🚨 CISA KEV 1[−]
19 Aug KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-23897 Jenkins Command Line Interface (CLI) Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for ma…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
19 AugMicrosoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus GroupA newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug…THEHACKERNEWS.COM
19 AugUpdate: Windows Zero-Day Flaw was Exploited by North Korea-linked Lazarus APTMicrosoft has patched a zero-day vulnerability, known as CVE-2024-38193, that was being exploited by the North Korea-linked Lazarus APT group. This vulnerability is a privilege escalation issue in the Windows Ancillary Function Driver for WinSock.SECURITYAFFAIRS.COM
19 AugLinux Kernal Vulnerability Let Attackers Bypass CPU & Gain Read/Write AccessResearchers have uncovered a critical vulnerability within the Linux kernel’s dmam_free_coherent() function. This flaw, identified as CVE-2024-43856, stems from a race condition caused by the improper order of operations when freeing Direct Memory Access (DMA) all…GBHACKERS.COM
19 AugLazarus Hacker Group Exploited Microsoft Windows Zero-dayThe notorious Lazarus hacker group has been identified as exploiting a zero-day vulnerability in Microsoft Windows, specifically targeting the Windows Ancillary Function Driver for WinSock (AFD.sys). This vulnerability, cataloged as CVE-2024-38193, was discovered by researchers L…GBHACKERS.COM
19 AugWindows Critical Vulnerability: CVE-2024-38063submitted by pnutzh4x0r to cybersecurity 2 points | 0 comments https://www.cybermaxx.com/resources/cve-2024-38063/ cross-posted from: lemmy.ndlug.org/post/1002763 A critical vulnerability has been identified in the Windows TCP/IP Stack that allows for unauthenticated RCE. No user…CYBERMAXX.COM
19 Aug KEVWindows Zero-Day Attack Linked to North Korea’s Lazarus APTThe vulnerability, tracked as CVE-2024-38193 and marked as ‘actively exploited’ by Microsoft, allows SYSTEM privileges on the latest Windows operating systems. The post Windows Zero-Day Attack Linked to North Korea’s Lazarus APT appeared first on SecurityWeek .SECURITYWEEK.COM
⚠️ VULNERABILITY DISCLOSURE 20[−]
19 AugAWS environments compromised through exposed .env filesA data extortion campaign that compromises AWS resources through credentials collected from environment (.env) files stored insecurely on web servers has been uncovered by Unit 42 researchers. The exposed files contained AWS access keys, credentials for databases and social media…CSOONLINE.COM
19 AugWho writes the code in your security software? You need to knowThe recent ban on Kaspersky security software is a reminder that we all need to review the source and coding processes of all software used in our organizations, and not just those with a government mandate. Do you know where the software is coded up? Who maintains the code? Is t…CSOONLINE.COM
19 AugResearchers Found a New Technique to Defend Cache Side Channel AttacksResearchers from the University of Rochester have unveiled a novel technique to defend against cache side-channel attacks, a prevalent threat in modern computing systems. The new method, named RollingCache, promises to enhance the security of shared systems by dynamically alterin…GBHACKERS.COM
19 AugThousands of Oracle NetSuite E-Commerce Sites Expose Sensitive Customer DataThousands of Oracle NetSuite E-Commerce Sites are at Risk of Exposing Sensitive Customer Data due to a widespread misconfiguration in the SuiteCommerce enterprise resource planning (ERP) platform.DARKREADING.COM
19 AugCrowdStrike questions could give CISOs pause — with options availableAs enterprise CISOs and other executives are still calculating the impact of CrowdStrike’s disastrous July update glitch, some feel the need to assess alternatives. The big issue is transparency or, more precisely, the lack of meaningful transparency from CrowdStrike. CrowdStrike…CSOONLINE.COM
19 AugXeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing AttacksMalicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials fo…THEHACKERNEWS.COM
