19Articles
7Categories
2024-08-10Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
10 AugAMD CPUs impacted by 18-year-old SMM flaw that enables firmware implantsAMD has issued microcode updates for a wide range of server and desktop CPUs to address a vulnerability that could allow attackers to bypass protections for the System Management Mode (SMM) and execute malicious code in the low-level firmware outside of the OS. The flaw could be …CSOONLINE.COM
10 AugMicrosoft Warns of Unpatched Office Vulnerability Leading to Data BreachesMicrosoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.5), has been described as a spoofing flaw tha…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 5[−]
10 AugExperts Uncover Severe AWS Flaws Leading to RCE, Data Theft, and Full-Service TakeoversCybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited, could result in serious consequences. "The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeov…THEHACKERNEWS.COM
10 AugCISA Warns of Hackers Abusing Cisco Smart Install FeatureThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised organizations to disable the legacy Cisco Smart Install (SMI) feature due to recent attacks exploiting it.BLEEPINGCOMPUTER.COM
10 AugCisco Warns of Critical RCE Zero-Days in End of Life IP PhonesCisco has issued a warning about critical remote code execution zero-days affecting the web-based management interface of the Small Business SPA 300 and SPA 500 series IP phones, which are no longer supported.BLEEPINGCOMPUTER.COM
10 Aug'0.0.0.0 Day' Flaw Puts Chrome, Firefox, Mozilla Browsers at RCE RiskAn open source security firm, Oligo Security, has discovered a vulnerability called "0.0.0.0 Day" that allows attackers to execute code on web browsers like Chrome, Safari, and Firefox, potentially leading to data theft and malware.DARKREADING.COM
10 AugWWH-Club credit card market admins arrested after cash spending spreeU.S. law enforcement has arrested two suspected admins of the WWH-Club stolen credit card marketplace after they went on a cash spending spree in Florida. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 1[−]
10 AugHazy Issue in Entra ID Allows Privileged Users to Become Global AdminsAn issue with Microsoft's Entra ID identity and access management service could allow a hacker with admin-level access to gain global administrator privileges within an organization's cloud environment.DARKREADING.COM
🔥 INCIDENT REPORTING 3[−]
10 AugStudent raised security concerns in Mobile Guardian MDM weeks before cyberattackThis is the second cyberattack targeting the school device management service Mobile Guardian this year. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
10 AugRussian Spies Hacked UK Government Systems Earlier This Year, Stole Data and EmailsRussian spies hacked UK government systems earlier this year, stealing data and emails in a nation-state attack. The breach targeted the Home Office's systems, which had not been previously reported.THERECORD.MEDIA
10 AugCSC ServiceWorks reveals 2023 data breach affecting thousands of peopleThe data breach is the latest security issue to beset CSC ServiceWorks over the past year, after multiple researchers found security bugs. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 5[−]
10 AugSignal Developer Explains Why Early Encrypted Messaging Tools Floppedsubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.pcmag.com/news/signal-developer-explains-why-early-encrypted-messaging-tools-flopped ‘The intuition was to take the complexity and push it onto the user,’ Moxie Marlinspike says at Black Hat. ‘We were just wro…PCMAG.COM
10 AugCyber Security Today - Week In Review: August 10, 2024Cybersecurity Insights: Malvertising, Phishing Trends, and North Korean Hackers In this weekend edition of 'Cybersecurity Today,' host Jim Love brings together experts Terry Cutler from Cyology Labs, David Shipley from Beauceron Security, and Greg Monson from Trustwave. The panel…CYBERSECURITYTODAY.LIBSYN.COM
10 AugNorth Korea Kimsuky Launch Phishing Attacks on UniversitiesCybersecurity analysts have uncovered critical details about the North Korean advanced persistent threat (APT) group Kimsuky, which has been targeting universities as part of its global espionage operations.INFOSECURITY-MAGAZINE.COM
10 AugGoogle Researchers Found Nearly a Dozen Flaws in Popular Qualcomm Software for Mobile GPUssubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.wired.com/story/google-android-red-team-qualcomm-gpu-flaws/ The vulnerabilities, which have been patched, may have novel appeal to attackers as an avenue to compromising phones.WIRED.COM
10 AugWhat lies beneath: the growing threat to the hidden network of cables that power the internetsubmitted by gytrash to cybersecurity 2 points | 1 comments https://www.theguardian.com/environment/article/2024/aug/09/what-lies-beneath-the-growing-threat-to-the-hidden-network-of-cables-that-power-the-internet “Modern consumers have come to imagine the internet as something un…THEGUARDIAN.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
10 AugNew Malware Hits 300,000 Users with Rogue Chrome and Edge ExtensionsAn ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software. "The trojan malware contains different deliverables ranging from simple adware exten…THEHACKERNEWS.COM
📡 INFOSEC NEWS 2[−]
10 AugAfter global IT meltdown, CrowdStrike courts hackers with action figures and gratitudeCrowdStrike tried to go back to business as usual at one of the world's largest annual cybersecurity conferences, weeks after its massive global IT crash. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
10 AugMicrosoft: Windows 11 22H2 reaches end of support in 60 daysMicrosoft has reminded customers that multiple editions of Windows 11 21H2 and 22H2 will reach the end of servicing in 60 days, on October 8, 2024. [...]BLEEPINGCOMPUTER.COM