🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
14 AugCritical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin AccessIvanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an authentication bypass and create rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of …THEHACKERNEWS.COM
14 AugVulnerability in Windows Driver Leads to System CrashesA vulnerability in the Windows CLFS.sys driver, identified as CVE-2024-6768, allows an unprivileged user to crash the system, leading to a Blue Screen of Death. The flaw is due to improper input validation and affects Windows 10 and 11.INFOSECURITY-MAGAZINE.COM
14 AugCritical SAP Flaw Allows Remote Attackers to Bypass AuthenticationSAP has released a security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass flaw (CVE-2024-41730) in the SAP BusinessObjects Business Intelligence Platform.BLEEPINGCOMPUTER.COM
14 Aug0-Click Outlook RCE Vulnerability Triggered When Email is Clicked – Technical AnalysisNetSPI discovered that Microsoft Outlook is vulnerable to authenticated remote code execution (CVE-2024-21378) due to improper validation of synchronized form objects. By manipulating a configuration file, attackers can automatically register and instantiate a custom form, specif…GBHACKERS.COM
14 AugSAP patches critical bugs allowing full system compromiseSAP has sealed a bunch of severe bugs affecting its systems, including two critical vulnerabilities that can allow full system compromise. On its Security Patch Day for August 2024, the software giant rolled out fixes for a total of 17 vulnerabilities, with six hot fixes — CVSS r…CSOONLINE.COM
14 AugCritical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin AccessIvanti Virtual Traffic Manager has a critical flaw that could allow rogue admin access. A security update has been released for this vulnerability, tracked as CVE-2024-7593, with a CVSS score of 9.8.THEHACKERNEWS.COM
14 AugUpdate: New Windows SmartScreen Bypass Exploited as Zero-Day Since MarchA security loophole in Windows SmartScreen, known as CVE-2024-38213, was exploited by attackers as a zero-day to bypass protection. Microsoft patched this vulnerability during the June 2024 Patch Tuesday.BLEEPINGCOMPUTER.COM
14 AugMicrosoft Outlook security hole lets attackers in without opening a tainted messageAmong the large batch of security patches that Microsoft released on Tuesday was an especially nasty hole within Microsoft’s Outlook email client, one that would allow an attacker full access by simply sending the user an email, even if the recipient chooses to not open the messa…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 30[−]
14 AugParody Website ClownStrike Rejects CrowdStrike's Baseless DMCA Takedown Noticesubmitted by c0mmando to netsec 2 points | 0 comments https://web.archive.org/web/20240810115925/https://reclaimthenet.org/parody-website-clownstrike-rejects-crowdstrikes-baseless-dmca-takedown-notice CrowdStrike – a company that advertises itself as stopping breaches using “AI-n…LINKS.HACKLIBERTY.ORG
14 AugPatch Tuesday brings 90 new Microsoft CVEs, six already under exploitsubmitted by Alphane_Moon to cybersecurity 3 points | 0 comments https://www.theregister.com/2024/08/14/august_patch_tuesday/THEREGISTER.COM
14 AugMicrosoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Day ExploitsMicrosoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. This is also …THEHACKERNEWS.COM
14 AugCybersecurity should return to reality and ditch the hypeAs a chief information security officer (CISO), I’ve witnessed firsthand the transformation of cybersecurity from a niche IT function to a boardroom priority. Yet, despite its rise in prominence, this field is flooded with voices that often lack the depth and precision essential …CSOONLINE.COM
14 AugZoom Fixes Critical Vulnerabilities Allowing Privilege EscalationZoom Video Communications has recently disclosed several critical vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients. These vulnerabilities, identified in multiple security bulletins, pose significant risks, potentially allowing attackers to escalate privileges…GBHACKERS.COM
14 AugHackers Toolkit Unveiled, Comprehensive Tools For Various Cyber AttacksHackers always keep updating their tools and add new ones to adapt to evolving security measures, bypass defenses, and exploit newly discovered vulnerabilities. Staying ahead of the cybersecurity advancements is completely important for them as doing so helps them maintain …GBHACKERS.COM