19 AugUnfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDsCymulate's proof-of-concept attack demonstrates how multiple on-premises domains syncing to a single Azure tenant can lead to credential mishandling, potentially allowing unauthorized access to different domains.DARKREADING.COM
19 AugIs Disabling Clickable URL Links Enough?Recently, we had a customer reach out to ask if disabling clickable uniform resource locator (URL) links in emails was enough protection by itself to potentially not need employee security awareness training and simulated phishing .KNOWBE4.COM
19 AugAzure Domains and Google Abused to Spread Disinformation and MalwareAzure domains and Google have been exploited to spread disinformation and malware in a sophisticated campaign that involves using several Microsoft Azure and OVH cloud subdomains along with Google search notifications.BLEEPINGCOMPUTER.COM
19 AugCybercriminals Exploit Popular Software Searches to Spread FakeBat MalwareCybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks are opportunistic in nature, targeting users seeking popular business software," the Mandiant Managed Defense team said…THEHACKERNEWS.COM
19 AugUS Lawmakers Want Investigation Into TP-Link Over Chinese Hacking FearsLawmakers want TP-Link to be investigated by the Department of Commerce over concerns that its routers can be easily hacked to infiltrate US systems. The post US Lawmakers Want Investigation Into TP-Link Over Chinese Hacking Fears appeared first on SecurityWeek .SECURITYWEEK.COM
19 AugMicrosoft Announces Mandatory MFA for AzureMicrosoft is implementing automatic enforcement of multi-factor authentication (MFA) for all Azure users starting October. The post Microsoft Announces Mandatory MFA for Azure appeared first on SecurityWeek .SECURITYWEEK.COM
19 AugAI SPERA and Hackers Central Partner to Expand Mexico’s Security Market with ‘Criminal IP ASM’AI SPERA, a leading Cyber Threat Intelligence (CTI) company, has announced a strategic partnership with Hackers Central, a major cybersecurity management service provider in Mexico. The announcement marks a significant step in AI SPERA’s strategy to broaden its international foot…GBHACKERS.COM
19 AugThe Long Road to Recovery Following a Ransomware AttackWhen it comes to the duration of a ransomware attack and the subsequent recovery process, the numbers are staggering and vary wildly. Partly because there’s no single source which compiles all the information in a consistent manner.KNOWBE4.COM
19 AugU.K. Management Almost Twice as Likely to Fall for Phishing Attacks Versus Entry-Level EmployeesHighlights from a new survey focused on employee compliance reveals just how targeted and susceptible U.K. businesses are to phishing attempts.KNOWBE4.COM
19 Aug KEVCISA warns of Jenkins RCE bug exploited in ransomware attacksCISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks. [...]BLEEPINGCOMPUTER.COM
19 AugWhy Cyber Resilience Matters - Theresa Lanowitz - BSW #361What are the barriers to cyber resilience today? Why is it so difficult? And what is coming next, that will generate resilience challenges further down the line? After five years of focusing on the short- and medium-term future of cybersecurity and edge, this year, LevelBlue want…YOUTUBE.COM
19 AugNavigating Innovation and Risk & Any Browser Can Be A Secure Enterprise Browser - Ther... - BSW #361While CISOs are often responsible for technology implementation, they are not getting the support they need at a strategic level. The Accelerator found that 73% of CISOs expressed concern over cybersecurity becoming unwieldy, requiring risk-laden tradeoffs, compared to only 58% o…YOUTUBE.COM
19 AugWindows driver zero-day exploited by Lazarus hackers to install rootkitThe notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. [...]BLEEPINGCOMPUTER.COM
19 Aug KEVWas ist Social Engineering?Mit Social-Engineering-Techniken manipulieren Cyberkriminelle die menschliche Psyche. Lesen Sie, wie das funktioniert und wie Sie sich schützen können. Foto: sp3n – shutterstock.com Selbst wenn Sie bei der Absicherung Ihres Rechenzentrums, Ihrer Cloud-Implementierungen und der ph…CSOONLINE.COM
📢 SECURITY ADVISORIES 8[−]
