🐛 COMMON VULNERABILITIES AND EXPOSURES 11[−]
11 JulGitLab Patches Critical Flaw Allowing Unauthorized Pipeline JobsGitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user. Tracked as CVE-2024-6385, the vulnerability carries a CVSS score of 9.6 out of…THEHACKERNEWS.COM
11 JulPHP Vulnerability Exploited to Spread Malware and Launch DDoS AttacksMultiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets. The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows…THEHACKERNEWS.COM
11 JulVMware Fixed Critical SQL Injection Flaw in Aria Automation PlatformVMware has fixed a high-severity SQL-Injection vulnerability, known as CVE-2024-22280, in its Aria Automation platform. This flaw could allow authenticated users to execute unauthorized database operations through specially crafted SQL queries.SECURITYAFFAIRS.COM
11 JulCitrix Fixed Critical and High-Severity Bugs in NetScaler ProductThe most severe flaw is an improper authorization issue (CVE-2024-6235) with a CVSS score of 9.4, allowing attackers to access sensitive information through the NetScaler Console IP.SECURITYAFFAIRS.COM
11 JulA new flaw in OpenSSH can lead to remote code executionsubmitted by kid to cybersecurity 1 points | 0 comments https://securityaffairs.com/165535/hacking/openssh-flaw-cve-2024-6409.htmlSECURITYAFFAIRS.COM
11 JulMicrosoft Outlook Faced Critical Zero-Click RCE VulnerabilitySecurity researchers have found a critical vulnerability, CVE-2024-38021, impacting Microsoft Outlook. This zero-click remote code execution flaw, now fixed by Microsoft, allowed unauthorized access without authentication.INFOSECURITY-MAGAZINE.COM
11 JulPalo Alto Networks Patches Critical Flaw in Expedition Migration ToolPalo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing au…THEHACKERNEWS.COM
11 JulMicrosoft Outlook Faced Critical Zero-Click RCE Vulnerabilitysubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/microsoft-outlook-zero-click-rce/ Morphisec, who discovered the flaw and published an advisory about it on July 9, has urged Microsoft to reclassify the vulnerability as “Critical” …INFOSECURITY-MAGAZINE.COM
11 JulAnnouncing the CVRF API 3.0 upgradeAt the Microsoft Security Response Center, we are committed to continuously improving the security and performance of our services to meet the evolving needs of our customers. We are excited to announce the rollout of the latest version of our Common Vulnerability Reporting (CVRF…MSRC.MICROSOFT.COM
11 JulRansomware attackers exploit year-old backup vulnerabilitySecurity intelligence firm Group-IB reports that attackers from a recently created ransomware group – EstateRansomware – exploited a year old vulnerability ( CVE-2023-27532 ) in backup software from Veeam as part of a complex attack chain. Anatomy of an attack EstateRansomware ex…CSOONLINE.COM
11 JulAnnouncing the CVRF API 3.0 upgradeAt the Microsoft Security Response Center, we are committed to continuously improving the security and performance of our services to meet the evolving needs of our customers. We are excited to announce the rollout of the latest version of our Common Vulnerability Reporting (CVRF…MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 39[−]
11 JulAttackers Have Been Leveraging Microsoft Zero-Day for 18 Monthssubmitted by kinther to securitynews 1 points | 0 comments https://www.darkreading.com/application-security/attackers-have-been-leveraging-microsoft-zero-day-for-18-monthsINFOSEC.PUB
11 JulApple alerts iPhone users in 98 countries to mercenary spyware attacksApple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It’s the second such alert campaign from the company this year, following a similar notification sent to users in 92 nations in Apr…TECHCRUNCH.COM
11 JulThreat actors exploited Windows 0-day for more than a year before Microsoft fixed itsubmitted by Alphane_Moon to cybersecurity 1 points | 0 comments https://arstechnica.com/security/2024/07/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it/ARSTECHNICA.COM
11 JulTop 10 Active Directory Management Tools – 2024Active Directory Management Tools are essential for IT administrators to manage and secure Active Directory (AD) environments efficiently. These tools streamline tasks such as user and group management, permissions assignment, and policy enforcement, ensuring the AD infrastructur…GBHACKERS.COM
