107Articles
9Categories
2024-08-20Date
🚨 CISA KEV 1[−]
20 Aug KEVCISA Adds Jenkins CLI Bug to its Known Exploited Vulnerabilities CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Jenkins Command Line Interface (CLI) Path Traversal vulnerability, known as CVE-2024-23897 with a CVSS score of 9.8, to its Known Exploited Vulnerabilities catalog.SECURITYAFFAIRS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
20 Aug KEVCISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware AttacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware attacks. The vulnerability, tracked as CVE-2024-23897 (CVSS score: …THEHACKERNEWS.COM
20 AugAutodesk AutoCAD Vulnerability Let Attackers Execute Arbitrary CodeAutodesk has disclosed a critical vulnerability in its AutoCAD software, which could allow malicious actors to execute arbitrary code. This vulnerability, CVE-2024-7305, identified in the AdDwfPdk.dll component, is triggered when a specially crafted DWF (Design Web Format) file i…GBHACKERS.COM
20 AugUnauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress SitesA critical vulnerability has been discovered in the GiveWP plugin, a popular WordPress donation and fundraising platform. This vulnerability, CVE-2024-5932, exposes over 100,000 WordPress sites to potential remote code execution (RCE) attacks. The vulnerability was responsibly di…GBHACKERS.COM
20 AugCVE-2024-38213: Copy2Pwn Exploit Evades Windows Web Protectionssubmitted by BodaciousMunchkin to cybersecurity 1 points | 0 comments https://www.zerodayinitiative.com/blog/2024/8/14/cve-2024-38213-copy2pwn-exploit-evades-windows-web-protections cross-posted from: links.hackliberty.org/post/2459180 When a user downloads a file from an untrust…ZERODAYINITIATIVE.COM
20 AugWhere are we with CVE-2024-38063: Microsoft IPv6 Vulnerability, (Tue, Aug 20th)I recorded a quick live stream with a quick update on CVE-2024-38063. The video focuses on determining the exploitability, particularly whether your systems are reachable by IPv6. ISC.SANS.EDU
20 AugHackers use PHP exploit to backdoor Windows systems with new malwareUnknown attackers have deployed a newly discovered backdoor dubbed Msupedge on a university's Windows systems in Taiwan, likely by exploiting a recently patched PHP remote code execution vulnerability (CVE-2024-4577). [...]BLEEPINGCOMPUTER.COM
20 AugCVE-2024-38175 Azure Managed Instance for Apache Cassandra Elevation of Privilege VulnerabilityAn improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
20 AugWindows Downdate: exploitation techniques and countermeasuresWindows Downdate attack through CVE-2024-21302 vulnerability: detection methods and risk mitigationKASPERSKY.COM
⚠️ VULNERABILITY DISCLOSURE 30[−]
20 AugThousands of Oracle NetSuite Sites at Risk of Exposing Customer InformationCybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information. "A potential issue in NetSuite's SuiteCommerce platform could allow attackers t…THEHACKERNEWS.COM
20 AugWindows 0-day was exploited by North Korea to install advanced rootkitsubmitted by MrSoup to cybersecurity 2 points | 0 comments https://arstechnica.com/security/2024/08/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit/ cross-posted from: reddthat.com/post/24242195ARSTECHNICA.COM
20 AugBlind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin AmericaCybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations. Targets of these attacks span several sectors, including governmental in…THEHACKERNEWS.COM
20 AugHow CISOs can tackle the pernicious problem of poisoned packagesSince the early 2000s, open-source software, accessible to all without licensing agreements, has captured an ever-growing slice of the world’s software supply. Estimates vary, but according to Synopsis , 96% of all codebases contain open-source software, with 76% of all code orig…CSOONLINE.COM
20 Augapps .. repo or notsubmitted by kristoff to cybersecurity 1 points | 0 comments https://m.krbonne.net/@kristoff/112984731113603232 Hi all, Interesting problem. An open-source project gets their app removed from google play, so they post a message on mastodon that -for the time being- you can downlo…INFOSEC.PUB
20 AugCybercriminals Exploit Paris Olympics With Fake DomainsAccording to a report by cybersecurity researchers at BforeAI, threat actors used fake social media accounts, stores, ticketing systems, and fraudulent cryptocurrencies to target unsuspecting victims.INFOSECURITY-MAGAZINE.COM