19 AugBuilding Timely and Truthful LLMs for Security OperationsNYUs Brennan Lodge on Training Your Own Model With Retrieval Augmented Generation Many cybersecurity organizations hope generative artificial intelligence and large language models will help them secure the enterprise and comply with the latest regulations. But to date, commercia…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 23[−]
19 AugExplore Talent (August 2024) - 8,929,384 breached accountsIn August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the talent network Explore Talent . A vulnerable API exposed the personal records of 11.4M users of the service of which 8.9M unique email addresses were provi…HAVEIBEENPWNED.COM
19 AugTracki - 372,557 breached accountsIn August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the GPS tracking service Tracki . Multiple vulnerabilities exposed the personal records of 372k users of the service including names and email addresses.HAVEIBEENPWNED.COM
19 Aug100,000 Impacted by Jewish Home Lifecare Data BreachA Jewish Home Lifecare data breach resulting from a BlackCat ransomware attack impacts over 100,000 individuals. The post 100,000 Impacted by Jewish Home Lifecare Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
19 AugThe State of RansomwarePalo Alto Networks published its semi-annual report on ransomware. From the Executive Summary: Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024…SCHNEIER.COM
19 AugMad Liberator Gang Uses Fake Windows Update Screen to Hide Data TheftA new cybercrime group named Mad Liberator has been identified by the Sophos X-Ops Incident Response team for targeting AnyDesk users. This ransomware group is using a fake Microsoft Windows update screen to hide their data exfiltration activities.BLEEPINGCOMPUTER.COM
19 AugCrypto Firm Says Hacker Locked All Employees Out of Google Products for Four DaysA cryptocurrency company reported to the SEC that a hacker breached its systems on August 9, 2024, locking all employees out of Google products for four days by changing the passwords on their G-Suite accounts.THERECORD.MEDIA
19 AugRansomware Group Known as ‘Royal’ Rebrands as BlackSuit and Is Leveraging New Attack MethodsThe ransomware threat group formerly known as "Royal" has rebranded itself as BlackSuit and updated their attack methods, warns the FBI.KNOWBE4.COM
19 AugNational Public Data Says Breach Impacts 1.3 Million PeopleNational Public Data (NPD) has confirmed suffering a data breach, but the company says the incident only affects 1.3 million people in the US. The post National Public Data Says Breach Impacts 1.3 Million People appeared first on SecurityWeek .SECURITYWEEK.COM
19 AugCity of Flint Scrambling to Restore Services Following Ransomware AttackThe City of Flint, Michigan, has been struggling with network and online service disruptions after being hit by ransomware last week. The post City of Flint Scrambling to Restore Services Following Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
19 AugFlightAware configuration error leaked user data for yearsFlight tracking platform FlightAware is asking some users to reset their account login passwords due to a data security incident that may have exposed personal information. [...]BLEEPINGCOMPUTER.COM
19 AugCarespring Data Breach Exposes Personal and Medical Information of Nearly 77,000 PatientsData includes names, dates of birth, physical addresses, Social Security Numbers, medical and diagnosis information, and health insurance details. The post Carespring Data Breach Exposes Personal and Medical Information of Nearly 77,000 Patients appeared first on SecurityWeek .SECURITYWEEK.COM
19 AugNational Public Data Published Its Own PasswordsNew details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shar…KREBSONSECURITY.COM
19 AugFlorida-Based Drug Testing Lab Says 300,000 Affected in HackCybercriminal Gang RansomHub Claims It Leaked 700 Gigabytes of Lab's Stolen Data Florida drug testing medical laboratory American Clinical Solutions told federal regulators that 300,000 individuals are caught up in a hacking incident now that criminal gang RansomHub has published…DATABREACHTODAY.CO.UK
