🚨 CISA KEV 1[−]
12 Aug KEVCISA Adds Six Known Exploited Vulnerabilities to CatalogCISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corrup…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
12 AugUpdate: Exploit Released for Cisco SSM Bug Allowing Admin Password Changeshe vulnerability, tracked as CVE-2024-20419, allows unauthenticated attackers to change any user's password remotely. To secure vulnerable Cisco Smart Software Manager On-Prem servers, admins must upgrade to a fixed release.BLEEPINGCOMPUTER.COM
12 AugFreeBSD Releases Urgent Patch for High-Severity OpenSSH VulnerabilityThe maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with elevated privileges. The vulnerability, tracked as CVE-2024-7589, carries a CVSS score…THEHACKERNEWS.COM
12 AugHackers Exploiting WinRAR Flaw To Attacks Windows & Linux(ESXi) MachinesHead Mare, a hacktivist group targeting Russia and Belarus, leverages phishing campaigns distributing WinRAR archives to exploit CVE-2023-38831 for initial access. By deploying LockBit and Babuk ransomware, they encrypt victim systems and publicly disclose stolen data. The …GBHACKERS.COM
12 AugCritical 1Password Flaws May Allow Hackers to Snatch Users' PasswordsThe first vulnerability, CVE-2024-42219, allows bypassing inter-process communication protections and impersonation of trusted 1Password integrations. The second, CVE-2024-42218, lets attackers bypass security mechanisms using outdated app versions.HELPNETSECURITY.COM
12 AugMicrosoft Warns of Unpatched Office Vulnerability Leading to Data ExposureThe vulnerability, identified as CVE-2024-38200, affects various versions of Office, including Microsoft Office 2016, Microsoft Office LTSC 2021, Microsoft 365 Apps, and Microsoft Office 2019.THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 26[−]
12 AugThe cyber assault on healthcare: What the Change Healthcare breach revealsThe February 2024 ransomware attack on Change Healthcare put the state of healthcare cybersecurity in the headlines and in front of the US Congress, with aftershocks from the seismic event still being felt. The monumental impact of the attack was evident nearly immediately. The r…CSOONLINE.COM
12 AugAuthorities Arrested Two Admins of WWH-Club Stolen Credit Card MarketplaceU.S. authorities have arrested two believed administrators of the notorious WWH-Club, an online marketplace for stolen credit card information. The arrests mark a major step in the ongoing battle against cybercrime and the illicit trade of unauthorized access devices. The Arrests…GBHACKERS.COM
12 AugIndustrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access AttacksSecurity vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root privileges to the devices and stage follow-on attacks. The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted…THEHACKERNEWS.COM
12 AugMY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliencyLAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024 : GenAI is very much in the mix as a potent X-factor in cybersecurity. Related: Prioritizing digital resiliency I spoke with over three dozen cybersecurity … (more…) The post MY TAKE: Black Hat USA 20…LASTWATCHDOG.COM
12 AugGoogle’s Quick Share Vulnerabilities Let Attackers Execute Remote CodeBy reverse-engineering Quick Share’s proprietary communication protocol, researchers uncovered multiple vulnerabilities, including unauthorized file writes, forced Wi-Fi connections, directory traversal, and denial-of-service conditions. These flaws were chained toget…GBHACKERS.COM
12 AugTaxonomy of Generative AI MisuseInteresting paper: “ Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data “: Generative, multimodal artificial intelligence (GenAI) offers transformative potential across industries, but its misuse poses significant risks. Prior research has s…SCHNEIER.COM
12 AugSSHamble: Open-Source Security Testing of SSH ServicesRunZero recently released SSHamble, an open-source tool for testing the security of SSH services. This tool helps security teams detect dangerous misconfigurations and software bugs in SSH implementations.HELPNETSECURITY.COM
12 AugBipartisan Bill to Tighten Vulnerability Disclosure Rules for Federal ContractorsThe Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024 would require federal contractors to adhere to NIST’s vulnerability disclosure guidelines. The post Bipartisan Bill to Tighten Vulnerability Disclosure Rules for Federal Contractors appeared first on Securit…SECURITYWEEK.COM
12 AugResearchers Uncover Vulnerabilities in Solarman and Deye Solar SystemsCybersecurity researchers have identified a number of security shortcomings in photovoltaic system management platforms operated by Chinese companies Solarman and Deye that could enable malicious actors to cause disruption and power blackouts. "If exploited, these vulnerabilities…THEHACKERNEWS.COM