20 AugMicrosoft Mandates MFA for all Azure Sign-InsPhase 1 in October 2024 will require MFA for accessing Azure portal, Microsoft Entra admin center, and Intune admin center, with Phase 2 in early 2025 extending enforcement to Azure CLI, Azure PowerShell, mobile app, and Infrastructure as Code tools.INFOSECURITY-MAGAZINE.COM
20 Aug KEVCISOs urged to prepare now for post-quantum cryptographyAfter eight years of review and development, the US National Institute of Standards and Technology (NIST) has chosen three encryption algorithms as the basis for its post-quantum cryptography (PQC). The three new algorithms collectively cover general encryption — used to protect …CSOONLINE.COM
20 AugUpdate: Ransomware Attack on Indian Payment System Traced Back to Jenkins BugA recent ransomware attack on Indian payment systems has been traced back to a vulnerability in the widely used Jenkins automation system. The attack targeted a digital payment system used by many Indian banks.THERECORD.MEDIA
20 AugAuthentik: Open-Source Identity ProviderAuthentik is known for its adaptability and flexibility. It seamlessly integrates into existing environments, offering support for various protocols. It simplifies tasks like sign-up and account recovery in applications.HELPNETSECURITY.COM
20 AugHackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge BackdoorA previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan. "The most notable feature of this backdoor is that it communicates with a command-and-control (C&C) server via DNS traffic," the Symantec Th…THEHACKERNEWS.COM
20 AugAnatomy of an AttackIn today's rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial. This article delves into the mechanics of a common applicat…THEHACKERNEWS.COM
20 AugResearchers Uncover TLS Bootstrap Attack on Azure Kubernetes ClustersCybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and access credentials for services used by the cluster. "An attacker with command executio…THEHACKERNEWS.COM
20 AugNo Deal: Action1 Rebuffs CrowdStrike's Interest in $1B BuyAction1 Opts For Independence, Believes It Can Become Multi-Billion Dollar Business Action1 has rebuffed CrowdStrike's interest in acquiring the patch management and vulnerability remediation startup for $1 billion and opted to remain independent. Action 1 has decided to turn dow…DATABREACHTODAY.CO.UK
20 AugCritical Jenkins vulnerability added to CISA’s known vulnerabilities catalogsubmitted by kid to cybersecurity 2 points | 0 comments https://www.scmagazine.com/news/critical-jenkins-vulnerability-added-to-cisas-known-vulnerabilities-catalogSCMAGAZINE.COM
20 AugCisco, Microsoft Disagree on Severity of macOS App VulnerabilitiesMultiple vulnerabilities in Microsoft applications for macOS could be exploited to send emails, leak sensitive information, and escalate privileges. The post Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
20 AugTech giants warn proposed Hong Kong cyber rules could undermine digital economyHong Kong’s proposed cybersecurity regulations have sparked controversy, with US tech giants and business groups warning the legislation could grant the government unprecedented access to computer systems and stifle investment in the city’s digital economy. The Asia Internet Coal…CSOONLINE.COM
20 Augx64dbg: Open-Source Binary Debugger for Windowsx64dbg is an open-source binary debugger for Windows, perfect for malware analysis and reverse engineering executables. It has a user-friendly UI that simplifies navigation and provides context on the process.HELPNETSECURITY.COM
20 AugCybercriminals Exploit Popular Software Searches to Spread FakeBat MalwareCybercriminals are using popular software searches to spread FakeBat malware, a loader linked to threat actor Eugenfest and identified by Google's threat intelligence team as NUMOZYLOD.THEHACKERNEWS.COM
20 AugPhrack Magazine Issue 71submitted by pnutzh4x0r to cybersecurity 1 points | 0 comments http://phrack.org/issues/71/1.html --[ Table of Contents 0x01 Introduction ........................................ Phrack Staff 0x02 Phrack Prophile ..................................... Phrack Staff 0x03 Linenoise .…PHRACK.ORG
20 AugUS government accuses Iran of Trump campaign hack; Iran scoffsOn Monday, the U.S. government formally accused Iran of hacking the Donald Trump campaign. In a joint statement issued by the FBI, the Office of the Director of National Intelligence (ODNI), and the Cybersecurity and Infrastructure Security Agency or CISA, the three agencies said…TECHCRUNCH.COM
