91Articles
9Categories
2024-07-16Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
16 JulVoid Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida StealerAn advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the…THEHACKERNEWS.COM
16 JulVoid Banshee Targets Windows Users Through MSHTML Flaw to Spread Atlantida StealerThe vulnerability, CVE-2024-38112, was observed by Trend Micro in May 2024, being exploited as part of a multi-stage attack chain using internet shortcut files. The campaign has been active throughout 2024.TRENDMICRO.COM
16 JulAPT Exploits Windows Zero-Day to Execute Code via Disabled Internet ExplorerThe Void Banshee APT exploited the CVE-2024-38112 Windows zero-day to infect systems with the Atlantida stealer. The post APT Exploits Windows Zero-Day to Execute Code via Disabled Internet Explorer appeared first on SecurityWeek .SECURITYWEEK.COM
16 Jul KEVCISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks​CISA is warning that a critical GeoServer GeoTools remote code execution flaw tracked as CVE-2024-36401 is being actively exploited in attacks. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 28[−]
16 JulKaspersky Exits U.S. Market Following Commerce Department BanRussian security vendor Kaspersky has said it's exiting the U.S. market nearly a month after the Commerce Department announced a ban on the sale of its software in the country citing a national security risk. News of the closure was first reported by journalist Kim Zetter. The co…THEHACKERNEWS.COM
16 Jul KEVCISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools SoftwareThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. GeoServer is an open-source software server…THEHACKERNEWS.COM
16 JulReport: Hackers Use PoC Exploits in Attacks 22 Minutes After ReleaseThreat actors rapidly weaponize proof-of-concept exploits in real attacks, often within 22 minutes of their public release, as per Cloudflare's 2024 Application Security report covering May 2023 to March 2024.BLEEPINGCOMPUTER.COM
16 JulNew ShadowRoot Ransomware Attacking Business Via Weaponized PDF’sX-Labs identified basic ransomware targeting Turkish businesses, delivered via PDF attachments in suspicious emails from the internet[.]ru domain.  PDF links trigger exe payload downloads, which encrypt files with the “.shadowroot” extension, which is actively co…GBHACKERS.COM
16 JulRealm: Open-Source Adversary Emulation FrameworkRealm is an open-source adversary emulation framework focused on scalability, reliability, and automation. It features a custom interpreter in Rust, enabling the creation of complex TTPs as code.HELPNETSECURITY.COM
16 JulNew Poco RAT Weaponizing 7zip Files Using Google DriveThe hackers weaponize 7zip files to pass through security measures and deliver malware effectively. These archived files can hide malicious content, which makes it more difficult for antivirus programs to identify threats. In early 2024, Cofense researchers discovered a new kind …GBHACKERS.COM
16 JulWhat savvy hiring execs look for in a CISO todayFew business challenges today are greater than serving as an enterprise CISO, with its demands to deliver cybersecurity perfection in an environment that rules such possibilities out. Today’s CISO must set security policy, with almost no authority to enforce it across business un…CSOONLINE.COM
16 JulKaspersky Leaving US Following Government BanKaspersky is shutting down operations in the US and laying off employees following the recent Commerce Department ban. The post Kaspersky Leaving US Following Government Ban appeared first on SecurityWeek .SECURITYWEEK.COM
16 JulDisney suffers massive internal communications data leak after cyberattackWalt Disney’s internal communications on Slack have been leaked online, exposing sensitive details about ad campaigns, studio technology, and interview candidates, according to a Wall Street Journal report . The hacker group NullBulge claimed responsibility, stating in a blog pos…CSOONLINE.COM
16 JulAttackers Exploit URL Protections to Disguise Phishing Linkssubmitted by kid to cybersecurity 3 points | 0 comments https://www.infosecurity-magazine.com/news/attackers-exploit-url-protections/INFOSECURITY-MAGAZINE.COM
16 JulHackers Exploit Flaw in Squarespace Migration to Hijack DomainsHackers exploited a flaw to hijack cryptocurrency domains that were migrated from Google Domains to Squarespace. The post Hackers Exploit Flaw in Squarespace Migration to Hijack Domains appeared first on SecurityWeek .SECURITYWEEK.COM