14 AugExploiting pfsense Flaw for Remote Code ExecutionDuring a recent security audit by Laburity researchers, an application with a vulnerability related to pfblockerNG was identified. Attempts using default credentials failed, but an exploit from exploit-db was unsuccessful.LABURITY.COM
14 AugClickbait PDFs, An Entry point For Multiple Web Based AttacksResearchers studied the infrastructure behind clickbait PDF attacks by analyzing a large dataset of real-world PDFs to identify clickbait ones and their linked infrastructure and found that attackers use various hosting types, including object storage, website hosting, and CDNs.&…GBHACKERS.COM
14 AugManufacturer Orion SA says scammers conned it out of $60MOrion SA recently disclosed to US regulators that it fell victim to a criminal wire fraud scheme resulting in a $60 million loss. The incident, possibly a BEC scam, involved fraudulent wire transfers to unknown third-party accounts by an employee.THEREGISTER.COM
14 Aug KEVMicrosoft Discloses 10 Zero-Day Bugs in Patch Tuesday UpdateMicrosoft released its August 2024 Patch Tuesday updates, fixing 89 vulnerabilities, including nine zero-days. Among these, six zero-days were actively exploited, while three others were publicly disclosed. A tenth zero-day still remains unpatched.DARKREADING.COM
14 AugBiden Administration Pledges $11 Million to Open Source Security InitiativeThe effort, known as the Open-Source Software Prevalence Initiative (OSSPI), aims to identify where open-source software components are being used in sectors like healthcare, transportation, and energy production to enhance national cybersecurity.THERECORD.MEDIA
14 AugSleuthcon cybercrime congress 2023submitted by ashar to security_cpe 1 points | 0 comments SLEUTHCON is a forum for identifying and exploring cybercrime and financially-motivated threats. This conference will highlight the work done by cybersecurity researchers, defenders, academics, law enforcement, and others. …INFOSEC.PUB
14 AugHackers Exploited by GraphQL Vulnerabilities to Compromise OrganizationsCyberattacks have highlighted vulnerabilities in GraphQL APIs, leading to significant security breaches in various organizations. GraphQL, a query language for APIs, allows clients to request specific data, making it a popular choice for developers. However, its flexibility also …GBHACKERS.COM
14 AugBYOVDLL – A New Exploit That Is Bypassing LSASS ProtectionIn July 2022, Microsoft patched a well-known PPL bypass flaw, initially discovered by Ionescu and Forshaw. This allowed protection circumvention without kernel code execution, and this update now broke the PPLdump PoC. SCRT Team researchers at Orange Cyberdefense recently d…GBHACKERS.COM
14 AugDARPA Awards $14m to Seven Teams in AI Cyber ChallengeDARPA has awarded $14 million to seven teams in the AI Cyber Challenge (AIxCC) at DEFCON 32. The competition aims to find a cyber reasoning system to identify and fix vulnerabilities in open-source software.INFOSECURITY-MAGAZINE.COM
14 AugMicrosoft Azure AI Health Bot Infected With Critical VulnerabilitiesMultiple privilege escalation issues in Microsoft Azure's cloud-based Health Bot service opened the platform to server-side request forgery (SSRF) and could have allowed access to cross-tenant resources.DARKREADING.COM
14 AugBelarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime ChargesA coalition of law enforcement agencies coordinated by the U.K. National Crime Agency (NCA) has led to the arrest and extradition of a Belarussian and Ukrainian dual-national believed to be associated with Russian-speaking cybercrime groups. Maksim Silnikau (aka Maksym Silnikov),…THEHACKERNEWS.COM
14 AugAny recommendations against Sinkclose on older CPUs?submitted by kenkenken to cybersecurity 1 points | 0 comments As AMD has no intentions to release a patch for the Ryzen 3000 series and bellow, what users can do to protect themselves? I can assume few things: Do not run any untrusted software and closed source software in genera…SH.ITJUST.WORKS
14 AugCritical Ivanti vTM Bug Allows Unauthorized Admin Accesssubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.darkreading.com/remote-workforce/critical-ivanti-vtm-bug-unauthorized-admin-access The CVSS 9.8 authentication bypass in Ivanti’s traffic manager admin panel already has a proof-of-concept exploit (PoC) lurkin…DARKREADING.COM
14 AugMicrosoft Warns Of OpenVPN Vulnerabilities, Potential For Exploit ChainsPACKETSTORMSECURITY.COM