20 AugCritical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to TakeoverA critical vulnerability in the GiveWP WordPress plugin could be exploited for remote code execution and arbitrary file deletion. The post Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover appeared first on SecurityWeek .SECURITYWEEK.COM
20 AugNavigating the Path to Maturity & AI is helping combat cyber threats - Shimon Modi, Bo... - ASW #296As development cycles shorten and more responsibilities shift to developers, application security (AppSec) is rapidly evolving. Organizations are increasingly building mature programs that automate and enhance AppSec, moving beyond manual processes. In this discussion, we explore…YOUTUBE.COM
20 AugNorth Korea Exploited Windows Zero-Day to Deploy FudmoduleLazarus Espionage Group's Sophisticated Malware Evades Antivirus Monitoring North Korea's Lazarus hacking team, which focuses on cryptocurrency theft and espionage, has once again been exploiting a zero-day vulnerability in Microsoft Windows to install antivirus-suppressing malwa…DATABREACHTODAY.CO.UK
20 AugMicrochip Technology discloses cyberattack impacting operationsAmerican chipmaker Microchip Technology Incorporated has disclosed that a cyberattack impacted its systems over the weekend, disrupting operations across multiple manufacturing facilities. [...]BLEEPINGCOMPUTER.COM
20 AugData Exfiltration from Slack AI via indirect prompt injectionsubmitted by pnutzh4x0r to cybersecurity 2 points | 1 comments https://promptarmor.substack.com/p/data-exfiltration-from-slack-ai-via This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for conten…PROMPTARMOR.SUBSTACK.COM
20 AugBest Practices for Event Logging and Threat DetectionExecutive Summary This publication defines a baseline for event logging best practices to mitigate cyber threats. It was developed by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) in cooperation with the following international partners: …CISA.GOV
📋 SECURITY BULLETINS 2[−]
20 AugAugust Windows updates break dual boot on some Linux systemsAccording to user reports following this month's Patch Tuesday, the August 2024 Windows updates are breaking dual boot on some Linux systems with Secure Boot enabled. [...]BLEEPINGCOMPUTER.COM
20 AugAugust Windows security update breaks dual boot on Linux systemsAccording to user reports following this month's Patch Tuesday, the August 2024 Windows security updates are breaking dual boot on some Linux systems with Secure Boot enabled. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 7[−]
20 AugFBI and CISA Assure Public on Election Ransomware SecurityFBI and CISA issued a PSA reassuring the public about the security of the 2024 election cycle against ransomware attacks. While attacks on government networks could cause temporary delays, voting systems' integrity remains intact.INFOSECURITY-MAGAZINE.COM
20 AugUpdate: US Agencies Attribute Presidential Campaign Cyberattacks to IranThe statement — which came Monday from the FBI, CISA, and the Office of the Director of National Intelligence (ODNI) — specifically attributes the recently announced cyberattack on the campaign of former President Donald Trump to Iranian actors.THERECORD.MEDIA
20 AugCISA to Get New $524 Million Headquarters in DC, Backed by Inflation Reduction Act FundingClark Construction has been tasked with building the 630,000 square foot sustainable state-of-the-art facility for CISA. The post CISA to Get New $524 Million Headquarters in DC, Backed by Inflation Reduction Act Funding appeared first on SecurityWeek .SECURITYWEEK.COM
20 AugUK: NCSC Opens Cyber Resilience Audit Scheme to ApplicantsThe NCSC has launched the Cyber Resilience Audit (CRA) scheme to find auditors for a new cyber-resilience initiative. It focuses on conducting independent audits based on the Cyber Assessment Framework (CAF) to support nationally critical sectors.INFOSECURITY-MAGAZINE.COM
20 AugBalancing AI Regulation: Comprehensive vs. Targeted ApproachR Street Director Brandon Pugh on Congress' AI Learning Curve, Future Legislation Brandon Pugh of R Street Institute discusses Congress' struggle to balance AI innovation and regulation, the U.S. approach compared to the EU, and the urgent need for privacy laws to protect AI-driv…DATABREACHTODAY.CO.UK