16 JulCIO POV: Building resilience in a complex threat landscapeAs a CIO, I often wish for a world where the threat landscape is less expansive and complicated than it is today. Unfortunately, the reality is quite different. This month, I find myself particularly focused on the idea that our digital business would come to a grinding halt with…CSOONLINE.COM
16 JulZero-day vulnerability in Internet Explorer | Kaspersky official blogAs part of Patch Tuesday, Microsoft closed a zero-day vulnerability in Internet Explorer that had been exploited to steal passwords for 18 months.KASPERSKY.COM
16 JulAttackers Exploit URL Protections to Disguise Phishing LinksPhishing campaigns are utilizing three different URL protection services to disguise phishing URLs and trick victims into giving up their credentials. These attacks have targeted numerous companies already.INFOSECURITY-MAGAZINE.COM
16 JulMirrorFace Attacking Organizations Exploiting Vulnerabilities In Internet-Facing AssetsMirrorFace threat actors have been targeting media, political organizations, and academic institutions since 2022, shifting focus to manufacturers and research institutions in 2023.  The attack method evolved from spear phishing to exploiting vulnerabilities in external asse…GBHACKERS.COM
16 JulKaspersky to shut down US operations, lay off employees after US government banThe Russia-based security software maker said its U.S. business is "no longer viable" following a U.S. Commerce Department sales ban. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
16 JulCISO Risk Reduction: Adopting Emerging Technologies - Timothy McKnight - CSP #183With the vast number of cybersecurity solutions in the marketplace, how do you identify what fits with your company’s strategic goals, then deploy and scale in a reasonable timeframe? Hear a CISO who has built a methodology for assessing and implementing new security technologies…YOUTUBE.COM
16 JulCISA Releases One Industrial Control Systems AdvisoryCISA released one Industrial Control Systems (ICS) advisory on July 16, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-198-01 Rockwell Automation Pavilion 8 CISA encourages users and administ…CISA.GOV
16 Jul KEVOrganizations Warned of Exploited GeoServer VulnerabilityCISA says it has evidence that a recent critical-severity vulnerability in GeoServer is exploited in the wild. The post Organizations Warned of Exploited GeoServer Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
16 JulHR Firm Sacks Plan to Add AI Bots to Employee Org ChartsAfter 3-Day Backlash, Lattice Backs Off HR System Plan for 'Digital Workers' HR experts at Lattice had a vision of treating AI bots as human employees, with a place on the org chart, training, key performance metrics - and a boss. But the workforce may not be ready for that, and …DATABREACHTODAY.CO.UK
16 JulKaspersky Lab shuts down US operations in wake of national security banRussian security firm Kaspersky Lab has informed its employees in the United States that the company will begin winding down its US operations starting July 20, according to a report from Zero Day . The company’s decision comes after the US Department of Commerce chose in June to…CSOONLINE.COM
16 JulKaspersky to Shut US Business, Lay Off Remaining 50 WorkersCommerce Department Ban Is Last Straw in Yearslong Divorce of Kaspersky and the US Kaspersky will cease operations in the United States a month after the Biden administration banned the Russian cybersecurity vendor from selling software in the country. The Moscow-based firm said …DATABREACHTODAY.CO.UK
16 JulSmall but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skillsThese five formidable bits of kit that can assist cyber-defenders in spotting chinks in corporate armors and help hobbyist hackers deepen their understanding of cybersecurityWELIVESECURITY.COM
16 JulAudit of Cloud Native BuildpacksWe performed a security assessment of Cloud Native Buildpacks to help improve it, in collaboration with Open Source Technology Improvement Fund, Inc .QUARKSLAB.COM
16 JulIRS Warns of Phishing Attacks Targeting Car DealershipsThe US Internal Revenue Service (IRS) has issued an advisory warning of phishing campaigns targeting car dealerships. The IRS says car dealers should be on the lookout for targeted phishing attacks following a ransomware attack that hit a major auto sales software provider last m…KNOWBE4.COM
📋 SECURITY BULLETINS 2[−]
