🚨 CISA KEV 1[−]
15 Aug KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-28986 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack v…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
15 AugSolarWinds Releases Patch for Critical Flaw in Web Help Desk SoftwareSolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bu…THEHACKERNEWS.COM
15 AugSolarWinds Urges Upgrade After Revealing Critical RCE BugSolarWinds is advising customers to upgrade their Web Help Desk platform due to a critical vulnerability, CVE-2024-28986, discovered by Inmarsat Government researchers. The bug allows for remote code execution through Java deserialization.INFOSECURITY-MAGAZINE.COM
15 AugResearch Uncovers New Microsoft Outlook VulnerabilityA new vulnerability has been discovered in Microsoft Outlook by security researchers, labeled as CVE-2024-38173 with a CVSS score of 6.7. This Form Injection RCE flaw is similar to a previous vulnerability, CVE-2024-30103, patched in July 2024.INFOSECURITY-MAGAZINE.COM
⚠️ VULNERABILITY DISCLOSURE 20[−]
15 AugCisco Cuts Thousands of Jobs, 7% of Workforce, As It Shifts Focus to AI, CybersecurityCisco had 84,900 employees as of July 2023. Based on that figure, the number of jobs cut would be about 5,900. The post Cisco Cuts Thousands of Jobs, 7% of Workforce, As It Shifts Focus to AI, Cybersecurity appeared first on SecurityWeek .SECURITYWEEK.COM
15 AugCritical Vulnerabilities in IBM QRadar Allow Attackers to Execute Arbitrary Code RemotelyIBM recently disclosed critical vulnerabilities affecting its QRadar Suite Software and IBM Cloud Pak for Security. These vulnerabilities, if exploited, could allow attackers to execute arbitrary code remotely, potentially leading to severe security breaches. The company has addr…GBHACKERS.COM
15 AugGitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential TakeoverA newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments. "A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third p…THEHACKERNEWS.COM
15 AugNIST Finalizes 3 Algorithms to Combat Future Quantum Cyber ThreatsThe U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has taken a step in safeguarding digital security against future quantum threats. By finalizing a set of three encryption algorithms, NIST aims to protect sensitive information from the potent…GBHACKERS.COM
15 AugFBI Says it is Investigating Purported Trump Campaign HackThe FBI is investigating a suspected hack of the Trump campaign, following accusations of Iranian involvement. The Trump campaign blames foreign sources and cited a Microsoft report linking Iranian hackers to covert efforts to influence the election.THERECORD.MEDIA
15 AugAutoCanada Hit by CyberattackAutoCanada has disclosed a disruptive cybersecurity incident after also being impacted by the recent CDK Global ransomware attack. The post AutoCanada Hit by Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
15 AugSolarWinds Issues Hotfix for Critical Web Help Desk VulnerabilitySolarWinds has released a hotfix for a critical Java deserialization remote code execution vulnerability in Web Help Desk. The post SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
15 AugLatest Phishing Scam Uses Cross-Site Scripting Attack to Harvest Personal DetailsCross-Site Scripting (XSS) is alive and well, and used in attacks to obfuscate malicious links in phishing emails to redirect users to threat-actor controlled websites.KNOWBE4.COM
15 AugMicrosoft disables BitLocker security fix, advises manual mitigationMicrosoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. [...]BLEEPINGCOMPUTER.COM
15 AugCISA Releases Eleven Industrial Control Systems AdvisoriesCISA released eleven Industrial Control Systems (ICS) advisories on August 15, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-228-01 Siemens SCALANCE M-800, RUGGEDCOM RM1224 ICSA-24-228-02 Si…CISA.GOV
15 AugWindows TCP/IP RCE Impacts all Systems with IPv6 Enabled, Patch NowA critical TCP/IP remote code execution (RCE) vulnerability affecting all Windows systems with IPv6 enabled has been discovered, prompting Microsoft to issue a warning urging users to patch their systems immediately.BLEEPINGCOMPUTER.COM
15 AugFile-Sharing Phishing Attacks Increased by 350% Over the Past YearFile-sharing phishing attacks have skyrocketed over the past year, according to a new report from Abnormal Security.KNOWBE4.COM
15 AugLPE FTW - PSW #839This week: Option ROMS are a novel way to compromise a system at the lowest level, Sinkclose opens AMD processors up to attacks, at home in your firmware exploiting SMM complete with examples, Sonos speakers get hacked and enable attackers to listen in on your conversations, DEF …YOUTUBE.COM