20 AugCybersecurity Is Everywhere: ENISA COOHans de Vries on Securing Europe's Digital Future With Laws and Skills Development Europe faces unprecedented security challenges as organizations embrace digital change. That's why ENISA is focusing on critical areas to bolster Europe's digital defenses - supporting member state…DATABREACHTODAY.CO.UK
20 AugNews alert: INE Security advisory: The steep cost of neglecting cybersecurity trainingCary, NC, Aug. 22, 2024, CyberNewsWire — In modern business, cybersecurity is not merely a technical concern but a crucial financial safeguard. With cyber threats growing in sophistication and frequency, the financial implications of neglecting cybersecurity training are se…LASTWATCHDOG.COM
🔥 INCIDENT REPORTING 14[−]
20 AugUS Bipartisan Committee Urges Investigation Into Chinese Wi-Fi RoutersHouse members John Moolenaar and Raja Krishnamoorthi expressed worries about TP-Link Technologies, the world's top Wi-Fi product provider, being vulnerable to compromised by state-sponsored hackers from China.INFOSECURITY-MAGAZINE.COM
20 AugRansomware Victims Paid $460 Million in First Half of 2024Ransomware payments in H1 2024 totaled nearly $460 million and $1.58 billion have been stolen in cryptocurrency heists. The post Ransomware Victims Paid $460 Million in First Half of 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
20 AugMegaMedusa, Highly Scalable Web DDoS Attack Tool Used By Hacker GroupsRipperSec, a pro-Palestinian, pro-Muslim Malaysian hacktivist group, has rapidly grown since its Telegram inception in June 2023.  Leveraging a community of over 2,000 members, they conduct cyberattacks, including data breaches, defacements, and DDoS attacks, and their prima…GBHACKERS.COM
20 AugCost of a data breach: The industrial sectorIndustrial organizations recently received a report card on their performance regarding data breach costs. And there’s plenty of room for improvement. According to the 2024 IBM Cost of a Data Breach (CODB) report, the average total cost of a data breach in the industrial se…SECURITYINTELLIGENCE.COM
20 AugRansomware Resilience Drives Down Cyber Insurance ClaimsRansomware resilience is leading to a decrease in cyber insurance claims, as reported by UK backup solutions provider Databarracks. While more organizations are investing in cyber insurance, the number of claims has dropped significantly.INFOSECURITY-MAGAZINE.COM
20 AugCommon API Security Issues: From Exposed Secrets To Unauthorized AccessAPI security is a major concern due to issues like exposed secrets and unauthorized access, leading to serious vulnerabilities for many organizations. A recent report shoed 35% of exposed API keys are still active, posing significant security risks.HELPNETSECURITY.COM
20 AugRussia-linked Vermin Hackers Target Ukraine With new Malware StrainCERT-UA has identified the deployment of two malicious tools by Vermin: Spectr spyware, which can capture screenshots and steal data, and a new malware strain called Firmachagent, which is used to upload stolen data.THERECORD.MEDIA
20 AugHacker locks Unicoin staff out of Google accounts for 4 daysA hacker compromised Unicoin's Google Workspace (formerly G-Suite) account and changed the passwords for all company employees, locking them out of their corporate accounts for days. [...]BLEEPINGCOMPUTER.COM
20 AugThe Fallout and Lessons Learned from the CrowdStrike Fiasco - Allie Mellen, Jeff Pollard - ASW #296This week, Jeff Pollard and Allie Mellen join us to discuss the fallout and lessons learned from the CrowdStrike fiasco. They explore the reasons behind running in the kernel, the challenges of software quality, and the distinction between a security incident and an IT incident. …YOUTUBE.COM
20 AugOregon Zoo warns visitors their credit card details were stolenOregon Zoo is informing that visitors who purchased tickets online between December and June had their payment card information compromised. [...]BLEEPINGCOMPUTER.COM
20 AugRansomware Trends: Most Attacks Hit Between 1am and 5am, Study Findssubmitted by kid to cybersecurity 2 points | 0 comments https://www.techrepublic.com/article/ransomware-trends-malwarebytes/TECHREPUBLIC.COM