14 AugUnconfirmed Hack of 2.9 Billion Records at National Public Data Sparks Media Frenzy Amid LawsuitsNational Public Data (NPD) is at the center of controversy with allegations of a massive data breach involving 2.9 billion records. Despite media coverage and a class action lawsuit, verifiable proof remains scarce The post Unconfirmed Hack of 2.9 Billion Records at National Publ…SECURITYWEEK.COM
14 AugAzure Health Bot Service Vulnerabilities Possibly Exposed Sensitive DataAzure Health Bot Service vulnerabilities found by Tenable could have been exploited for lateral movement and may have allowed customer data exposure. The post Azure Health Bot Service Vulnerabilities Possibly Exposed Sensitive Data appeared first on SecurityWeek .SECURITYWEEK.COM
14 AugSolarWinds fixes critical RCE bug affecting all Web Help Desk versionsA critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today. [...]BLEEPINGCOMPUTER.COM
14 AugAdobe Releases Security Updates for Multiple ProductsAdobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Secur…CISA.GOV
14 AugGitHub Actions artifacts found leaking auth tokens in popular projectsMultiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. [...]BLEEPINGCOMPUTER.COM
14 AugZero-click Windows TCP/IP RCE impacts all systems with IPv6 enabledMicrosoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6 enabled. [...]BLEEPINGCOMPUTER.COM
14 AugSupply Chain Policies - Stewart Scott, Trey Herr - BTS #36Stewart and Trey join us to talk about driving cybersecurity policies for the nation, what makes a good policy, what makes a bad policy, supply chain research and policies, and overall how we shape policies that benefit cybersecurity. Segment Resources: * https://www.atlanticcoun…YOUTUBE.COM
14 AugZero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch nowMicrosoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6 enabled. [...]BLEEPINGCOMPUTER.COM
📋 SECURITY BULLETINS 3[−]
14 AugICS Patch Tuesday: Advisories Released by Siemens, Schneider, Rockwell, AvevaICS Patch Tuesday advisories have been published by Siemens, Schneider Electric, Rockwell Automation, Aveva and CISA. The post ICS Patch Tuesday: Advisories Released by Siemens, Schneider, Rockwell, Aveva appeared first on SecurityWeek .SECURITYWEEK.COM
14 AugChipmaker Patch Tuesday: Intel, AMD Address Over 110 VulnerabilitiesIntel and AMD have each informed customers about dozens of vulnerabilities found and patched in their products. The post Chipmaker Patch Tuesday: Intel, AMD Address Over 110 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
14 AugMicrosoft retires Windows updates causing 0x80070643 errorsMicrosoft has retired several Windows security updates released during the January 2024 Patch Tuesday that have been causing 0x80070643 errors when installing Windows Recovery Environment (WinRE) updates. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 6[−]
14 AugUK Prime Minister Keir Starmer and Prince William deepfaked in investment scam campaignScammers are once again using deepfake technology to dupe unwary internet Facebook and Instagram users into making unwise cryptocurrency investments. AI-generated videos promoting fraudulent cryptocurrency trading platform Immediate Edge have used deepfake footage of British Prim…BITDEFENDER.COM
14 AugNIST Formalizes World's First Post-Quantum Cryptography Standardssubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/nist-quantum-cryptography-standards/INFOSECURITY-MAGAZINE.COM
14 AugNIST Formalizes World's First Post-Quantum Cryptography StandardsThe finalized post-quantum cryptography standards are Module-Lattice-Based Key-Encapsulation Mechanism Standard (FIPS 203), Module-Lattice-Based Digital Signature Standard (FIPS 204), and Stateless Hash-Based Digital Signature Standard (FIPS 205).INFOSECURITY-MAGAZINE.COM
14 AugWhite House Post-Quantum Announcement: What It Means for CybersecurityEvery Palo Alto Networks Next-Generation Firewall running the latest PAN-OS supports the three new NIST PQC standards. The post White House Post-Quantum Announcement: What It Means for Cybersecurity appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
14 AugNIST releases first encryption tools to resist quantum computingThe U.S. National Institute of Standards and Technology (NIST) has released the first three encryption standards designed to resist future cyberattacks based on quantum computing technology. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 12[−]