12 AugMicrosoft Found OpenVPN Bugs That can be Chained to Achieve RCE and LPEThe vulnerabilities affect all versions of OpenVPN prior to 2.6.10 and 2.5.10. Attackers could gain full control over targeted endpoints by exploiting these vulnerabilities.SECURITYAFFAIRS.COM
12 AugMicrosoft found OpenVPN bugs that can be chained to achieve RCE and LPEsubmitted by kid to cybersecurity 2 points | 0 comments https://securityaffairs.com/166912/hacking/openvpn-rce-lpe.htmlSECURITYAFFAIRS.COM
12 AugAMD addresses Sinkclose vulnerability but older processors left unattendedThough AMD has released security updates to address the “Sinkclose” vulnerability in its processors, some of its older and still-popular chips will not be receiving patches. The flaw, disclosed by researchers from security firm IOActive, affects processors dating back to 2006 and…CSOONLINE.COM
12 AugSonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on UsersThe vulnerabilities affect devices before the Sonos S2 release 15.9 and Sonos S1 release 11.12. These flaws could be exploited to compromise devices over the air and capture audio covertly.THEHACKERNEWS.COM
12 AugHow Phishing Attacks Adapt Quickly to Capitalize on Current EventsIn 2023, no fewer than 94 percent of businesses were impacted by phishing attacks, a 40 percent increase compared to the previous year, according to research from Egress. What's behind the surge in phishing? One popular answer is AI – particularly generative AI, which has made it…THEHACKERNEWS.COM
12 AugTrump campaign suffers sensitive data breach in alleged Iranian hackThe re-election campaign for former US President Donald Trump said it has fallen victim to a cyberattack by Iranian actors, leading to the theft and distribution of sensitive internal documents. The claim, which did not divulge any specific details about the hack, came a day afte…CSOONLINE.COM
12 AugCritical AWS Services Vulnerability Let Attackers Execute Remote CodeHackers attack AWS as it hosts a vast number of high-value targets, including sensitive data, business applications, and cloud resources for organizations worldwide. In February 2024, six AWS services were found to have some critical vulnerabilities. The services include CloudFor…GBHACKERS.COM
12 AugCriminal IP and Maltego Join Forces for Enhanced Cyber Threat SearchAI SPERA announced today that its IP address intelligence engine, Criminal IP, can now be integrated with Maltego's unified user interface and is available on the Maltego's marketplace, [...]BLEEPINGCOMPUTER.COM
12 AugSeveral Vulnerabilities Found in Google’s Quick Share Data Transfer UtilitySafeBreach identified 10 vulnerabilities in Google Quick Share and devised a remote code execution chain targeting the file sharing utility for Windows. The post Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility appeared first on SecurityWeek .SECURITYWEEK.COM
12 AugMicrosoft Warns of OpenVPN Vulnerabilities, Potential for Exploit ChainsThe vulnerabilities, patched in OpenVPN 2.6.10, expose users on the Windows platform to remote code execution attacks. The post Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains appeared first on SecurityWeek .SECURITYWEEK.COM
12 AugRussia Blocks Signal Messaging App as Authorities Tighten Control Over InformationSignal uses end-to-end encryption, making it difficult for the Russian government to intercept communications. The post Russia Blocks Signal Messaging App as Authorities Tighten Control Over Information appeared first on SecurityWeek .SECURITYWEEK.COM
12 AugJustice Department Disrupts North Korean ‘Laptop Farm’ OperationLaw enforcement authorities in the U.S. have arrested a Tennessee man accused of running a “laptop farm” that helped North Korean IT workers secure remote jobs at American companies. The post Justice Department Disrupts North Korean ‘Laptop Farm’ Operation appeared fi…SECURITYWEEK.COM
12 AugWhy OT cybersecurity should be every CISO’s concernSome CISOs believe that there is no need to assess risks in operational technology (OT) or to establish an enterprise OT cybersecurity standard – because they don’t run OT. However, I believe OT is a blind spot that is often overlooked. If your office resides in a building, you a…CSOONLINE.COM
12 Aug KEVCompanies poorly prepared for TLS transitionTransport Layer Security (TLS) certificates form the basis for a secure internet connection. They encrypt the data that is transmitted between the browser, the website visited and the server. Last year, Google announced it was going to reduce the term of TLS certificates from 398…CSOONLINE.COM
12 AugThe cybersecurity kids aren’t all rightA new Sophos-commissioned survey finds burnout, fatigue, cynicism riding high in the workforceSOPHOS.COM