11 JulJapanese Space Agency Spotted zero-day via Microsoft 365 ServicesThe Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that occurred last year, involving unauthorized access to its internal servers. The breach, detected in October 2023, has prompted JAXA to implement robust countermeasures to prevent fu…GBHACKERS.COM
11 JulUniversal Code Execution by Chaining Messages in Browser ExtensionsCybersecurity analyst Eugene Lim discovered the risk posed by this vulnerability, which hackers can exploit by chaining messaging APIs in browsers and extensions, bypassing security measures like the Same Origin Policy.SPACERACCOON.DEV
11 Jul6 tips for consolidating your IT security tool setOrganizations have been on a spending spree when it comes to cybersecurity tools and services, as they look for ways to defend themselves against an ever-growing array of threats. This means many CISOs, CSOs, and other senior executives might be encountering tool sprawl. It’s esp…CSOONLINE.COM
11 JulPython GitHub token leak shows binary files can burn developers tooA personal GitHub access token with administrative privileges to the official repositories for the Python programming language and the Python Package Index (PyPI) was exposed for over a year. The access token belonged to the Python Software Foundation’s director of infrastructure…CSOONLINE.COM
11 JulDiversifying Cyber Teams to Tackle Complex ThreatsA diverse workforce brings different perspectives, experiences, and problem-solving approaches to the table, enabling teams to identify vulnerabilities and develop more robust defense strategies.HELPNETSECURITY.COM
11 JulNew Poco RAT Targets Spanish-Speaking Victims in Phishing CampaignSpanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called Poco RAT since at least February 2024. The attacks primarily single out mining, manufacturing, hospitality, and utilities sectors, according to cybersecurit…THEHACKERNEWS.COM
11 JulNew Malware Campaign Targeting Spanish Language Victims and the Mining SectorPoco RAT was first categorized on February 7, 2024, and has since targeted customers in multiple sectors, with Mining being the primary focus. One company was the most targeted, responsible for 67% of the total volume of campaigns.COFENSE.COM
11 JulPalo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition ToolPalo Alto Networks patched a critical vulnerability in its Expedition tool and addressed the impact of the recently disclosed BlastRADIUS vulnerability. The post Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition Tool appeared first on Securi…SECURITYWEEK.COM
11 JulStreamlined Security Solutions: PAM for Small to Medium-sized BusinessesToday, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent targets due to their substantial resources, sensitive data, and regulatory responsibilities, whereas smaller entities often underestimat…THEHACKERNEWS.COM
11 JulCISA, FBI Urge Immediate Action on OS Command Injection Vulnerabilities in Network DevicesIn response to recent intrusions, CISA and the FBI are urging businesses and device manufacturers to eliminate OS command injection vulnerabilities at the source. The post CISA, FBI Urge Immediate Action on OS Command Injection Vulnerabilities in Network Devices appeared first on…SECURITYWEEK.COM
11 JulHackers steal data of 200k Lulu customers in an alleged breachLulu Hypermarket, a prominent retail chain headquartered in Abu Dhabi, UAE, has allegedly experienced a significant data breach involving the personal details of at least 196,000 customers. The IntelBroker hackers have claimed responsibility for this attack, initially leaking the…CSOONLINE.COM
11 JulJapanese space agency spots unspecified zero-day attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.theregister.com/2024/07/11/jaxa_m365_zeroday_attacks/THEREGISTER.COM
11 JulApple Inc issues warning against Mercenary Spyware Cyber Attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.cybersecurity-insiders.com/apple-inc-issued-warning-against-mercenary-spyware-cyber-attacks/?CYBERSECURITY-INSIDERS.COM