20 AugMcLaren Health Expects IT Disruption to Last Through AugustPatients Still Asked to Bring Paper Records to Appointments Post-Ransomware Attack McLaren Health Care expects IT disruptions caused by a ransomware attack earlier this month to last through the end of August. While most of McLaren's facilities are open, IT systems across its hos…DATABREACHTODAY.CO.UK
20 AugHow Ransomware Group Stability Affects Payment DecisionsRobert Boyce on Accenture's Strategy for Assessing the Behavior of Ransomware Gangs Accenture Global Cyber Resilience Lead Robert Boyce outlines why organizations must assess the stability of ransomware groups before deciding how to respond to extortion threats. He outlines how t…DATABREACHTODAY.CO.UK
20 AugCannonDesign confirms Avos Locker ransomware data breachThe Cannon Corporation dba CannonDesign is sending notices of a data breach to more than 13,000 of its clients, informing that hackers breached and stole data from its network in an attack in early 2023. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 24[−]
20 AugIdentity Protection That Spans the Entire Attack LifecyclePalo Alto Networks Identity Threat Detection and Response (ITDR) offering emerges as a critical pillar of modern cybersecurity strategy. The post Identity Protection That Spans the Entire Attack Lifecycle appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
20 AugUS Intelligence Officials Say Iran is to Blame for Hacks Targeting Trump, Biden-Harris CampaignsThe assessment from agencies was the first time the U.S. government assigned blame for hacks that have raised anew the threat of foreign election interference. The post US Intelligence Officials Say Iran is to Blame for Hacks Targeting Trump, Biden-Harris Campaigns appeared first…SECURITYWEEK.COM
20 AugISC Stormcast For Tuesday, August 20th, 2024 https://isc.sans.edu/podcastdetail/9104, (Tue, Aug 20th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
20 AugNEWS ANALYSIS Q&A: The early going of Generative AI and LLMs impacting cybersecurityThe art of detecting subtle anomalies, predicting emergent vulnerabilities and remediating novel cyber-attacks is becoming more refined, day by day. Related: GenAI’s impact on elections It turns out that the vast datasets churned out by cybersecurity toolsets happen to be ……LASTWATCHDOG.COM
20 AugIranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho MalwareIranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint is…THEHACKERNEWS.COM
20 Aug2GB variant of Raspberry Pi Launched for Just $50Raspberry Pi has announced the launch of a new 2GB variant of the Raspberry Pi 5, priced at an affordable $50. This release makes powerful computing accessible to a wider audience, fulfilling the original Raspberry Pi dream of providing an affordable, general-purpose desktop comp…GBHACKERS.COM
20 AugHacking Wireless Bicycle ShiftersThis is yet another insecure Internet-of-things story , this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack. Research paper …SCHNEIER.COM
20 AugHow Exceptional CISOs Are Igniting the Security Fire in Their Development TeamFor years, many CISOs have struggled to influence their development cohort on the importance of putting security first. The post How Exceptional CISOs Are Igniting the Security Fire in Their Development Team appeared first on SecurityWeek .SECURITYWEEK.COM
20 AugF5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX PlusF5’s latest quarterly security notification includes nine advisories, including four for high-severity vulnerabilities in BIG-IP and NGINX Plus. The post F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus appeared first on SecurityWeek .SECURITYWEEK.COM
20 AugHow multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissionssubmitted by kid to cybersecurity 2 points | 0 comments https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/TALOSINTELLIGENCE.COM
20 AugUS warns of Iranian hackers escalating influence operationsThe U.S. government is warning of increased effort from Iran to influence upcoming elections through cyber operations targeting Presidential campaigns and the American public. [...]BLEEPINGCOMPUTER.COM
20 AugFabric Cryptography Raises $33 Million for VPU ChipFabric Cryptography has raised $33 million in Series A funding to create the Verifiable Processing Unit (VPU), a new chip for cryptography. The post Fabric Cryptography Raises $33 Million for VPU Chip appeared first on SecurityWeek .SECURITYWEEK.COM