16 JulMicrosoft finally fixes Outlook alerts bug caused by December updatesMicrosoft has finally fixed a known Outlook issue, confirmed in February, which was triggering incorrect security alerts after installing the December security updates for Outlook Desktop. [...]BLEEPINGCOMPUTER.COM
16 Jul4-Day Security Incident Notifications: Impact on Small Businesses | Security Weekly NewsIn this episode of Security Weekly News, Josh Marpet explores the new 4-day notification requirements for security incidents and their implications for small businesses. Discover the costs involved, essential preparation strategies, and compliance tips to protect your company's d…YOUTUBE.COM
📢 SECURITY ADVISORIES 10[−]
16 JulThreat Prevention & Detection in SaaS Environments - 101Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them.  According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with …THEHACKERNEWS.COM
16 JulBill Calls for CISA, HHS Effort to Boost Health Sector CyberBipartisan Legislation Is Latest Congressional Move to Enhance Healthcare Security A bipartisan trio of U.S. senators has introduced legislation aimed at improving healthcare sector cybersecurity by directing the Department of Health and Human Services to collaborate with the Cyb…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 14[−]
16 JulRisk Related to Non-Human Identities: Believe the Hype, Reject the FUDThe hype surrounding non-human identities (NHIs) has recently increased due to the risk they pose, with breaches causing fear, uncertainty, and doubt. With NHIs outnumbering human identities, the associated risks need to be addressed.HELPNETSECURITY.COM
16 JulIranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber AttacksThe Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management (RMM) software for maintaining persistent…THEHACKERNEWS.COM
16 Jul'Trial' DDoS Attacks on French Sites Portend Greater Olympics Threatssubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/trial-ddos-attacks-on-french-sites-portend-greater-olympics-threatsDARKREADING.COM
16 JulHardBit Ransomware Version 4.0 Supports New Obfuscation TechniquesTo ensure victims cannot recover encrypted files easily, the ransomware deletes the Volume Shadow Copy Service (VSS) and makes adjustments to the boot configuration to prevent errors upon restart.SECURITYAFFAIRS.COM
16 JulAutoNation Says CDK Global Ransomware Attack Impacted EarningsCar dealership AutoNation has informed the SEC that the CDK Global ransomware attack impacted its quarterly earnings. The post AutoNation Says CDK Global Ransomware Attack Impacted Earnings appeared first on SecurityWeek .SECURITYWEEK.COM
16 JulDisney Investigating Hacker Group’s Data Theft ClaimsDisney has launched an investigation after a hacker group named NullBulge leaked data allegedly stolen from the company. The post Disney Investigating Hacker Group’s Data Theft Claims appeared first on SecurityWeek .SECURITYWEEK.COM
16 JulHardBit Ransomware Using Passphrase Protection To Evade DetectionIn 2022, HardBit Ransomware emerged as version 4.0. Unlike typical ransomware groups, this ransomware doesn’t use leak sites or double extortion. Their tactics include data theft, encryption, and ransom requests with threats of other attacks. Cybersecurity researchers at Cy…GBHACKERS.COM
16 JulShadowRoot Ransomware Targets Turkish BusinessesThe attackers target Turkish businesses with this ransomware campaign, distributing it via email addresses like Kurumsal[.]tasilat[@]internet[.]ru. The malware payload is hosted on a compromised GitHub account.SECURITYONLINE.INFO
16 JulSEXi Ransomware Rebrands as 'APT Inc.,' Retains Prior Extortion TacticsThe cybercrime group known as SEXi ransomware, now operating as APT Inc., has been targeting organizations since February. They use a leaked Babuk encryptor for VMware ESXi servers and LockBit 3 encryptor for Windows servers.DARKREADING.COM
16 JulMicrosoft links Scattered Spider hackers to Qilin ransomware attacksMicrosoft says the Scattered Spider cybercrime gang has added Qilin ransomware to its arsenal and is now using it in attacks. [...]BLEEPINGCOMPUTER.COM
16 JulRite Aid says June data breach impacts 2.2 million peopleRite Aid, the third-largest drugstore chain in the United States, says that 2.2 million customers' personal information was stolen last month in what it described as a "data security incident." [...]BLEEPINGCOMPUTER.COM