12 AugCybersecurity Leadership Crisis, Is It Time to Pivot Your Strategy? - BSW #360In the leadership and communications segment, The Cybersecurity Leadership Crisis Dooming America’s Companies, Judge Rejects SEC’s Aggressive Approach to Cybersecurity Enforcement, Is It Time to Pivot Your Strategy?, and more! Visit https://www.securityweekly.com/bsw for all the …YOUTUBE.COM
12 AugMicrosoft and NVIDIA: Partnering to protect AI workloads in AzureAs interest in AI soars, security leaders are prioritizing an architecture framework that supports innovation and delivers end-to-end protection of sensitive data and models—all while mitigating data exfiltration, poisoning, and other nefarious use case risks. Inadvertent leaks o…CSOONLINE.COM
📢 SECURITY ADVISORIES 6[−]
12 AugNCSC to Build Nation-Scale Evidence Base for Cyber DeceptionThe UK’s National Cyber Security Centre (NCSC) recently hosted an unprecedented conference at its London headquarters, bringing together international government partners, UK government officials, and industry leaders. The focus was on exploring the potential of cyber decep…GBHACKERS.COM
🔥 INCIDENT REPORTING 15[−]
12 AugOver 15,000 hard coded secrets found by researcher at Defcon: Cyber Security Today for Monday, August 12, 2024Exposing Hidden Secrets: DEF CON Revelations, Ransomware Surge & GPS Spoofing Woes Join host Jim Love in this insightful episode of Cybersecurity Today. Discover the shocking revelation of over 15,000 hard-coded secrets uncovered at DEF CON by researcher Bill Dermacapi, and learn…CYBERSECURITYTODAY.LIBSYN.COM
12 AugNew Malware Strains Pop Up in Threat LandscapeQuorum Cyber Incident Response team recently identified a new malware called SharpRhino utilized by the threat actor group Hunters International during a ransomware incident. The malware, written in C#, was distributed through a typosquatting domain posing as Angry IP Scanner.CYWARE.COM
12 AugBotnet 7777: Are You Betting on a Compromised Router?Recent findings indicate that the 7777 botnet (aka Quad7) has likely expanded, adding new bots with open port 63256, primarily including Asus routers. As of August 5, 2024, the total number of active bots stood at 12,783.TEAM-CYMRU.COM
12 AugAnalysis of Data Exfiltration Tools Used by Threat ActorsA comprehensive analysis of data theft incidents investigated by ReliaQuest from September 2023 to July 2024 revealed that Rclone, WinSCP, and cURL are among the most prevalent exfiltration tools used by threat actors.RELIAQUEST.COM
12 AugLatrodectus and ACR Stealer Observed Spreading via Google Authenticator Phishing SiteThe phishing site tricks users into downloading a malicious file disguised as Google Authenticator, which then drops the two malware components. The ACR Stealer exfiltrates data to a C&C server, while Latrodectus maintains persistence on the machine.CYBLE.COM
12 AugThe BlackSuit ransomware gang has demanded over $500 million since 2022A notorious ransomware group has demanded more than half a billion dollars from victims in less than two years. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
12 Aug200k Impacted by East Valley Institute of Technology Data BreachThe personal and health information of students, staff, faculty, and parents was compromised in a data breach at East Valley Institute of Technology. The post 200k Impacted by East Valley Institute of Technology Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
12 AugAustralian Gold Mining Company Reports Ransomware AttackEvolution Mining Limited, a prominent global player in the gold mining industry, has reported a ransomware attack that impacted its IT systems. The company, which operates several mines across Australia and Canada, discovered the breach on August 8, 2024. This incident highlights…GBHACKERS.COM
12 AugMalware-as-a-Service and Ransomware-as-a-Service Lower Barriers for CybercriminalsMalware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) have made it easier for cybercriminals to carry out sophisticated attacks, according to Darktrace. These subscription-based tools have lowered the barrier for less experienced attackers.HELPNETSECURITY.COM
12 AugTelegram Bot Selling Phishing Tools to Bypass 2FA & Hack Microsoft 365 AccountsA newly discovered phishing marketplace, ONNX Store, empowers cybercriminals to launch sophisticated attacks against Microsoft 365 and Office 365 environments. The platform provides tools to circumvent robust 2FA safeguards, enabling threat actors to compromise accounts with incr…GBHACKERS.COM
12 AugAustralian gold producer Evolution Mining hit by ransomwareEvolution Mining has informed that it has been targeted by a ransomware attack on August 8, 2024, which impacted its IT systems. [...]BLEEPINGCOMPUTER.COM