20 AugDigital Wallets Bypassed To Allow Purchase With Stolen CardsDigital wallets enable users to securely store their financial information on smart devices and perform financial transactions without any hassle. These wallets offer enhanced security compared to traditional payment methods, as these wallets encrypt payment data. Since smartphon…GBHACKERS.COM
20 AugBackdoor MIFARE Smart Cards Exposes User-Defined Keys On CardsResearchers analyze the security of MIFARE Classic cards, focusing exclusively on card-only attacks. They uncover multiple new attack vectors by examining the CRYPTO-1 algorithm, existing vulnerabilities, and a novel countermeasure. Through a combination of reverse engineering, c…GBHACKERS.COM
20 AugNew Styx Stealer Attacking Users to Steal Login PasswordsA new cybersecurity threat, known as Styx Stealer, has emerged. It targets users by stealing sensitive data such as saved passwords, cookies, and autofill information from popular web browsers. This malware affects Chromium and Gecko-based browsers and extends its reach to browse…GBHACKERS.COM
20 AugAre You Vulnerable to Deep Fakes? Controlling the Risk - Paul Neff - CSP #188Rapid advancement in the sophistication and availability of "deepfake" technology enabled by generative AI - the ability to generate convincing multimedia and interactive representations indistinguishable from the real thing - presents new and growing challenges for CISOs seeking…YOUTUBE.COM
20 AugMajor Backdoor in Millions of RFID Cards Allows Instant CloningBackdoor in millions of contactless cards made by Shanghai Fudan Microelectronics allows instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world. The post Major Backdoor in Millions of RFID Cards Allows Instant Cloning appeared first o…SECURITYWEEK.COM
20 AugDangerous books, Microsoft plus, NPD, Solar Winds, Jenkins, and more... - SWN #408Dangerous books, Microsoft Plus, NPD, Solar Winds, Jenkins, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-408YOUTUBE.COM
20 AugDarktrace Co-founder Mike Lynch Presumed Dead After Superyacht SinksMike Lynch, co-founder of Darktrace and Autonomy, is among six people presumed dead after the superyacht, Bayesian, sank off the coast of Sicily early Monday. The post Darktrace Co-founder Mike Lynch Presumed Dead After Superyacht Sinks appeared first on SecurityWeek .SECURITYWEEK.COM
20 AugCISOs on the Hook: SEC Tightens Cybersecurity DisclosuresLee of Jenner & Block on How SolarWinds Case Ushered in New Era of Risk Management The SolarWinds case has redefined cybersecurity disclosure obligations, especially for chief information security officers. The SEC's novel theories in this case have set a precedent for how organi…DATABREACHTODAY.CO.UK
20 AugCalifornia AI Catastrophe Bill Clears CommitteeNew Version Aims to Ensure AI Safety While Keeping Its Builders Happy California state lawmakers watered down a bill aimed at preventing artificial intelligence disasters after hearing criticism from industry and federal representatives. The bill still faces opposition from Silic…DATABREACHTODAY.CO.UK
20 AugAddressing the OT SOC Challenges in Industrial EnvironmentsEY's Piotr Ciepiela Discusses Key Challenges in Implementing, Maintaining OT SOCs Piotr Ciepiela, EMEIA cybersecurity leader at EY, discusses the challenges of securing OT systems and contrasts them with IT SOC environments. He emphasizes the need for specialized tools, dedicated…DATABREACHTODAY.CO.UK
20 AugReal-Time Deepfakes: A Growing Threat to Corporate SecurityBishop Fox's Brandon Kovacs on the Security Risks of Real-Time Voice, Video Cloning The ability to create real-time deepfakes of trusted figures has transformed the landscape of corporate security threats. Brandon Kovacs, senior red team consultant at Bishop Fox, details how atta…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 3[−]
20 AugNew UULoader Malware Distributes Gh0st RAT and Mimikatz in East AsiaThe Cyberint Research Team discovered that the malware, believed to be the work of a Chinese speaker, contains core files in a Microsoft Cabinet archive, with executables vulnerable to DLL side-loading.THEHACKERNEWS.COM
20 AugImplementation Challenges in Privacy-Preserving Federated LearningIn this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool), Dr. Mat Weldon ( United Kingdom (UK) Office of National Statistics (ONS)), and Dr. Michael Fenton (Trūata) who were winners in the UK-US Privacy-Enhancing Technologies ( PETs) Prize Challenges…NIST.GOV