16 JulRite Aid Says Ransomware Group Stole 2.2M Customers' DataRise in RansomHub Attacks Tied to Recruitment of Affiliates Deserting Other Groups American pharmacy chain giant Rite Aid is warning 2.2 million customers that attackers obtained their personal information after impersonating one of its employees. The ransomware group RansomHub, …DATABREACHTODAY.CO.UK
16 JulSEC Fines Publicly Traded Company $2.125 Million For Negligence Before, During, and After a Ransomware AttackAccording to the filing, the organization in question failed to devise controls to adequately detect, respond to, and disclose an attack that included data exfiltration and service disruption.KNOWBE4.COM
16 JulEspionage-Intent Threat Groups Are Now Using Ransomware as a Diversion Tactic in CyberattacksA new report focused on cyber espionage actors targeting government and critical infrastructure sectors highlights the strategic use of ransomware for distraction or misattribution.KNOWBE4.COM
🕵️ THREAT INTELLIGENCE 16[−]
16 JulISC Stormcast For Tuesday, July 16th, 2024 https://isc.sans.edu/podcastdetail/9054, (Tue, Jul 16th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
16 JulHacktivist Groups Preparing for DDoS Attacks Targeting Paris OlympicsCyble Research & Intelligence Labs (CRIL) researchers have identified a cyber threat targeting the upcoming Paris Olympics. On June 23, 2024, a Russian hacktivist group known as the “People’s Cyber Army” (Народная Cyber Армия) and their allies, HackNeT, announced …GBHACKERS.COM
16 JulCISO Conversations: Frank Kim (YL Ventures) and Charles Blauner (Team8)Frank Kim and Charles Blauner are responsible for security at both their own company and for the companies in which their firms invest. The post CISO Conversations: Frank Kim (YL Ventures) and Charles Blauner (Team8) appeared first on SecurityWeek .SECURITYWEEK.COM
16 JulA 2024 Appsec Report, Preparing for the AIxCC, Secure Design and Post-Quantum Crypto - ASW #291Cloudflare's 2024 appsec report, reasoning about the Cyber Reasoning Systems for the upcoming AIxCC semifinals at DEF CON, lessons in secure design from post-quantum cryptography, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://…YOUTUBE.COM
16 JulProducing Secure Code by Leveraging AI - Stuart McClure - ASW #291How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to not only find vulns, but in producing code that fixes an underlying problem without changing an app's intended behavior. Stuart Mc…YOUTUBE.COM
16 JulEx-GitHub Engineers Raise $20M to Enhance Pen-Testing with AI-Powered XBOWA team of former GitHub engineers has secured $20 million in venture capital funding from Sequoia to build AI-powered security tools. The post Ex-GitHub Engineers Raise $20M to Enhance Pen-Testing with AI-Powered XBOW appeared first on SecurityWeek .SECURITYWEEK.COM
16 JulFacebook Ads for Windows Desktop Themes Push Info-Stealing MalwareThe threat actors take out ads for Windows themes, free game downloads, and software cracks for apps like Photoshop and Microsoft Office. These ads are shared through new or hijacked Facebook business pages.BLEEPINGCOMPUTER.COM
16 JulGoing for Gold — Cybersecurity Training for the Paris 2024 OlympicsUnit 42 Paris 2024 Cyber Vigilance Program stands as a testament to the power of proactive cybersecurity strategies in protecting global events. The post Going for Gold — Cybersecurity Training for the Paris 2024 Olympics appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
16 JulMicrosoft Purview Data Governance will be generally available September 1, 2024Microsoft Purview Data Governance will become generally available to enterprise customers on September 1, 2024. It helps today’s data leaders solve their key data governance and security challenges in one unified AI-powered and business-friendly solution. The post Microsoft Purvi…MICROSOFT.COM
16 JulEmail addresses of 15 million Trello users leaked on hacking forumA threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. [...]BLEEPINGCOMPUTER.COM
16 JulFloppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet and more... - SWN #398Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet, and more are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-398YOUTUBE.COM
16 JulPresenting our DIY Dead Man Switch @ DEF CON 32submitted by buskill to security 1 points | 0 comments https://www.buskill.in/defcon32/ We’re happy to announce that BusKill is presenting at DEF CON 32 . What: Open Hardware Design for BusKill Cord When: 2024-08-10 12:00 - 13:45 Where: W303 – Third Floor – LVCC West Hall BusKill…BUSKILL.IN