11 JulCritical GitLab Bug Lets Attackers Run Pipelines as Other UsersThe vulnerability impacts all GitLab CE/EE versions from 15.8 to 16.11.6, 17.0 to 17.0.4, and 17.1 to 17.1.2. Under certain circumstances that GitLab has yet to disclose, attackers can exploit it to trigger a new pipeline as an arbitrary user.BLEEPINGCOMPUTER.COM
11 JulBunkerWeb: Open-Source Web Application Firewall (WAF)The genesis of BunkerWeb came from the need to apply security practices manually every time a web application was put online. The solution meets global needs with a modular architecture allowing for extensions.HELPNETSECURITY.COM
11 JulThreat Actors Exploited Windows 0-Day For More Than A Year Before Microsoft Fixed ItPACKETSTORMSECURITY.COM
11 JulJapanese Space Agency Spotted Zero-Day Attacks While Cleaning Up Attack On M365PACKETSTORMSECURITY.COM
11 Jul‘CrystalRay’ Expands Arsenal, Hits 1,500 Targets with SSH-Snake and Open Source ToolsA threat actor tracked as CrystalRay has hit 1,500 victims since February, stealing credentials and deploying backdoors. The post ‘CrystalRay’ Expands Arsenal, Hits 1,500 Targets with SSH-Snake and Open Source Tools appeared first on SecurityWeek .SECURITYWEEK.COM
11 JulGitLab Ships Update for Critical Pipeline Execution VulnerabilityGitLab issues an advisory for a critical-severity vulnerability that allows an attacker to trigger a pipeline as another user. The post GitLab Ships Update for Critical Pipeline Execution Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
11 JulApple Is Alerting iPhone Users of Spyware AttacksNot a lot of details : Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It’s the second such alert campaign from the company this year, following a similar notification sent to use…SCHNEIER.COM
11 JulCRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake toolA new threat actor known as CRYSTALRAY has significantly broadened its targeting scope with new tactics and exploits, now counting over 1,500 victims whose credentials were stolen and cryptominers deployed. [...]BLEEPINGCOMPUTER.COM
11 JulCISA Releases Twenty-one Industrial Control Systems AdvisoriesCISA released twenty-one Industrial Control Systems (ICS) advisories on July 11, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-193-01 Siemens Remote Connect Server ICSA-24-193-02 Siemens RUG…CISA.GOV
11 Jul🚨 Hidden Risks in Your Devices! 🛠️ | Casey Ellis on Supply Chain SecurityIn this episode of "Below the Surface," Casey Ellis dives deep into the complexities of supply chain security. Discover the hidden vulnerabilities in volatile memory components and how they could be exploited for attacks. Don't miss this insightful conversation on securing our de…YOUTUBE.COM
11 JulRFID hacking - Iceman - PSW #834Iceman comes on the show to talk about RFID and NFC hacking including the tools, techniques, and hardware. We'll also talk about the ethics behind the disclosure of vulnerabilities and weaknesses in these systems that are used in everything from building access to cars. Segment R…YOUTUBE.COM
11 JulGoogle increases bug bounty rewards five times, up to $151KGoogle has announced a fivefold increase in payouts for bugs found in its systems and applications reported through its Vulnerability Reward Program, with a new maximum bounty of $151,515 for a single security flaw. [...]BLEEPINGCOMPUTER.COM
11 JulJapan aerospace agency provides details of October data breachThe Japan Aerospace Exploration Agency (JAXA) has updated details about its October 2023 data breach and has confirmed that those attacking JAXA leveraged VPN and Microsoft 365 security holes. But the update noted that the attackers had “used multiple unknown malwares, making it …CSOONLINE.COM
11 JulMultiple Threat Actors Moving Quickly to Exploit PHP FlawEasily Exploited Vulnerability Becomes Major Target for Malware Campaigns, Botnets Multiple threat actors began exploiting a critical vulnerability in PHP within a day of its public disclosure last month and are moving quickly to infect systems with malware, according to a report…DATABREACHTODAY.CO.UK
11 JulAnton’s Security Blog Quarterly Q2 2024Amazingly, Medium has fixed their stats (so not all is lost) so my blog quarterly is back to life. As before , this covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast ( subscribe ). Top 7 posts with the most lifetime views (excludin…MEDIUM.COM