15 AugAI's Unpredictable Nature Why Controlling Output is So ChallengingIn this clip from the Enterprise Security Weekly podcast, Amanda Minnich discusses the unpredictable nature of AI, its non-deterministic behavior, and the challenges of controlling its output. Learn how adversaries can exploit meta prompts and why post-safety training can be undo…YOUTUBE.COM
15 AugZero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP FlawSecurity experts are ratcheting up the urgency for Windows admins to patch a wormable, pre-auth remote code execution vulnerability in the Windows TCP/IP stack. The post Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw appeared first on SecurityWeek .SECURITYWEEK.COM
15 AugContent updates and product architecture: Sophos EndpointSophos X-Ops takes a look at the content updates in Intercept X, and how we validate and release themSOPHOS.COM
15 AugMIT delivers database containing 700+ risks associated with AIA group of Massachusetts Institute of Technology (MIT) researchers have opted to not just discuss all of the ways artificial intelligence (AI) can go wrong, but to create what they described in an abstract released Wednesday as “a living database” of 777 risks extracted from 43 t…CSOONLINE.COM
15 AugThousands of NetSuite stores leak sensitive data due to access control misconfigurationResearchers have found that several thousand Oracle NetSuite customers are inadvertently leaking sensitive data to unauthenticated users through externally facing stores built with NetSuite SuiteCommerce or NetSuite Site Builder. The exposure is likely caused by a deficient under…CSOONLINE.COM
15 AugSolarWinds: Critical RCE Bug Requires Urgent Patchsubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.darkreading.com/vulnerabilities-threats/solarwinds-critical-rce-bug-requires-urgent-patch The vulnerability was given a high -severity CVSS score, indicating that customers should act swiftly to mitigate the f…DARKREADING.COM
15 AugMajor GitHub repos leak access tokens putting code and clouds at riskAn analysis of build artifacts generated by GitHub Actions workflows inside open-source repositories belonging to major companies revealed sensitive access tokens to third-party cloud services, as well as GitHub itself. In addition, a change made this year in the GitHub artifacts…CSOONLINE.COM
📋 SECURITY BULLETINS 1[−]
15 AugAugust Patch Tuesday goes bigMonthly security release hauls out 85 CVEs… and that’s before the advisoriesSOPHOS.COM
📢 SECURITY ADVISORIES 4[−]
15 AugEnabling the Safe Use of GenAI ApplicationsAI Access Security harnesses the power of GenAI technologies, maintains robust protection for sensitive data, ensures compliance with security policies. The post Enabling the Safe Use of GenAI Applications appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
15 AugNIST Releases First Post-Quantum Encryption AlgorithmsFrom the Federal Register : After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature sche…SCHNEIER.COM
🔥 INCIDENT REPORTING 13[−]
15 AugNew Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto MiningCybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power. This indicates that the "IoT botnet is targeting more rob…THEHACKERNEWS.COM
15 AugMayor of Columbus, Ohio, Says Ransomware Attackers Stole Corrupted, Unusable DataHackers recently stole data from Ohio’s largest city, but what they got was not usable and no personal information about city workers was made available online, the mayor said. The post Mayor of Columbus, Ohio, Says Ransomware Attackers Stole Corrupted, Unusable Data appeared fir…SECURITYWEEK.COM
15 AugOngoing Social Engineering Campaign Refreshes PayloadsRapid7 identified multiple intrusion attempts by threat actors utilizing social engineering tactics on June 20, 2024. The threat actors use email bombs followed by calls to offer fake solutions, with recent incidents involving Microsoft Teams calls.RAPID7.COM
15 AugRansomHub Group Deploys New EDR-Killing Tool in Latest Cyber AttacksA cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts, joining the likes of other similar programs like AuKill (aka AvNeutralizer) and Terminator. The …THEHACKERNEWS.COM
15 AugA massive cyber attack hit Central Bank of Iransubmitted by kid to cybersecurity 1 points | 0 comments https://securityaffairs.com/167066/hacking/cyberattack-central-bank-of-iran.htmlSECURITYAFFAIRS.COM
15 AugNews Malspam Attacks AnyDesk and Microsoft TeamsCybersecurity researchers have uncovered a sophisticated malspam campaign targeting unsuspecting users through email and phone calls. Attackers are leveraging popular platforms like AnyDesk and Microsoft Teams to gain unauthorized access to victims’ computers, raising alarm…GBHACKERS.COM