16 JulIt’s never been easier for the cops to break into your phonesubmitted by return2ozma to cybersecurity 1 points | 1 comments https://www.theverge.com/24199357/fbi-trump-rally-shooter-phone-thomas-matthew-crooks-quantico-mdtfTHEVERGE.COM
16 JulIranian State Hackers Are Deploying a New Malware BackdoorCustom Malware Backdoor BugSleep Has Evasion Capabilities, Checkpoint Says Hackers with links to Iranian intelligence agencies are deploying a new malware backdoor that has advanced evasion capabilities to target Middle Eastern organizations, Checkpoint research says. Attackers a…DATABREACHTODAY.CO.UK
16 Jul[DEF CON 32] Presenting our DIY Dead Man Switchsubmitted by buskill to netsec 1 points | 0 comments https://www.buskill.in/defcon32/ We’re happy to announce that BusKill is presenting at DEF CON 32 . What: Open Hardware Design for BusKill Cord When: 2024-08-10 12:00 - 13:45 Where: W303 – Third Floor – LVCC West Hall BusKill i…LINKS.HACKLIBERTY.ORG
16 JulCoast Guard Battles Cyberthreats Amid Industry ResistanceNew Report Reveals Industry's Reluctance to Use Coast Guard Cybersecurity Services The United States Coast Guard in recent years has started to offer a range of cybersecurity services designed to enhance protections for the marine transportation system, but a new report reveals p…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 4[−]
16 JulNew BugSleep Backdoor Deployed in Recent MuddyWater CampaignsThe deployment of BugSleep is a significant development in MuddyWater's tactics, targeting various sectors with phishing emails leading to the distribution of Remote Management Tools and the BugSleep malware.RESEARCH.CHECKPOINT.COM
16 JulMalicious npm Packages Found Using Image Files to Hide Backdoor CodeCybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – …THEHACKERNEWS.COM
16 JulTeaming up with IBM to secure critical SAP workloadsTrend Micro partners with IBM to offer advanced threat detection and response for protecting critical infrastructures running on IBM Power serversTRENDMICRO.COM
🎙️ PODCASTS 1[−]
16 JulThe AI Fix #7: Can AIs speak dolphin and do robots lick toads?In episode seven of The AI Fix, Alexa goes wild, Mark learns how to hang a towel on a Peloton for only $39.90 a month, Graham puts the news items in the wrong order, and a strawberry uses the internet. Graham explains to Mark what bats argue about, our hosts ponder whether AI sho…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 12[−]
16 Jul"Reply-chain phishing" with a twist, (Tue, Jul 16th)Few weeks ago, I was asked by a customer to take a look at a phishing message which contained a link that one of their employees clicked on. The concern was whether the linked-to site was only a generic credential stealing web page or something targeted/potentially more dangerous…ISC.SANS.EDU
16 JulDNS Hijacks Target Cryptocurrency Platforms Registered With SquarespaceA coordinated wave of DNS hijacking attacks recently targeted decentralized finance (DeFi) cryptocurrency domains. Attackers used the Squarespace registrar to redirect visitors to phishing sites that aimed to steal cryptocurrency and NFTs.BLEEPINGCOMPUTER.COM
16 Jul'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious TwinsDetails have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. The campaign has been codenamed Konfety – the Russian word for Candy – owing to its abuse of a mobile advertising software…THEHACKERNEWS.COM
16 JulHR-Themed Phishing Campaign Targets Employees to Steal Microsoft CredentialsIn a recent phishing attempt, Cofense researchers spotted an email disguised as a communication from a company's HR department, prompting recipients to review an updated employee handbook.COFENSE.COM
16 JulMicrosoft announces new Windows 'checkpoint' cumulative updatesMicrosoft will introduce checkpoint cumulative updates starting in late 2024 for systems running devices running Windows Server 2025 and Windows 11, version 24H2 or later. [...]BLEEPINGCOMPUTER.COM
16 JulKaspersky offers free security software for six months in U.S. goodbyeKaspersky is offering free security products for six months and tips for staying safe as a parting gift to consumers in the United States. [...]BLEEPINGCOMPUTER.COM
16 Jul2024 DDoS Attack TrendsUnveiling the rise of Hacktivism in a tense global climate.F5.COM
16 Jul2024 DDoS Attack TrendsUnveiling the rise of Hacktivism in a tense global climate.F5.COM
16 Jul2024 DDoS Attack TrendsUnveiling the rise of Hacktivism in a tense global climate.F5.COM