11 JulBreach Roundup: Microsoft Patches Zero-Day Active Since 2023Also: Europol Decries Mobile Encryption; FBCS Breach Victim Count Grows This week, Microsoft and Adobe released patches, Europol pushed back against mobile encryption, Japan warned of Kimsuky attacks, the FBCS breach victim count grew, and a fraud campaign offered fake tickets to…DATABREACHTODAY.CO.UK
11 JulExperts: Federal Privacy Law Needed to Curb AI Data MisuseNew Bill Would Create Data Minimization Measures, Express Permission Requirements Experts warned in congressional testimony to the Senate Commerce Committee on Thursday that the absence of a comprehensive privacy bill in the United States is hindering economic competition for tec…DATABREACHTODAY.CO.UK
11 JulCisco Talos analyzes attack chains, network ransomware tacticsAs ransomware continues to be the scourge of enterprise security teams, Cisco’s Talos security intelligence group recently analyzed ransomware groups to identify common techniques and offer recommendations to help security team better protect their businesses. Cisco Talos reviewe…NETWORKWORLD.COM
11 JulPhishing Attacks Against State and Local Governments Are SurgingResearchers at Abnormal Security have observed a 360% increase in phishing attacks against state and local government entities over the past year.KNOWBE4.COM
11 JulRansomware Attacks on Healthcare Is Costing LivesRansomware is more prolific and expensive than ever. Depending on the source you read, the average or median ransomware payment was at least several hundred thousand dollars to well over several million in 2023. Marsh, a leader in cybersecurity insurance, wrote that its customers…KNOWBE4.COM
📢 SECURITY ADVISORIES 5[−]
11 JulCISA Releases Advisory Detailing Red Team Activity During Assessment of US FCEB Organization, Highlighting Necessity of Defense-in-DepthToday, CISA released CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth in coordination with the assessed organization. This Cybersecurity Advisory (CSA) details key findings and lessons learned from a …CISA.GOV
🔥 INCIDENT REPORTING 12[−]
11 JulRansomware Groups Prioritize Defense Evasion for Data Exfiltrationsubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/ransomware-defense-evasion-data/INFOSECURITY-MAGAZINE.COM
11 JulFujitsu blames malware that's 'not ransomware' for attacksubmitted by kid to cybersecurity 1 points | 1 comments https://www.theregister.com/2024/07/10/fujitsu_malware_attack/THEREGISTER.COM
11 JulAdvance Auto Parts data breach impacts 2.3 million peopleAdvance Auto Parts is sending data breach notifications to over 2.3 million people whose personal data was stolen in recent Snowflake data theft attacks. [...]BLEEPINGCOMPUTER.COM
11 JulCryptohack Roundup: Huione GuaranteeAlso: FTX and Mt. Gox Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, Elliptic alleged that Huione Guarantee is laundering money, the sentencing dates of former FTX executives were revealed, a Paxful co-founder pleaded guilty, and Mt. Gox started …DATABREACHTODAY.CO.UK
11 JulDallas County: Data of 200,000 exposed in 2023 ransomware attackDallas County is notifying over 200,000 people that the Play ransomware attack, which occurred in October 2023, exposed their personal data to cybercriminals. [...]BLEEPINGCOMPUTER.COM
11 JulThe State of Ransomware in Education 2024600 IT/cybersecurity leaders share their ransomware experiences, revealing the realities facing education providers today.SOPHOS.COM
11 JulMillions of mSpy spyware customers exposed by huge data breachA data breach at the phone surveillance operation mSpy has exposed millions of its customers who bought access to the phone spyware app over the past decade, as well as the Ukrainian company behind it. Unknown attackers stole millions of customer support tickets, including person…TECHCRUNCH.COM
11 JulMajor Health Data Breaches: How Are Trends Shifting in 2024?Midyear Analysis of HHS OCR 'Wall of Shame' Shows Hacks, Vendor Breaches Top List Hacks and vendor incidents continue to dominate major health data breach trends in 2024, but a handful of large incidents involving "unauthorized access or disclosure" also top the list of major hea…DATABREACHTODAY.CO.UK