15 AugRansomware Group Added a New EDR Killer Tool to their arsenalA ransomware group known as RansomHub has been found deploying a new tool designed to disable endpoint detection and response (EDR) systems. This tool, EDRKillShifter, represents a significant advancement in the tactics used by cybercriminals to bypass security measures and execu…GBHACKERS.COM
15 AugRansomware Attacks on Industrial Firms Surged in Q2 2024Dragos has seen a significant increase in ransomware attacks on industrial organizations in Q2 2024 compared to the previous quarter. The post Ransomware Attacks on Industrial Firms Surged in Q2 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
15 AugIranian APT42 Group Launch A Massive Phishing Campaign To Attack U.S. Presidential ElectionAPT42 is an APT group that is believed to be backed by the Iranian government, and this group primarily focuses on cyber espionage. Besides this, APT42 is also well-known for other illicit activities. Apart from cyber espionage, they also conduct phishing campaigns, and data exfi…GBHACKERS.COM
15 AugBlack Basta Ransomware Gang Linked to a Malware CampaignThe attacks, detected on June 20, 2024, show threat actors using various tools like AnyDesk and AntiSpam.exe to harvest credentials. They also deploy payloads like Golang HTTP beacons and Socks proxy beacons.SECURITYAFFAIRS.COM
15 AugRansomware Payments Decline While Data Exfiltration Payments Are On The RiseThe latest data from Coveware shows a slowing of attack efficacy, a decrease in ransom payments being made, and a shift in initial access tactics.KNOWBE4.COM
15 AugRansomware gang deploys new malware to kill security softwareRansomHub ransomware operators have been spotted deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks [...]BLEEPINGCOMPUTER.COM
15 AugNationalPublicData.com Hack Exposes a Nation’s DataA great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know…KREBSONSECURITY.COM
🕵️ THREAT INTELLIGENCE 17[−]
15 AugISC Stormcast For Thursday, August 15th, 2024 https://isc.sans.edu/podcastdetail/9098, (Thu, Aug 15th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
15 AugNew Cyber Threat Targets Azerbaijan and Israel Diplomats, Stealing Sensitive DataA previously unknown threat actor has been attributed to a spate of attacks targeting Azerbaijan and Israel with an aim to steal sensitive data. The attack campaign, detected by NSFOCUS on July 1, 2024, leveraged spear-phishing emails to single out Azerbaijani and Israeli diploma…THEHACKERNEWS.COM
15 AugGitHub Makes Copilot Autofix Generally AvailableGitHub has made AI-powered Copilot Autofix generally available to help developers fix code vulnerabilities faster. The post GitHub Makes Copilot Autofix Generally Available appeared first on SecurityWeek .SECURITYWEEK.COM
15 AugWireshark 4.4.0rc1's Custom Columns, (Thu, Aug 15th)In diary entry " A Wireshark Lua Dissector for Fixed Field Length Protocols ", I show how to use a protocol dissector I wrote in Lua to parse TCP data.
ISC.SANS.EDU
15 AugHow leading CISOs build business-critical cyber culturesMost IT and information security leaders are very familiar with the term VUCA. Standing for volatility, uncertainty, complexity, and ambiguity, it encapsulates the world we’re operating in today, one that is only going to grow more complex and uncertain over time. The best cybers…CIO.COM
15 AugGoogle Confirms an Iranian Group Is Trying to Access Emails Linked to Both US Presidential CampaignsGoogle said an Iranian hacking group has tried to infiltrate the personal email accounts of roughly a dozen people linked to President Joe Biden and former President Donald Trump since May. The post Google Confirms an Iranian Group Is Trying to Access Emails Linked to Both US Pre…SECURITYWEEK.COM
15 AugSouth Korea Says DPRK Hackers Stole Spy Plane Technical DataSouth Korea's ruling party, the People Power Party (PPP), has reported that hackers from North Korea have stolen important technical data related to the country's main battle tank, the K2, as well as its spy planes known as "Baekdu" and "Geumgang."BLEEPINGCOMPUTER.COM
15 AugIdentity Threat Detection and Response Solution GuideThe Emergence of Identity Threat Detection and Response Identity Threat Detection and Response (ITDR) has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure …THEHACKERNEWS.COM
15 AugChina-linked Attackers Target Russian Govt Entitiessubmitted by kid to cybersecurity 1 points | 0 comments https://informationsecuritybuzz.com/china-attackers-target-russian-govt/INFORMATIONSECURITYBUZZ.COM
15 AugPalo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOARPalo Alto Networks has patched multiple vulnerabilities, including ones rated high severity, in several products. The post Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR appeared first on SecurityWeek .SECURITYWEEK.COM