14 AugWhat We Know About Suspected Iranian Cyber Intrusion in the US Presidential RaceU.S. State Department officials declined to speculate on allegations that Iran was behind the hack, but a spokesperson said it would be in keeping with Tehran’s past use of cyberattacks and deception. The post What We Know About Suspected Iranian Cyber Intrusion in the US Preside…SECURITYWEEK.COM
14 AugChina-Backed Earth Baku Expands Cyber Attacks to Europe, Middle East, and AfricaThe China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include Europe, the Middle East, and Africa starting in late 2022. Newly targeted countries as part of the activity include Italy, Germany, the U.A.E., and …THEHACKERNEWS.COM
14 AugElon Musk's claim of DDoS attack greeted with skepticism: Cyber Security Today for Wednesday, August 14th, 2024In this episode of Cybersecurity Today, host Jim Love delves into Elon Musk's claim that a DDoS attack delayed his live interview with Donald Trump, the revelation of a massive data breach compromising most U.S. social security numbers, and CrowdStrike's president accepting the '…CYBERSECURITYTODAY.LIBSYN.COM
14 AugDeathGrip: Emergence of a new Ransomware-as-a-ServicePromoted through Telegram and other underground forums, DeathGrip RaaS offers aspiring threat actors on the dark web sophisticated ransomware tools, including LockBit 3.0 and Chaos builders.BROADCOM.COM
14 Aug460k Impacted by Kootenai Health Ransomware AttackKootenai Health says the personal and health information of over 460,000 individuals was stolen in a ransomware attack. The post 460k Impacted by Kootenai Health Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
14 AugFeds Seize Radar/Dispossessor Ransomware Gang Servers in US and EuropeFederal authorities have seized servers belonging to the Radar/Dispossessor ransomware gang in the U.S. and Europe. The FBI dismantled dozens of servers linked to the group, which is believed to have ties to the LockBit ransomware enterprise.THERECORD.MEDIA
14 AugThe State of Ransomware in State and Local Government 2024270 IT/cybersecurity leaders share their ransomware experiences from the last year.SOPHOS.COM
14 AugCIRCIA feedback update: Critical infrastructure providers weigh in on NPRMIn 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, “CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share…SECURITYINTELLIGENCE.COM
14 AugRansomware kingpin who called himself “J P Morgan” extradited to United StatesAn investigation dating back almost ten years has seen the extradition this week to the United States of a man suspected to be the head of one the world's most prolific Russian-speaking cybercriminal gangs. The UK's National Crime Agency (NCA) says it has been investigating a cyb…TRIPWIRE.COM
14 AugRansomware attackers introduce new EDR killer to their arsenalSophos discovers the threat actors behind RansomHub ransomware using EDRKillShifter in attacksSOPHOS.COM
14 AugAutoCanada discloses cyberattack impacting internal IT systemsHackers targeted AutoCanada in a cyberattack last Sunday that impacted the automobile dealership group's internal IT systems, which may lead to disruptions. [...]BLEEPINGCOMPUTER.COM
14 AugBlack Basta-Linked Attackers Target Users with SystemBC MalwareAn ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusion attempts" with the goal of conducting credential theft and deploying a malware dropper called SystemBC. "The initial lure being utilized by the thr…THEHACKERNEWS.COM
🕵️ THREAT INTELLIGENCE 24[−]
14 AugA Letter From Our CEOLet me begin with a strong and sincere apology for a recent marketing decision at an event hosted by Palo Alto Networks during Black Hat in Las Vegas. The post A Letter From Our CEO appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
14 AugISC Stormcast For Wednesday, August 14th, 2024 https://isc.sans.edu/podcastdetail/9096, (Wed, Aug 14th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
14 AugDDoS Attacks Surge 46% in First Half of 2024, Gcore Report RevealsMonitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS attack data, showcasing changes in attack patterns and the broader landsca…THEHACKERNEWS.COM
14 AugCYBERWARCON 2023 - 13 videossubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/1cc74b71-9259-43d7-9ddc-4d1a4b04824d.png Website playlist on YouTubeINFOSEC.PUB
