99Articles
8Categories
2024-07-23Date
🚨 CISA KEV 1[−]
23 Jul KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2012-4792 Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 Twilio Authy Information Disclosure Vulnerability These ty…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
23 JulA CVE in the universal Turing machine from 1967, that doesn't mattersubmitted by boredsquirrel to cybersecurity 2 points | 0 comments https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32471CVE.MITRE.ORG
23 JulNew Exploit Variation Against D-Link NAS Devices (CVE-2024-3273), (Tue, Jul 23rd)In April, an OS command injection vulnerability in various D-Link NAS devices was made public [1]. The vulnerability, %%CVE:2024-3273%% was exploited soon after it became public. Many of the affected devices are no longer supported. ISC.SANS.EDU
23 JulCVE-2024-38176 GroupMe Elevation of Privilege VulnerabilityAn improper restriction of excessive authentication attempts in [GroupMe](https://groupme.com/) allows a unauthenticated attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
23 JulCVE-2024-38164 GroupMe Elevation of Privilege VulnerabilityAn improper access control vulnerability in [GroupMe](https://groupme.com/) allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 21[−]
23 JulWiz walks away from Google’s $23B acquisition offer: Read the CEO’s note to employeesCybersecurity startup Wiz has turned down a $23 billion acquisition offer from Alphabet, Google’s parent company, according to a source familiar with discussions. Despite the offer representing a substantial premium over its last private valuation of $12 billion, Wiz’s mana…TECHCRUNCH.COM
23 JulThreat Actors Taking Advantage of CrowdStrike BSOD Bug to Deliver MalwareThreat actors have been found exploiting a recently discovered bug in CrowdStrike’s software that causes a Blue Screen of Death (BSOD) on affected systems. This vulnerability has given cybercriminals a unique opportunity to spread malware, posing significant risks to users …GBHACKERS.COM
23 JulCursed tapes: Exploiting the EvilVideo vulnerability on Telegram for AndroidESET researchers discovered a zero-day exploit targeting Telegram for Android, called EvilVideo. This exploit allowed attackers to send malicious Android payloads disguised as video files in unpatched versions of Telegram.WELIVESECURITY.COM
23 JulNHIs may be your biggest — and most neglected — security holeNon-human identities (NHIs) have been a staple of enterprise IT for decades. Giving digital components credentials to access IT networks and devices, as IT would a human user, is key to ensuring complex IT systems can operate. But as the number of NHIs have soared in the past few…CSOONLINE.COM
23 JulChinese APT group Daggerfly revamps malware toolkit with new backdoorsResearchers have linked a previously unattributed Mac backdoor and a new Windows Trojan to a Chinese APT group known as Daggerfly that has been around for over a decade and targets organizations and individuals around the world. The group appears to be using the same modular malw…CSOONLINE.COM
23 JulEarly IT takeaways from the CrowdStrike outageWhether you’ve survived the CrowdStrike incident or didn’t use CrowdStrike and are merely seeing the impact to others, taking time to learn lessons from this event is vital. After all, if you couldn’t recover easily from this, then you may be lost trying to recover from a ransomw…CSOONLINE.COM
23 JulFrom RA Group to RA World: Evolution of a Ransomware GroupRA World’s attack methods, mapped to MITRE ATT&CK, include exploiting vulnerable servers for initial access, using tools like PsExec and Impacket for credential dumping and lateral movement, and executing ransomware payloads in safe mode.UNIT42.PALOALTONETWORKS.COM
23 JulLaw Enforcement Disrupts DDoS-for-Hire Service DigitalStressAuthorities in the UK infiltrated and disrupted the DDoS-for-hire service DigitalStress, and one suspect was arrested. The post Law Enforcement Disrupts DDoS-for-Hire Service DigitalStress appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulMagento Sites Targeted with Sneaky Credit Card Skimmer via Swap FilesThreat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento e-commerce site's checkout page, allowed the malware to survive multiple cl…THEHACKERNEWS.COM