11 JulCDK breach compromises customer data from 15,000 car dealersIn late June, more than 15,000 car dealerships across North America were affected by a cyberattack on CDK Global, which provides software to car dealers. After two cyberattacks over two days, CDK shut down all systems, which caused delays for car buyers and disruptions for the de…SECURITYINTELLIGENCE.COM
11 JulARRL finally confirms ransomware gang stole data in cyberattackThe American Radio Relay League (ARRL) finally confirmed that some of its employees' data was stolen in a May ransomware attack initially described as a "serious incident." [...]BLEEPINGCOMPUTER.COM
11 JulAn In-Depth Look at Crypto-Crime in 2023 Part 2In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise…TRENDMICRO.COM
11 JulmSpy (2024) - 2,394,179 breached accountsIn June 2024, a huge trove of data from spyware maker mSpy was obtained by hacktivists and published online . Comprising of 142GB of user data and support tickets along with 176GB of more than half a million attachments, the data contained 2.4M unique email addresses, IP addresse…HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 9[−]
11 JulISC Stormcast For Thursday, July 11th, 2024 https://isc.sans.edu/podcastdetail/9048, (Thu, Jul 11th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
11 JulGUEST ESSAY: How cybercriminals are using ‘infostealers’ to sidestep passwordless authenticationPasswords have been the cornerstone of basic cybersecurity hygiene for decades. Related: Passwordless workpace long way off However, as users engage with more applications across multiple devices, the digital security landscape is shifting from passwords and password managers tow…LASTWATCHDOG.COM
11 JulHackers Created 700+ Fake Domains to Sell Olympic Games TicketsAs the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has emerged, targeting fans and attendees. Cybersecurity firm QuoIntelligence has uncovered a sophisticated fraudulent campaign involving over 700 fake domains designed to sell counterfeit ticke…GBHACKERS.COM
11 JulChinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalkThe China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk. The new variant of StealthVector – which is a…THEHACKERNEWS.COM
11 Jul39% of MSPs report major setbacks when adapting to advanced security technologiesSOPHOS, a leading global provider of managed security solutions, has recently released its annual MSP Perspectives report for 2024. This most recent report provides insights from 350 different managed service providers (MSPs) across the United States, United Kingdom, Germany and …SECURITYINTELLIGENCE.COM
11 Jul60 New Malicious Packages Uncovered in NuGet Supply Chain AttackThreat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290…THEHACKERNEWS.COM
11 JulTracebit Raises $5 Million for Threat Deception SolutionLondon startup Tracebit has raised $5 million in seed funding for its cloud-native threat detection and deception solution. The post Tracebit Raises $5 Million for Threat Deception Solution appeared first on SecurityWeek .SECURITYWEEK.COM
11 JulSO-Con Spectre Ops 2024submitted by ashar to security_cpe 0 points | 0 comments Explore new approaches, tools, and techniques to combat identity-based attack paths. Discover the latest trends, research from frontline practitioners, case studies and firsthand experiences Schedule PlaylistINFOSEC.PUB
11 JulSimplified Zero Trust security with the Microsoft Entra Suite and unified security operations platform, now generally availableMicrosoft is announcing the Microsoft Entra Suite and the unified security operations platform, two innovations that simplify the implementation of your Zero Trust security strategy. The post Simplified Zero Trust security with the Microsoft Entra Suite and unified security opera…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
11 JulDarkGate: Dancing the Samba With Alluring Excel FilesCampaigns distributing DarkGate malware use various methods like email attachments and malicious ads. A campaign in March-April 2024 used Samba file shares hosting malicious files for DarkGate infections.UNIT42.PALOALTONETWORKS.COM
11 JulRisk Escalates as Communication Channels ProliferateA survey by data security company Kiteworks reveals that around 60% of organizations struggle to track their information once it leaves through communication channels like email.CYBERSECURITYDIVE.COM