12 AugFBI takes down ransomware gang that hacked dozens of companiesThe FBI's takedown of the Radar/Dispossessor ransomware and extortion gang is a rare win in the fight against ransomware. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
12 AugFBI disrupts the Dispossessor ransomware operation, seizes serversThe FBI announced on Monday that it seized the servers and websites of the Radar/Dispossessor ransomware operation following a joint international investigation. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 10[−]
12 AugISC Stormcast For Monday, August 12th, 2024 https://isc.sans.edu/podcastdetail/9092, (Mon, Aug 12th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
12 AugThe UN Is Moving to Fight Cybercrime but Privacy Groups Say Human Rights Will Be ViolatedA global deal on the criminal use of computer technology is moving ahead despite worries it will let governments around the world violate human rights. The post The UN Is Moving to Fight Cybercrime but Privacy Groups Say Human Rights Will Be Violated appeared first on SecurityWee…SECURITYWEEK.COM
12 AugThe Missing Piece of SASE — Prisma Access Browser — Now AvailablePrisma Access Browser, the latest innovation in SASE – redefining secure work in the browser, blending top-tier security with unparalleled performance. The post The Missing Piece of SASE — Prisma Access Browser — Now Available appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
12 AugMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 4 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
12 AugBlack Hat USA 2024 – Summary of Vendor AnnouncementsHundreds of companies and organizations showcased their products and services last week at the 2024 edition of the Black Hat conference in Las Vegas. The post Black Hat USA 2024 – Summary of Vendor Announcements appeared first on SecurityWeek .SECURITYWEEK.COM
12 AugCriminal IP and Maltego Collaborate to Broaden Threat Intelligence Data SearchCriminal IP, an expanding Cyber Threat Intelligence (CTI) search engine from AI SPERA, has recently completed its technology integration with Maltego, a global all-in-one investigation platform that specializes in visualized analysis of combined cyber data. This collaboration int…GBHACKERS.COM
12 AugNews alert: Criminal IP and Maltego team up to broaden threat intelligence data searchTorrance, Calif., Aug. 12, 2024, CyberNewsWire — Criminal IP , an expanding Cyber Threat Intelligence (CTI) search engine from AI SPERA, has recently completed its technology integration with Maltego , a global all-in-one investigation platform that specializes in visualize…LASTWATCHDOG.COM
12 AugSouth Korea says DPRK hackers stole spy plane technical dataSouth Korea's ruling party, People Power Party (PPP), has issued an announcement stating that North Korean hackers have stolen crucial information about K2 tanks, the country's main battle tank, as well as its "Baekdu" and "Geumgang" spy planes. [...]BLEEPINGCOMPUTER.COM
12 AugHacker Stories: A Facebook Physical ThreatMost people take a lot of measures to secure their online bank accounts, credit card accounts, retirement accounts and other financial accounts. This often means enabling some form of multi-factor authentication (MFA), using a strong password, or other means of keeping money safe…KNOWBE4.COM
12 AugSecurity Money: Crowdstrike Crashes the Index - BSW #360This week, it’s time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Crowdstrike crashes the index, as Thoma Bravo acquires another index company. The ind…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
12 AugEastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK FilesThe Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind. The attack chains are characterized by the use of RAR archive attachments containing a Windows sho…THEHACKERNEWS.COM
12 AugFake WinRar Websites Distributing Malware Payloads Hosted on GitHubA fraudulent site resembling the official WinRar distribution platform is spreading malware. The fake website, win-rar[.]co, utilizes typosquatting to trick users who mistype the URL.SONICWALL.COM
12 AugNew Widespread Extension Trojan Malware CampaignThe malware attack flow involves luring users with fake websites imitating popular downloads, then executing PowerShell scripts to download and install malicious extensions that steal private data and control browser settings.REASONLABS.COM
12 AugMicrosoft is killing the Windows Paint 3D app after 8 yearsMicrosoft announced that the Paint 3D graphics app will be discontinued later this year and removed from the Microsoft Store in November. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 24[−]
12 AugVideo: Same Origin, CORS, DNS Rebinding and Localhost, (Mon, Aug 12th)Trying something a bit different. A video demo to illustrate some concepts around "Origin" in web applications. Let me know if this is something you would like to see more of.