23 JulMeta Given Deadline to Address E.U. Concerns Over 'Pay or Consent' ModelMeta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its "pay or consent" advertising model or risk-facing enforcement measures, including sanctions. The European Commission said the Consumer Protection Cooperation (CPC) N…THEHACKERNEWS.COM
23 JulFrostyGoop Malware Used to Shut down Heat in Ukraine AttackFrostyGoop can disrupt industrial processes by altering values on ICS devices. The malware exploited the Modbus protocol to directly affect industrial control systems, posing a significant threat to OT environments globally.THEREGISTER.COM
23 JulTelegram Zero-Day Enabled Malware DeliveryThe EvilVideo zero-day vulnerability in Telegram for Android allowed threat actors to send malicious files disguised as videos. The post Telegram Zero-Day Enabled Malware Delivery appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulHackers Abusing Google Cloud For PhishingThreat actors often attack cloud services for several illicit purposes. Google Cloud is targeted due to its extensive and powerful resources, which could be abused for a multitude of malicious activities. The vast amounts of data and computing power that Google Cloud services pro…GBHACKERS.COM
23 JulTelegram Zero-Day Enabled Malware DeliveryPACKETSTORMSECURITY.COM
23 JulEvolving from Security to Trust, more than Just Compliance - Mike Towers - CSP #184CISOs need to enhance their strategic influence and operational impact within their organizations. This calls for a departure from traditional, insular security approaches towards a partnership model that aligns security initiatives with business growth and value. By adopting an …YOUTUBE.COM
23 JulDDoS-for-hire site DigitalStress taken down by police, suspected owner arrestedIt has been revealed that earlier this month a website which offered a DDoS-for-hire service was taken offline by law enforcement, but only after they collected data about its criminal customers. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
23 JulCISA Releases Four Industrial Control Systems AdvisoriesCISA released four Industrial Control Systems (ICS) advisories on July 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-205-01 National Instruments IO Trace ICSA-24-205-02 Hitachi Energy AF…CISA.GOV
23 JulLearn Modern SOC and D&R Practices Using Autonomic Security Operations (ASO) PrinciplesLearn Modern SOC and D&R practices for free from Google! Yes, really! That’s the message. Join *hundreds* of others who already signed up! Now, with full details…. After some ungodly amount of work, the original ASO crew (but really Iman !) put together an epic Modern Securit…MEDIUM.COM
23 JulPhishing Campaigns Abuse Cloud Platforms to Target Latin AmericaSeveral threat actors are abusing legitimate cloud services to launch phishing attacks against users in Latin America, according to Google’s latest Threat Horizons Report.KNOWBE4.COM
23 JulWhere Generative AI Can Actually Help Security (And Where It Doesn't) - Allie Mellen, ... - ASW #292Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to value for appsec. Allie brings some realistic expectations to how genAI is used by attackers and can be useful to defenders. Segment…YOUTUBE.COM
23 JulICS malware FrostyGoop disrupted heating in Ukraine, remains threat to OT worldwideSecurity researchers warn about a new malware threat designed to interact with industrial control systems (ICS) over the Modbus protocol. The malicious program was used in January in a cyberattack that left hundreds of buildings from the city of Lviv in Ukraine without central he…CSOONLINE.COM
📢 SECURITY ADVISORIES 6[−]
23 JulStrengthen Your Cybersecurity: Understanding the NIS 2 DirectiveKey insights into the NIS 2 Directive in this essential guide to new cybersecurity compliance for 2024.SOPHOS.COM
23 JulHPE advisory (AV24-415)CYBER.GC.CA
23 JulCrowdStrike failure: What you need to knowCybersecurity vendor CrowdStrike initiated a series of computer system outages across the world on Friday, July 19, disrupting nearly every industry and sowing chaos at airports, financial institutions, and healthcare systems, among others. At issue was a flawed update to CrowdSt…CIO.COM
23 JulWhat Biden Dropping Out Could Mean for Federal Cyber PolicyUS President's Withdrawal Comes at a Turbulent Time for Federal Cybersecurity President Joe Biden's withdrawal from the 2024 election is sparking new concerns about federal cybersecurity during an already turbulent moment for cybersecurity in the United States, experts told Infor…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 18[−]