11 JulViperSoftX Info-Stealing Malware Being Distributed Through Fake EbooksOriginally detected in 2020, the ViperSoftX malware now incorporates more sophisticated evasion tactics by using the Common Language Runtime (CLR) to run PowerShell commands within AutoIt scripts distributed through pirated eBook copies.THECYBEREXPRESS.COM
🎙️ PODCASTS 1[−]
11 JulSmashing Security podcast #380: Teachers TikTok targeted, and fraud in the doctors’ waiting roomExecs at a health tech startup are sentenced to jail after a massive ad fraud, and a school is shaken after teachers are targeted via TikTok. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 15[−]
11 JulHow to set up Apple Shortcuts in VPN & Antivirus by Kaspersky for iOS | Kaspersky official blogHow to turn Kaspersky VPN on and off with Shortcuts, give voice commands to Kaspersky, and automate VPN activation.KASPERSKY.COM
11 JulSmishing Triad Targets India with Fraud SurgeWarnings have been issued in India regarding a rise in fraudulent smishing attacks, with scammers impersonating India Post to deceive people into giving personal information or clicking on malicious links.INFOSECURITY-MAGAZINE.COM
11 JulGoogle Advanced Protection Program gets passkeys for high-risk usersGoogle announced that passkeys are now available for high-risk users enrolling in the Advanced Protection Program, ensuring top-notch account security. The program offers free protection for accounts of high-risk individuals.BLEEPINGCOMPUTER.COM
11 JulHuione Guarantee Exposed as a $11 Billion Marketplace for CybercrimeHuione Guarantee, an online marketplace, is reportedly being used for money laundering, particularly in "pig butchering" investment scams. Victims are tricked into investing in fake sites with high returns.BLEEPINGCOMPUTER.COM
11 JulSingapore to Phase Out One-Time Passwords in BankingThis decision comes after a warning from the Singapore Police about phishing scams targeting bank customers. Scammers have managed to defraud individuals of over S$600,000 ($445,000) in just a few weeks.HEALTHCAREINFOSECURITY.COM
11 JulRussian Researchers Identify Alleged Ukrainian Developer of Malicious Remote Access ToolResearchers have identified the developer of a malicious remote access tool used in attacks on Russian organizations. Known as Mr. Burns, the developer has been active in darknet forums since 2010, creating harmful versions of popular tools.THERECORD.MEDIA
11 JulExposed! The AI-enhanced social media bot farm that pumped out Kremlin propaganda on TwitterThe US Justice Department, working in coordination with Canadian and Dutch authorities, has seized two domain names which it claims were being used by Russian-backed hackers to spread disinformation on social media. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
11 JulGetting From Midlevel to Specialty Niche in CybersecurityHow to Make a Plan, Continue to Learn and Leverage Your Experience The cybersecurity field offers numerous opportunities to specialize and deepen your expertise in niche areas. Here are some sophisticated niches that offer advanced career paths for midlevel professionals and some…DATABREACHTODAY.CO.UK
11 JulExein raised $15M Series B to stop robotic arms going haywireThe capital will be used to expand in Europe, the U.S. and Asia. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
11 JulMultifactor Authentication Shouldn't Be OptionalCloud Customers Should Demand More Security From Providers The theft of terabytes of Snowflake customers' data through credential stuffing hacks highlights how multifactor authentication shouldn't be optional for safeguarding accounts. Experts are calling on providers to build in…DATABREACHTODAY.CO.UK
11 JulUnderstanding SSH Honeypot Logs: Attackers Fingerprinting Honeypots, (Thu, Jul 11th)Some of the commands observed can be confusing for a novice looking at ssh honeypot logs. Sure, you have some obvious commands like "uname -a" to fingerprint the kernel. However, other commands are less intuitive and are not commands a normal user would use. I am trying to summar…ISC.SANS.EDU
11 JulSignal downplays encryption key flaw, fixes it after X dramaSignal is finally tightening its desktop client's security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018. [...]BLEEPINGCOMPUTER.COM