15 AugRussian Sentenced to Prison in US for Selling Stolen InformationGeorgy Kavzharadze was sentenced to prison in the US for selling stolen financial, login, and personal information on an online cybercriminal marketplace. The post Russian Sentenced to Prison in US for Selling Stolen Information appeared first on SecurityWeek .SECURITYWEEK.COM
15 AugRussian-Linked Hackers Target Eastern European NGOs and MediaRussian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of t…THEHACKERNEWS.COM
15 AugCISOs list human error as their top cybersecurity riskWith cybersecurity, the focus often is on technology — specifically, how cyber criminals use it to conduct attacks and the tools that organizations can use to keep their systems and data safe. However, this overlooks the most important element in cybersecurity risk: human e…SECURITYINTELLIGENCE.COM
15 AugGoogle Disrupts Iranian Hacking Activity Targeting US Presidential ElectionGoogle says it blocked Iranian APT42 hackers from accessing the personal email accounts of individuals affiliated with the US elections. The post Google Disrupts Iranian Hacking Activity Targeting US Presidential Election appeared first on SecurityWeek .SECURITYWEEK.COM
15 AugEmployment Scams Continue to Target Job Seekers Via Phony Employment OffersThreat actors continue to target job seekers with phony employment offers on job search platforms like Indeed, researchers at Bitdefender warn.KNOWBE4.COM
15 AugCybersecurity Myths - Eugene Spafford - PSW #839Early on in his career Spaf was working with microcode and continued to work on technical projects. As time went on he realized that focusing on the non-technical work, such as policies and shaping our thinking, would help move the needle. Borrowing concepts from his book on the …YOUTUBE.COM
15 AugGitHub Actions Artifacts Leak Tokens and Expose Cloud Services and RepositoriesMisconfigurations and security bugs lead to GitHub Actions artifacts exposing tokens for third party cloud services and GitHub repositories. The post GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories appeared first on SecurityWeek .SECURITYWEEK.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
15 AugRogue AI is the Future of Cyber ThreatsThis is the first blog in a series on Rogue AI. Later articles will include technical guidance, case studies and more.TRENDMICRO.COM
15 AugNew Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto MiningA new variant of the Gafgyt botnet has been discovered by cybersecurity researchers, targeting machines with weak SSH passwords to mine cryptocurrency using GPU power. This variant is focusing on servers in cloud native environments.THEHACKERNEWS.COM
15 AugNew Phishing Attack Uses Sophisticated Infostealer MalwareA new phishing attack with advanced infostealer malware has been discovered by analysts. The malware collects sensitive data like passwords, cookies, credit card info, and browsing history.INFOSECURITY-MAGAZINE.COM
🎙️ PODCASTS 1[−]
15 AugTransatlantic Cable podcast episode 359 | Kaspersky official blogEpisode 359 looks at AI, facial recognition and much more!KASPERSKY.COM
📡 INFOSEC NEWS 11[−]
15 AugCryptoCore: Unmasking the Sophisticated Cryptocurrency Scam OperationsThe CryptoCore group's scam operation leverages deepfake technology, hijacked YouTube accounts, and professionally designed websites to trick users into sending cryptocurrencies to scammer wallets.DECODED.AVAST.IO
15 AugHow deepfakes threaten KYC (Know Your Customer) | Kaspersky official blogScammers are using AI-generated digital identities to bypass Know Your Customer procedures and open fake accounts.KASPERSKY.COM
15 AugMicrosoft shares temp fix for Outlook, Word crashes when typingMicrosoft has shared a temporary fix for a known issue that causes Microsoft 365 apps like Outlook, Word, and OneNote to unexpectedly crash while typing or spell-checking a text. [...]BLEEPINGCOMPUTER.COM
15 AugResearchers Hack Electronic Shifters With A Few Hundred Dollars Of HardwarePACKETSTORMSECURITY.COM
15 AugEvery American's Social Security Number May Have Been Stolen By HackersPACKETSTORMSECURITY.COM
15 AugRegion 10 Team Provides Vital Election Security Training for IdahoWorking with Region 10 cybersecurity, protective security, and election security advisors, the Idaho Secretary of State Office recently spearheaded a comprehensive initiative aimed at bolstering election security readiness through a virtual webinar training series.CISA.GOV
15 AugMicrosoft removes FAT32 partition size limit in Windows 11Microsoft removed today an arbitrary 32GB size limit for FAT32 partitions in the latest Windows 11 Canary build, now allowing for a maximum size of 2TB. [...]BLEEPINGCOMPUTER.COM