19 AugBackground Check Firm National Public Data Confirms Breach1.3 Million Individuals Being Notified Their Social Security Numbers Were Stolen Background check firm Jericho Pictures, which does business as National Public Data, is notifying 1.3 million individuals that their personal information was stolen via a December 2023 breach of its …DATABREACHTODAY.CO.UK
19 AugHow the Paris Olympics Survived Unprecedented CyberthreatsOfficials Say the Olympic Games Saw 140 Cyberattacks. None Were Successful. France’s cyber defense agency teamed up with governments and security experts from across the globe to identify and mitigate a historic level of both physical and cyber threats following years of preparat…DATABREACHTODAY.CO.UK
19 AugChinese Hacking Firm iSoon Targeted European NetworksGerman Government Analysis Finds Screenshots of File Directories A massive February leak of internal documents from Chinese hacking contractor iSoon revealed apparent hacking against European institutions and states, a German federal agency warned this week. Previous analysis of …DATABREACHTODAY.CO.UK
19 AugThe Upside-Down, Topsy-Turvy World of RansomwareCrowded Leak Site May Be a Weakness and Fewer New Players a Sign of Higher Quality How many ransomware victims pay their attackers a ransom precisely to avoid having their names listed - or their stolen data dumped - on a ransomware group's data leak blog? We don't know, but leak…DATABREACHTODAY.CO.UK
19 AugRansomware rakes in record-breaking $450 million in first half of 2024Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level. [...]BLEEPINGCOMPUTER.COM
19 AugToyota confirms breach after stolen data leaks on hacking forumToyota confirmed that its network was breached after a threat actor leaked an archive of 240GB of data stolen from the company's systems on a hacking forum. [...]BLEEPINGCOMPUTER.COM
19 AugFBI Confirms Iranian Hack Targeting Trump CampaignFBI Says Iran, Russia Ramping Up Influence Operations Ahead of National Vote The FBI confirmed recent reports that Iran hacked into former President Donald Trump’s campaign, saying in a Monday statement the country was attempting "to stoke discord and undermine confidence" in the…DATABREACHTODAY.CO.UK
19 AugToyota confirms third-party data breach impacting customersToyota confirmed that customer data was exposed in a third-party data breach after a threat actor leaked an archive of 240GB of stolen data on a hacking forum. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 11[−]
19 AugISC Stormcast For Monday, August 19th, 2024 https://isc.sans.edu/podcastdetail/9102, (Mon, Aug 19th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
19 AugBeaverTail Malware Attacking Windows Users Via Weaponized GamesResearchers uncovered a new malware campaign dubbed BeaverTail, a North Korean cyber espionage malware family primarily focusing on job seekers. Initially identified as a JavaScript-based info stealer, it has since morphed into a native macOS version that pretends to be legitimat…GBHACKERS.COM
19 AugResearchers Uncover New Infrastructure Tied to FIN7 Cybercrime GroupCybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7. The two clusters of potential FIN7 activity "indicate communications inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd (Russia) and Smart…THEHACKERNEWS.COM
19 AugOpenAI takes action against Iranian disinformation campaigns using ChatGPT: Cyber Security Today for Monday, August 19th, 2024Cybersecurity Today: OpenAI's Action Against Iranian Disinformation & Chrome's New Privacy Features In this episode of Cybersecurity Today, host Jim Love discusses OpenAI's recent identification and neutralization of chat GPT accounts linked to Iranian disinformation campaigns, G…CYBERSECURITYTODAY.LIBSYN.COM
19 AugDo you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python, (Mon, Aug 19th)I found a tiny .bat file that looked not suspicious at all: 3650.bat (SHA256:bca5c30a413db21f2f85d7297cf3a9d8cedfd662c77aacee49e821c8b7749290) with a very low VirusTotal score (2/65)[ 1 ]. The file is very simple, it invokes a PowerShell:
ISC.SANS.EDU