23 JulPlay Ransomware’s Linux Variant Attacking VMware ESXi ServersA new Linux variant of Play ransomware targets VMware ESXi environments, which encrypts virtual machine files and appends the “.PLAY” extension by leveraging obfuscation techniques to bypass detection and is compressed with a Windows variant in a RAR archive. It utili…GBHACKERS.COM
23 JulHackers shut down heating in Ukrainian city with malware, researchers sayCybersecurity firm Dragos and Ukrainian authorities found a cyberattack targeting critical infrastructure in Lviv. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
23 JulRansomware Takedowns Leave Criminals Scrambling for StabilityA recent report from Europol indicates that the disruption of ransomware-as-a-service (RaaS) groups is causing a fragmentation of the threat landscape, complicating tracking efforts.THEREGISTER.COM
23 JulTwo Russian Nationals Charged for Cyber Attacks against U.S. Critical InfrastructureThe United States has designated Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR), for their roles in cyber operations targeting U.S. critical infrastructure. Pankratova, the group’s lea…GBHACKERS.COM
23 JulPopular Ukrainian Telegram Channels Hacked to Spread Russian PropagandaChannels with millions of subscribers, including Times of Ukraine and Real Kyiv, were affected by the hack. Ukrainian broadcaster Suspilne stated that 270 Ukrainian channels were compromised, with hackers spreading false narratives and propaganda.THERECORD.MEDIA
23 JulNew ICS Malware 'FrostyGoop' Targeting Critical InfrastructureCybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January. Industrial cybersecurity firm Drag…THEHACKERNEWS.COM
23 JulBritish teen arrested in connection with MGM Resorts ransomware attackBritish police have arrested a 17-year-old boy believed to be linked to a cybercriminal gang that launched devastating ransomware attacks last year on MGM Resorts and other companies. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
23 JulVerizon to pay $16 million in TracFone data breach settlementVerizon Communications has agreed to a $16,000,000 settlement with the Federal Communications Commission (FCC) in the U.S. concerning three data breach incidents its wholly-owned subsidiary, TracFone Wireless, suffered after its acquisition in 2021. [...]BLEEPINGCOMPUTER.COM
23 JulHow a North Korean Fake IT Worker Tried to Infiltrate UsIncident Report Summary: Insider Threat TLDR: KnowBe4 was in need of a software engineer for our internal IT AI team. Posted the job, got resumes, did the interviews, did the background check, checked the references and hired the person. We sent the Mac and the moment it was rece…KNOWBE4.COM
23 JulFrostyGoop malware attack cut off heat in Ukraine during winterRussian-linked malware was used in a January 2024 cyberattack to cut off the heating of over 600 apartment buildings in Lviv, Ukraine, for two days during sub-zero temperatures. [...]BLEEPINGCOMPUTER.COM
23 JulCrypto Data Breach Continues to Fuel Phishing Scams Years LaterAccording to security researchers at Cisco Talos, emails impersonating legitimate officers at the Cyprus Securities and Exchange Commission are being sent to prior Opteck customers that offer victim's with investment advice.KNOWBE4.COM
23 JulBreachForums v1 hacking forum data leak exposes members’ infoThe private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, allowing threat actors and researchers to gain insight into its users. [...]BLEEPINGCOMPUTER.COM
23 JulDeFi exchange dYdX v3 website hacked in DNS hijack attackDecentralized finance (DeFi) crypto exchange dYdX announced on Tuesday that the website for its older v3 trading platform has been compromised. [...]BLEEPINGCOMPUTER.COM
23 JulProactive Network Security: Lessons From CrowdStrike OutageClaroty CEO Vardi on Compensating Controls, Segmentation and Secure Remote Access The recent CrowdStrike outage highlights the need to shift from reactive risk management to proactive measures in cyber-physical security. Claroty CEO Yaniv Vardi emphasizes the importance of compen…DATABREACHTODAY.CO.UK
23 JulBuilding cyber-resilience: Lessons learned from the CrowdStrike incidentOrganizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstancesWELIVESECURITY.COM