20 AugMIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoorsWe studied the most secure static encrypted nonce variant of "MIFARE Classic compatible" cards -- meant to resist all known card-only attacks -- and developed new attacks defeating it, uncovering a hardware backdoor in the process. And that's only the beginning...QUARKSLAB.COM
📡 INFOSEC NEWS 18[−]
20 AugUkrainian Bank's Service for Military Donations Targeted by ‘Massive’ DDoS AttackThe attack, lasting from Friday to Monday, reached 7.5 billion requests per second, according to Monobank CEO. Despite not impacting operations, the bank collaborated with security services and specialists to manage the flood of internet traffic.THERECORD.MEDIA
20 AugMultiple Microsoft Apps for macOS Vulnerable to Library Injection AttacksMicrosoft has classified the issue as low-severity and has not issued any fixes, except for Teams and OneNote apps. Excel, Outlook, PowerPoint, and Word apps remain vulnerable.DARKREADING.COM
20 AugSophos NDR 1.7 is now availableElevate and extend your threat detection and response with deep network insights – available as a self-managed tool with Sophos XDR and with the 24/7 Sophos MDR service.SOPHOS.COM
20 AugChrome Will Redact Credit Cards, Passwords When You Share Android ScreenGoogle is testing a feature in Chrome on Android to redact credit card details, passwords, and sensitive information when sharing your screen. Google aims to prevent leaks of sensitive data while recording or sharing screens.BLEEPINGCOMPUTER.COM
20 AugXeon Sender Enables Large-Scale SMS Spam Attacks Using Legitimate SaaS ProvidersXeon Senderallows attackers to conduct large-scale SMS spam and phishing campaigns using legitimate SaaS providers. Distributed through Telegram and hacking forums, it requires API credentials from popular providers like Amazon SNS and Twilio.INFOSECURITY-MAGAZINE.COM
20 AugDigital Wallets can Allow Purchases With Stolen Credit CardsOnce a stolen card is added to the attacker's wallet, they can use it to make purchases without being detected, even after the original card has been canceled. Recurring transactions are also vulnerable to abuse, allowing payments with locked cards.THEREGISTER.COM
20 AugOpenAI Kills Iranian Accounts Spreading Us Election DisinformationThe operation was linked to Iran's Storm-2035, also flagged by Microsoft for election interference. Google has also reported Iranian cyber influence activity. OpenAI identified 12 X accounts and one Instagram account involved in the operation.THEREGISTER.COM
20 AugHackers Linked to $14M Holograph Crypto Heist Arrested in ItalySuspected hackers who stole $14 million worth of cryptocurrency from Holograph, a blockchain tech firm, have been arrested in Italy after living a lavish lifestyle for weeks in luxury villas.BLEEPINGCOMPUTER.COM
20 AugTo Improve Your Cybersecurity Posture, Focus on the DataTo bolster cybersecurity, focus on managing and utilizing enterprise data efficiently. Companies possess significant data reserves, yet these are often scattered across different systems, necessitating manual efforts to extract value.HELPNETSECURITY.COM
20 AugFree ZTNA licenses for Sophos Firewall customersWe are pleased to offer three one-year licenses for ZTNA secure access to all Sophos Firewall customers.SOPHOS.COM
20 AugAfrica's Economies Feel Pain of Cybersecurity DeficitCybercrime is a growing threat to Africa's economies, hindering their progress despite rapid GDP growth. The continent faces challenges like digital illiteracy and a shortage of cybersecurity professionals.DARKREADING.COM
20 AugMicrosoft launches unified Teams app for personal, work accountsMicrosoft has launched a new unified Teams application that allows Windows and Mac users to switch between personal, work, and education accounts without installing multiple apps. [...]BLEEPINGCOMPUTER.COM
20 AugCisco employees face a month of silence ahead of second layoff in 2024After tech giant Cisco announced plans for its second round of layoffs this year, employees tell TechCrunch that they will not know if they are affected for close to a month. Earlier this month, Reuters reported that Cisco was planning a second round of layoffs this year, after l…TECHCRUNCH.COM
20 AugBe careful what you pwish for – Phishing in PWA applicationsESET analysts dissect a novel phishing method tailored to Android and iOS usersWELIVESECURITY.COM