14 AugDark Web Marketplace Admins Busted Following Luxury LifeTwo men living a life of luxury in Florida have been charged with cyber fraud after authorities became suspicious of their extravagant spending habits. Russian national Pavel Kublitskii and Kazakhstan national Alexandr Khodyrev, who arrived in the U.S. in 2022 seeking asylum, are…GBHACKERS.COM
14 AugMultiple Malware Dropped Through MSI Package, (Wed, Aug 14th)One of my hunting rules hit on potentially malicious PowerShell code. The file was an MSI package (not an MSIX, these are well-known to execute malicious scripts[ 1 ]). This file was a good old OLE package:
ISC.SANS.EDU
14 AugKiteworks captures $456M at a $1B+ valuation to help secure sensitive dataMark up another unicorn and large funding round for the cybersecurity industry: Kiteworks, a company that builds tools to secure email communications, file sharing, and other situations where people are working with sensitive or proprietary data outside their firewalls, has raise…TECHCRUNCH.COM
14 AugIvanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic ManagerIvanti has released patches for multiple vulnerabilities in Neurons for ITSM, Avalanche, and Virtual Traffic Manager, including critical bugs. The post Ivanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic Manager appeared first on SecurityWeek .SECURITYWEEK.COM
14 AugIranian APT42 Actors Conducting World Wide Surveillance OperationsAPT42 (aka Damselfly, UNC788, CALANQUE, Charming Kitten) is a sophisticated Iranian state-sponsored cyber espionage group. This Advanced Persistent Threat (APT) group is known for its ability to carry out long-term and focused digital surveillance campaigns. The major targe…GBHACKERS.COM
14 AugEarth Baku Using Customized Tools To Maintain Persistence And Steal DataEarth Baku, an APT actor who initially focused on the Indo-Pacific region, has grown its activities extensively since late 2022. The group has increased its presence in Europe, the Middle East, and Africa (MEA), having also confirmed engagements in Italy, Germany, UAE and Qatar. …GBHACKERS.COM
14 AugFace Check With Microsoft Entra Verified ID Is Now Generally Available, MicrosoftMicrosoft announced that Face Check with Microsoft Entra Verified ID is now generally accessible. It is available standalone and as part of the Microsoft Entra Suite, a comprehensive identity solution that combines network access, identity protection, governance, and identity ver…GBHACKERS.COM
14 AugSecure Data Sharing Company Kiteworks Raises $456 MillionSecure data sharing solutions provider Kiteworks has raised $456 million in growth equity investment from Insight Partners and Sixth Street Growth. The post Secure Data Sharing Company Kiteworks Raises $456 Million appeared first on SecurityWeek .SECURITYWEEK.COM
14 AugFortinet, Zoom Patch Multiple VulnerabilitiesFortinet and Zoom have released patches for multiple vulnerabilities in their products, including high-severity bugs. The post Fortinet, Zoom Patch Multiple Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
14 AugHacker Conversations: Tom Anthony and Scratching an Itch Without Doing HarmMany hackers trace their origin to an interest in, and early exposure to, computers. Tom Anthony is no different. The post Hacker Conversations: Tom Anthony and Scratching an Itch Without Doing Harm appeared first on SecurityWeek .SECURITYWEEK.COM
14 AugMicrosoft Azure AI Health Bot Infected With Critical Vulnerabilitiessubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/application-security/microsoft-azure-ai-health-bot-infected-with-critical-vulnerabilitiesDARKREADING.COM
14 AugReal Social Engineering Attack on KnowBe4 Employee FoiledDavidB, the KnowBe4 VP of Asia Pacific and Japan, recently experienced a sophisticated social engineering attack via WhatsApp.KNOWBE4.COM
14 AugThe nation’s best hackers found vulnerabilities in voting machines — but no time to fix themsubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.politico.com/news/2024/08/12/hackers-vulnerabilities-voting-machines-elections-00173668 Organizers and participants at the DEF CON Voting Village found cyber vulnerabilities in everything from voting machines …POLITICO.COM
14 AugUnlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFASecurityWeek spoke with Mike Britton, CISO at Abnormal Security, to understand what the company has learned about current social engineering and phishing attacks. The post Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA appeared first on SecurityWe…SECURITYWEEK.COM
14 AugUpcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is on the 24th. The list is maintained on this page .SCHNEIER.COM