🕵️ THREAT INTELLIGENCE 33[−]
23 JulISC Stormcast For Tuesday, July 23rd, 2024 https://isc.sans.edu/podcastdetail/9064, (Tue, Jul 23rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
23 JulNCA Shut’s Down the Most Popular “digitalstress” DDoS-for-hire ServiceThe National Crime Agency (NCA) has successfully infiltrated and dismantled one of the most notorious Distributed Denial of Service (DDoS) for hire services, digitalstress.su. This criminal marketplace, responsible for tens of thousands of attacks weekly worldwide, was taken down…GBHACKERS.COM
23 JulWiz to Pursue IPO as It Walks Away From $23 Billion Google DealCloud security giant Wiz will stick to its original plan and pursue an IPO, walking away from a $23 billion deal with Google. The post Wiz to Pursue IPO as It Walks Away From $23 Billion Google Deal appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulFrostyGoop ICS Malware Left Ukrainian City’s Residents Without HeatingThe FrostyGoop ICS malware was used recently in an attack against a Ukrainian energy firm that resulted in loss of heating for many buildings. The post FrostyGoop ICS Malware Left Ukrainian City’s Residents Without Heating appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulUkrainian Institutions Targeted Using HATVIBE and CHERRYSPY MalwareThe Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign targeting a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name U…THEHACKERNEWS.COM
23 JulWiz shocks the tech world as it rejects Google’s $23 billion bidIn a surprising turn of events, Israeli cybersecurity startup Wiz has decided to end its acquisition talks with Google-parent Alphabet, which would have resulted in a $23 billion deal, the largest ever for Google. This decision was communicated through an internal memo from Wiz C…CSOONLINE.COM
23 JulChinese Cyberespionage Group Expands Malware ArsenalSymantec Traces 2021 Hong Kong Waterhole Attacks to Daggerfly Security researchers say they've traced a spate of backdoor attacks during 2021 against pro-democracy activists in Hong Kong to a Chinese cyberespionage group that's recently re-tooled its arsenal. The group is tracked…DATABREACHTODAY.CO.UK
23 Jul2017 ODNI Memo on Kaspersky LabsIt’s heavily redacted , but still interesting. Many more ODNI documents here .SCHNEIER.COM
23 JulGoogle abandons plans to drop third-party cookies in ChromeAs a major update to Chrome’s new cross-site tracking protection policy, Google announced that it is no longer considering dropping support for third-party cookies. Third-party cookies, which refer to the cookies that are set by a website other than the one a user is currently vi…COMPUTERWORLD.COM
23 JulThe Patchwork group has updated its arsenal, launching attacks for the first time using Brute Ratelsubmitted by kid to cybersecurity 2 points | 0 comments https://medium.com/@knownsec404team/the-patchwork-group-has-updated-its-arsenal-launching-attacks-for-the-first-time-using-brute-ratel-175741987d87MEDIUM.COM
23 JulViperSoftX Malware Poses As eBooks On Torrentssubmitted by kid to cybersecurity 2 points | 0 comments https://securityboulevard.com/2024/07/vipersoftx-malware-poses-as-ebooks-on-torrents/SECURITYBOULEVARD.COM
23 JulCrowdStrike Speeding Up Remediation of Systems Hit by Blue Screen of DeathCrowdStrike tested a new technique to speed up the remediation of systems impacted by the recent bad update. The post CrowdStrike Speeding Up Remediation of Systems Hit by Blue Screen of Death appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulWhat to Know About the Kids Online Safety Act and Its Chances of PassingEverything about the Kids Online Safety Act (KOSA): who supports it, who opposes it, and its chances of passing in Congress. The post What to Know About the Kids Online Safety Act and Its Chances of Passing appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulThe AI Fix #8: Emergence, a rancid donkey, and the world’s funniest jokeIn episode eight of “The AI Fix”, our hosts tackle the latest news from the world of AI and learn about two important medical breakthroughs, Mark coughs, Graham ruins “Killing me softly”, and neither shows their junk to an AI. Graham explains humour to Mark and shares a donkey st…GRAHAMCLULEY.COM