ISC.SANS.EDU
12 AugVulnerabilities in Solar Power Management Platform can Lead to BlackoutsResearchers discovered that a solar grid responsible for 20% of the world's solar power output, enough to power the entire United States, is at risk of being hijacked due to vulnerabilities in PV plant management platforms.BITDEFENDER.COM
12 AugNearly 200 Firms Have Signed Pledge to Build More Secure Software, Top Cyber Official SaysThe initiative, called Secure by Design, was introduced by the Cybersecurity and Infrastructure Security Agency at the RSA Conference, with an initial 70 firms committing to improving security features.NEXTGOV.COM
12 AugHow Network Segmentation can Strengthen Visibility in OT NetworksGaining visibility in OT networks is challenging due to differences in communication protocols between IT and OT systems. Building trust between OT and IT teams is essential, as their priorities often conflict.HELPNETSECURITY.COM
12 AugIndustry Moves for the week of August 12, 2024 - SecurityWeekExplore industry moves and significant changes in the industry for the week of August 12, 2024. Stay updated with the latest industry trends and shifts.SECURITYWEEK.COM
12 AugEarth Baku’s Latest Campaign Expands its Reach to Europe, the Middle East, and AfricaEarth Baku has expanded its operations beyond the Indo-Pacific region to Europe, the Middle East, and Africa. They are now targeting countries like Italy, Germany, UAE, and Qatar, with suspected activities in Georgia and Romania.TRENDMICRO.COM
12 AugSaaS Apps Present an Abbreviated Kill Chain for AttackersResearchers at AppOmni revealed that adversaries no longer need to complete all seven stages of a traditional kill chain to achieve their goals. This shift requires organizations to rethink their cybersecurity strategies.DARKREADING.COM
12 AugThe AI Hangover is Here – The End of the BeginningAfter a good year of sustained exuberance, the hangover is finally here. It’s a gentle one (for now), as the market corrects the share price of the major players (like Nvidia, Microsoft, and Google), while other players reassess the market and adjust priorities. Gartner calls it …THEHACKERNEWS.COM
12 AugThe best hacks and security research from Black Hat and Def Con 2024Here is a look back at the top security research from the annual hacker conferences, Black Hat and Def Con 2024. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
12 AugCrowdStrike Pursuing Deal to Buy Patch Management Specialist Action1CrowdStrike is looking to acquire patch management specialist Action1 in a deal worth nearly $1 billion. Action1's Co-Founder and CEO confirmed the discussions with CrowdStrike employees in a memo.CYBERSECURITYDIVE.COM
12 AugShorter TLS Certificate Lifespans Expected to Complicate Management EffortsShorter TLS certificate lifespans are expected to create challenges for management efforts, with 76% of security leaders acknowledging the need to transition to shorter lifespans for increased security, according to Venafi.HELPNETSECURITY.COM
12 AugUN Cybercrime Treaty Passes in Unanimous VoteThe United Nations has unanimously passed its first cybercrime treaty, initially proposed by Russia. This treaty establishes a global legal framework for addressing cybercrime and data access.THERECORD.MEDIA
12 AugGoogle deactivates Russian AdSense accounts, sends final paymentsGoogle is notifying Russian YouTubers, bloggers, and publishers that their Adsense accounts are being deactivated and can no longer be used for advertising. [...]BLEEPINGCOMPUTER.COM
12 AugMicrosoft shares Outlook workaround for Gmail sign-in issuesMicrosoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from signing in or adding Gmail accounts using classic Outlook. [...]BLEEPINGCOMPUTER.COM
12 AugHackers posing as Ukraine’s Security Service infect 100 govt PCsAttackers impersonating the Security Service of Ukraine (SSU) have used malicious spam emails to target and compromise systems belonging to the country's government agencies. [...]BLEEPINGCOMPUTER.COM
12 AugWhich IT, and IoT devices are most vulnerable | Kaspersky official blogReasons why your organization’s connected smart devices are vulnerable, and how to make up for this with security controls.KASPERSKY.COM
12 AugSAFECOM Membership Spotlight ft. Red Grasso, North Carolina Department of Information TechnologyCISA.GOV
12 AugX faces GDPR complaints for unauthorized use of data for AI trainingEuropean privacy advocate NOYB (None of Your Business) has filed nine GDPR complaints about X using the personal data from over 60 million users in Europe to train "Grok," the social media company's large language model. [...]BLEEPINGCOMPUTER.COM
12 AugThe great location leak: Privacy risks in dating appsConvenience may come at a cost – such as when your favorite app reveals your exact coordinates to someone you’d rather keep at a distanceWELIVESECURITY.COM
12 AugTop 6 Craigslist scams: Don’t fall for these tricksHere’s how to spot and dodge scams when searching for stuff on the classified ads website that offers almost everything under the sunWELIVESECURITY.COM