14 AugThe Secret to Job Success in Today's Market: It's Who You Know!In today's competitive job market, landing a role isn't just about your resume—it's about your network. Discover why "who you know" is more important than ever, especially as you climb the career ladder. Don't miss this insight from Business Security Weekly! Catch the full segmen…YOUTUBE.COM
14 AugIsraeli contractor claims Israel is behind rigging elections and online bot farms.Not China, not russia, not iran.They claim Israel has rigged more than 30 electionssubmitted by europathelastbattle to cybersecurity 1 points | 0 comments https://x.com/Kahlissee/status/1823369063348781214INFOSEC.PUB
14 AugTexas Sues GM for Collecting Driving Data without ConsentTexas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN : In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly …SCHNEIER.COM
14 AugCybersecurity Flaws Could Derail High-profile Cycling Racessubmitted by pnutzh4x0r to cybersecurity 1 points | 0 comments https://today.ucsd.edu/story/cybersecurity-flaws-could-derail-high-profile-cycling-races High-end bicycles used for high-profile road races such as the Tour de France are vulnerable to cybersecurity attacks targeting …TODAY.UCSD.EDU
14 AugWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 3 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 2[−]
14 AugPhishing Campaign Poses as Ukraine's Security Service to Spread ANONVNC MalwareCybercriminals impersonated the Security Service of Ukraine (SSU) using malicious spam emails to target and infect the systems of Ukrainian government agencies. The attackers successfully distributed AnonVNC malware to over 100 computers.DARKREADING.COM
14 AugHow to Augment Your Password Security with EASMSimply relying on traditional password security measures is no longer sufficient. When it comes to protecting your organization from credential-based attacks, it is essential to lock down the basics first. Securing your Active Directory should be a priority – it is like making su…THEHACKERNEWS.COM
📡 INFOSEC NEWS 12[−]
14 AugNew Banshee MacOS Stealer Attacking Users to Steal Keychain DataThe Banshee Stealer can rob sensitive data, including passwords from macOS Keychain, system information, and data from popular web browsers like Safari, Chrome, and Firefox. It can also access cryptocurrency wallets and plugins.CYBERSECURITYNEWS.COM
14 AugReport: 35% of Exposed API Keys Still Active, Posing Major Security RisksNightfall AI's research found that 35% of exposed API keys were still active, leading to significant security risks. The study uncovered an average of about 350 secrets, including passwords and API keys, exposed per 100 employees annually on GitHub.HELPNETSECURITY.COM
14 AugCybercriminal Duo Attracts FBI Notice by Spending Big & Living LargeThe FBI found that the cybercriminal duo was involved in Dark Web platforms like WWH Club, Skynetzone, and Opencard for buying, selling, and trading sensitive information and cybercriminal training.DARKREADING.COM
14 AugHow CIOs, CTOs, and CISOs View Cyber Risks DifferentlyC-suite executives face the challenge of balancing technological innovation with cybersecurity resilience. A report by LevelBlue highlighted the complexities of their roles and the need for strategic cybersecurity approaches.HELPNETSECURITY.COM
14 AugProlific Malvertising Scammer Arrested and Extradited to US to Face ChargesMaxim Silnikau, a Belarusian-Ukrainian cybercriminal dubbed one of the most prolific Russian-speaking hackers by the UK's NCA, has been arrested in Spain and extradited to the US.THERECORD.MEDIA
14 AugTexas firm says it lost $60M in a bank wire transfer scamA Texas company says it lost $60 million to a criminal fraud scheme, which the FBI says makes fraudsters billions of dollars every year. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
14 AugTrump campaign hack-and-leak appears like a rerun of 2016. This time, media outlets are responding differentlyFaced with a new hack-and-leak operation targeting the Trump presidential campaign, journalists and media outlets are taking a different approach to their reporting. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
14 AugRussian who sold 300,000 stolen credentials gets 40 months in prisonGeorgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for selling login credentials for over 300,000 accounts on Slilpp, the largest online marketplace of stolen logins, until its seizure in June 2021. [...]BLEEPINGCOMPUTER.COM