23 JulBeware Of Dating Apps Exposing Your Personal And Location Details To Cyber CriminalsThreat actors often attack dating apps to steal personal data, including sensitive data and location details, which can be used in identity theft, blackmailing people, or other malicious activities. Since these applications are a goldmine of personal experiences and chats, hacker…GBHACKERS.COM
23 JulChinese Hackers Target Taiwan and US NGO with MgBot MalwareOrganizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal …THEHACKERNEWS.COM
23 JulPatience & Self Awareness in a Fast Paced World with Jason AlbuquerqueJoin Jason Albuquerque in this clip from Business Security Weekly as he discusses the vital role of patience and self-awareness in today's fast-paced society. Learn how these qualities can enhance your leadership and personal growth, especially in the high-stress environment of c…YOUTUBE.COM
23 JulClosing CISO-CEO Communication Gap Requires a Common Business Language - Sumedh Thakar - BSW #357Back in April, we covered a story on episode #348 titled "CISO-CEO communication gaps continue to undermine cybersecurity". In that article, Sumedh Thakar, the CEO at Qualys, stated "CISOs must translate technical risks into business impact for CEOs." But he didn't say how. So, w…YOUTUBE.COM
23 JulRisk Management Insights: What CEOs and Boards Really Need - Jeff Recor - BSW #357Security is a risk management discipline. No one understand that more than Jeff Recor. Jeff has built risk management practices for Deloitte, Grant Thornton, and Accenture and has recently formed his own risk consulting practice. In this unscripted interview, Jeff will share his …YOUTUBE.COM
23 JulGoogle Will Keep Third-Party Cookies in ChromeGoogle no longer plans on deprecating third-party cookies in Chrome and is working on an updated approach. The post Google Will Keep Third-Party Cookies in Chrome appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulCrowdStrike CEO Called to Testify to Congress Over Cybersecurity Firm’s Role in Global Tech OutageU.S. House leaders are calling on CrowdStrike CEO George Kurtz to testify on widespread tech outage that services around the world. The post CrowdStrike CEO Called to Testify to Congress Over Cybersecurity Firm’s Role in Global Tech Outage appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulStrengthening Cybersecurity in HealthcareA Collaborative Approach Between Accenture and Palo Alto Networks To improve patient outcomes and experiences, today’s healthcare organizations are increasingly adopting innovative technologies, such as AI, Cloud, and IoT. While beneficial, these … The post Strengthening Cy…PALOALTONETWORKS.COM
23 JulTransforming Knowledge Management With Generative AIAboitiz Data Innovation's Guy Sheppard on Tailoring AI to Banking Requirements Aboitiz Data Innovation faced a unique challenge: Design a wholesale architecture for a generative AI lab for a bank while ensuring accurate responses and maintaining strict information security protoc…DATABREACHTODAY.CO.UK
23 JulIs Your Bank Really Calling? How to Protect Yourself from Financial Impersonation FraudProtecting your financial information has never been more crucial. With the rise of sophisticated scams, it's becoming increasingly difficult to distinguish between legitimate bank communications and fraudulent attempts to access your accounts. So, how can you be sure it's really…KNOWBE4.COM
23 JulKiller Robots, Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet and More - SWN #400Elon's Killer Robots, Crowdstrike and More Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-400YOUTUBE.COM
23 JulMexico's Largest ERP Provider ClickBalance Exposes 769 Million Recordssubmitted by kid to cybersecurity 2 points | 0 comments https://hackread.com/mexico-erp-clickbalance-769-million-records-data-leak/HACKREAD.COM
23 JulSAPwned, Squarespace Domain Hijacks, AIs Fixing Code, Infosec Investments - ASW #292SAPwned demonstrates tenets of tenant isolation, a weak login flow puts Squarespace domains at risk, how AIs might (or might not) be useful for fixing code, getting buy-in for infosec investments, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Sho…YOUTUBE.COM
