a strategic expansion for small–to mid-market-sized organizations, providing a fully managed and easy-to-deploy permissions system that is simple to maintain for their current and future authorization needs.FINANCE.YAHOO.COM
2 JulBrighton Park Capital Invests $112 Million in PortSwigger to Fuel Innovation and Product DevelopmentThe investment will fuel PortSwigger's growth and enable the company to accelerate product development, expand research initiatives, strengthen its international presence, and continue driving innovation.FINANCE.YAHOO.COM
2 JulGoogle Thwarts Over 10,000 Attempts by Chinese Influence OperatorGoogle has revealed that it blocked over 10,000 instances of Dragon Bridge activity in the first quarter of 2024, labeling it the most prolific influence operator it tracks.INFOSECURITY-MAGAZINE.COM
2 JulIndonesia Arrests Over 100 Foreigners in Bali Suspected of Participating in CybercrimeOver a hundred foreign nationals suspected of committing cybercrimes were arrested in a villa raid on Bali. Among the arrested, 14 were Taiwanese citizens, but the identities of the others are unknown, although all held Taiwanese passports.THERECORD.MEDIA
2 JulGoogle Pixel 6 series phones bricked after factory resetMultiple owners of Google Pixel 6 series phones (6, 6a, 6 Pro) have been reporting in the past week that their devices were "bricked" after they performed a factory reset. [...]BLEEPINGCOMPUTER.COM
2 JulAustralia Warns Of Rogue Wi-Fi At AirportsPACKETSTORMSECURITY.COM
2 JulXbox is down worldwide with users unable to login, play gamesThe Xbox gaming service is currently down due to a major outage, impacting customers worldwide and preventing them from signing into their accounts and playing games. [...]BLEEPINGCOMPUTER.COM
2 JulAI in the workplace: The good, the bad, and the algorithmicWhile AI can liberate us from tedious tasks and even eliminate human error, it's crucial to remember its weaknesses and the unique capabilities that humans bring to the tableWELIVESECURITY.COM