19 AugResearchers Uncover New Infrastructure Tied to FIN7 Cybercrime GroupResearchers have uncovered new infrastructure connected to the financially motivated threat actor FIN7. The analysis reveals communications inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd in Russia and SmartApe in Estonia.THEHACKERNEWS.COM
19 AugOregon Zoo Ticketing Service Hack Impacts 118,000A web skimmer was likely used to steal names and payment card data from the Oregon Zoo’s online ticketing service. The post Oregon Zoo Ticketing Service Hack Impacts 118,000 appeared first on SecurityWeek .SECURITYWEEK.COM
19 AugMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
19 AugNew UULoader Malware Distributes Gh0st RAT and Mimikatz in East AsiaA new type of malware called UULoader is being used by threat actors to deliver next-stage payloads like Gh0st RAT and Mimikatz. The Cyberint Research Team, which discovered the malware, said it's distributed in the form of malicious installers for legitimate applications targeti…THEHACKERNEWS.COM
19 AugBlack Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software securePresident Biden’s call for the mainstreaming of Software Bill of Materials (SBOMs) is a major step forward. Related: Europe mandates resiliency Requiring a formal inventory of all components, libraries and modules in all business applications can help lock down software … (…LASTWATCHDOG.COM
19 AugRansomHub-linked EDR-killing malware spotted in the wildsubmitted by kid to cybersecurity 1 points | 0 comments https://www.theregister.com/2024/08/19/ransomhub_edrkilling_malware/THEREGISTER.COM
📡 INFOSEC NEWS 13[−]
19 AugIndustry Moves for the week of August 19, 2024 - SecurityWeekExplore industry moves and significant changes in the industry for the week of August 19, 2024. Stay updated with the latest industry trends and shifts.SECURITYWEEK.COM
19 AugPrivacy-Preserving Attribution by Mozilla: what is it and what’s it for? | Kaspersky official blogMozilla's Privacy-Preserving Attribution feature is designed to replace third-party cookies for evaluating online advertising.KASPERSKY.COM
19 AugHackers linked to $14M Holograph crypto heist arrested in ItalySuspected hackers behind the heist of $14,000,000 worth of cryptocurrency from blockchain tech firm Holograph was arrested in Italy after living a lavish lifestyle for weeks in the country. [...]BLEEPINGCOMPUTER.COM
19 AugFlightAware warns that some customers’ info has been ‘exposed,’ including Social Security numbersThe flight tracking company says the misconfiguration exposed customer names, addresses, and pilot's data, as well as Social Security numbers. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
19 AugSAFECOM and NCSWIC Develop Global Positioning System (GPS) for Public Safety Location Services: Use Cases and Best PracticesCISA.GOV
19 AugWhy Zero Trust is Still Important: Insights, Challenges, and RecommendationsDATABREACHTODAY.CO.UK
19 AugLive Webinar | Evolving Beyond Legacy: Fast-Tracking Innovation with Modern Identity SecurityDATABREACHTODAY.CO.UK
19 AugWebinar | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your RiskDATABREACHTODAY.CO.UK
19 AugWhy MDR Stalwart eSentire Is Looking to Sell Itself for $1BAging Technology and Rising Competition Have Created a Need for Greater Investment The owners of eSentire are exploring a potential sale that could value the company at about $1 billion and attract the interest of private equity firms. The company is hoping to command a valuation…DATABREACHTODAY.CO.UK
19 AugCybersecurity Consulting: Is It the Right Career for You?Explore the Wide Range of Categories and Services and What It Takes to Do the Job Cybersecurity consulting encompasses a wide array of services and specialties, ranging from high-level strategic guidance to hands-on technical support. Discover the categories and learn how to posi…DATABREACHTODAY.CO.UK
19 AugWhy SEC, SolarWinds Eye Settlement Talks in Cyber Fraud CaseSEC 'Proposed Specific Settlement Terms' But Defense Unlikely to Accept, Judge Told Federal regulators and SolarWinds are eyeing a truce weeks after a judge dismissed most claims related to misleading investors about the company's security practices and risks. SEC lawyer Christop…DATABREACHTODAY.CO.UK