23 JulCanadian Startup Protexxa Attracts $10 Million Series A FinancingCanadian cybersecurity startup Protexxa closes a $10 million Series A funding round that brings the total raised to $15 million. The post Canadian Startup Protexxa Attracts $10 Million Series A Financing appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulCrowdStrike Cleanup: Vast Majority of Systems Restored93% of 8.5 Million Affected Systems Back Online, Reports IT Asset Management Firm On day five of the Windows outages due to a faulty CrowdStrike update, there is cautious optimism as IT experts report significant restoration of downed systems. One IT asset management provider sai…DATABREACHTODAY.CO.UK
23 JulReport: HHS Needs to Beef Up Cloud Security and SkillsInspector General Says HHS Cloud Systems Are Potentially at Risk of Compromise The Department of Health and Human Services is facing some of the same cloud security problems as the healthcare organizations it regulates: weaknesses in a dozen different cloud security controls and …DATABREACHTODAY.CO.UK
23 JulHackers Froze Ukrainian Heating Systems in WinterICS-Specific Malware Uses Modbus Protocol for Disruptive Attacks Hackers used novel malware to knock out the power supply to more than 600 apartment buildings during the winter in Ukraine, in a development that poses a wider threat for critical infrastructure. Cybersecurity resea…DATABREACHTODAY.CO.UK
23 JulHamster Kombat’s 250 million players targeted in malware attacksThreat actors are taking advantage of the massive popularity of the Hamster Kombat game, targeting players with fake Android and Windows software that install spyware and information-stealing malware. [...]BLEEPINGCOMPUTER.COM
23 JulChinese hackers deploy new Macma macOS backdoor versionThe Chinese hacking group tracked as 'Evasive Panda' was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware. [...]BLEEPINGCOMPUTER.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
23 JulFake CrowdStrike repair manual pushes new infostealer malwareCrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 15[−]
23 JulGoogle Abandons Plan to Phase Out Third-Party Cookies in ChromeGoogle on Monday abandoned plans to phase out third-party tracking cookies in its Chrome web browser more than four years after it introduced the option as part of a larger set of a controversial proposal called the Privacy Sandbox. "Instead of deprecating third-party cookies, we…THEHACKERNEWS.COM
23 JulUK: NCA Infiltrates DDoS-for-Hire Site as Suspected Controller Arrested in Northern IrelandThe National Crime Agency (NCA) in the United Kingdom has successfully infiltrated a DDoS-for-hire service known as DigitalStress. The suspected controller of the site was arrested in Northern Ireland earlier this month.THERECORD.MEDIA
23 JulHow to Securely Onboard New Employees Without Sharing Temporary PasswordsThe initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice of sharing temporary first-day passwords, which can expose organizations to security risks. Traditionally, IT departments have been cornered into eit…THEHACKERNEWS.COM
23 JulSophos Germany Team Saddles Up for a Volunteering Day at Horse Therapy FarmSophos Employee Volunteering Program supports local equine-assisted therapy initiative.SOPHOS.COM
23 JulWhy CrowdStrike-Style Chaos Is Here To StayPACKETSTORMSECURITY.COM
23 JulQR Codes: Convenience or Cyberthreat?Security awareness and measures to detect and prevent sophisticated risks associated with QR code-based phishing attacks (quishing)TRENDMICRO.COM
23 JulCrowdStrike global outage: Sophos guidanceOur take on what happened and answers to key questions from Sophos customers and partners.SOPHOS.COM
23 JulSophos Firewall v20 MR2 is now availableSophos Firewall OS v20 MR2 is a free upgrade for all licensed Sophos Firewall customers.SOPHOS.COM
23 JulPhish-Friendly Domain Registry “.top” Put on NoticeThe Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes am…KREBSONSECURITY.COM
23 JulImpact of Microsoft Copilot+ Recall on corporate cybersecurityHow to prepare IT systems and employees for the arrival of visual AI assistants from Microsoft, Google, and Apple.KASPERSKY.COM
23 JulWindows 10 KB5040525 fixes WDAC issues causing app failures, memory leakMicrosoft has released the July 2024 preview update for Windows 10, version 22H2, with fixes for Windows Defender Application Control (WDAC) issues causing app crashes and system memory exhaustion. [...]BLEEPINGCOMPUTER.COM
23 JulThe tap-estry of threats targeting Hamster Kombat playersESET researchers have discovered threats abusing the success of the Hamster Kombat clicker gameWELIVESECURITY.COM