🚨 CISA KEV 1[−]
21 Aug KEVCISA Adds Four Known Exploited Vulnerabilities to CatalogCISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2021-33044 Dahua IP Camera Authentication Bypass Vulnerability CVE-2021-33045 Dahua IP Camera Authentication Bypass Vulnerability CVE-2022-…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
21 AugGiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at RiskA maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to…THEHACKERNEWS.COM
21 AugOver 10,000 WordPress Sites at Risk: Critical File Deletion Flaw Found in InPost PluginsThe vulnerability, known as CVE-2024-6500, affects the InPost PL and InPost for WooCommerce plugins, allowing attackers to read and delete sensitive files like the wp-config.php configuration file.SECURITYONLINE.INFO
21 AugSpring Security Flaw Leaves Applications Open to Unauthorized AccessA high-severity vulnerability (CVE-2024-38810) has been discovered in Spring Security, potentially allowing unauthorized access to sensitive data within affected applications. The vulnerability impacts Spring Security versions 6.3.0 and 6.3.1.SECURITYONLINE.INFO
21 AugGiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risksubmitted by AmbiguousProps to cybersecurity 2 points | 0 comments https://thehackernews.com/2024/08/givewp-wordpress-plugin-vulnerability.html?m=1 A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 1…THEHACKERNEWS.COM
21 AugCritical Heap Overflow Vulnerability Discovered in FFmpeg, PoC PublishedCVE-2024-7272 is a critical heap overflow vulnerability found in FFmpeg, the popular multimedia framework. The vulnerability affects versions up to 5.1.5 and has a CVSS score of 8.8.SECURITYONLINE.INFO
21 AugResearcher Details Microsoft Outlook Zero-Click Vulnerability (CVE-2024-38021)The vulnerability stems from how Outlook handles hyperlink objects in image tags in emails, enabling attackers to exploit a composite moniker to trigger remote code execution.SECURITYONLINE.INFO
21 AugCritical Remote Code Execution Vulnerability Addressed in GiveWP PluginThe vulnerability, identified as CVE-2024-5932, arises from inadequate validation of user-provided serialized data, allowing attackers to inject harmful PHP objects through the give_title parameter.THECYBEREXPRESS.COM
21 AugMicrosoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive DataCybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemm…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 30[−]
21 AugAttackers increasingly using legitimate remote management tools to hack enterprisesAttackers are increasingly abusing legitimate network management tools to camouflage their attacks on corporate networks, according to a report by security vendor CrowdStrike. The report found a 70% year-over-year increase in the use of remote monitoring and management (RMM) tool…CSOONLINE.COM
21 AugRansomware hits record high amounts: Cyber Security Today for Tuesday, August 21, 2024Ransomware Record Highs, North Korean Exploits, Toyota Data Breach, and Mac Security Flaws - Aug 21, 2024 In this episode of Cybersecurity Today, host Jim Love discusses the latest cybersecurity threats and incidents making headlines. Topics include record-high ransomware payment…CYBERSECURITYTODAY.LIBSYN.COM
21 AugCustodians looking to beat offenders in the GenAI cybersecurity battleGenerative AI (GenAI) enabled threats, such as highly convincing phishing emails and morphed digital identities, which accurately mimic human communication, are evolving in real time, surpassing existing security measures and posing challenges to legacy defenses. “The availabilit…CSOONLINE.COM
21 AugRising Abuse of URL Rewriting in PhishingThe abuse of URL rewriting in phishing attacks has emerged as a new trend, allowing threat actors to hide malicious links behind trusted domains of security vendors. Exploiting these features enables bypassing detection mechanisms.PERCEPTION-POINT.IO
21 AugCyberattack Disrupts Microchip Technology Manufacturing FacilitiesMicrochip Technology has disclosed a cyberattack impacting operations at some of its manufacturing facilities. The post Cyberattack Disrupts Microchip Technology Manufacturing Facilities appeared first on SecurityWeek .SECURITYWEEK.COM
21 Aug8 cloud security gotchas most CISOs missAs enterprise CISOs try and maintain security across their entire global threat landscape, they are finding themselves in a love/hate relationship with their various cloud environments. For many, though, it’s more of a hate/despise relationship. Clouds can appear to be a seamless…CSOONLINE.COM
21 AugRCE Vulnerability in Atlassian Bamboo Data Center and ServerThis flaw, present in versions 9.1.0 through 9.6.0, allows authenticated attackers to execute arbitrary code within the Bamboo environment, posing risks to confidentiality, integrity, and availability.SECURITYONLINE.INFO
21 AugMicrochip suffers cyberattack, impacting manufacturing operationsUS semiconductor manufacturer Microchip Technology has disclosed that an “unauthorized party” disrupted its server operations, affecting some aspects of its business. The breach was detected on August 17 and has led to a significant slowdown in the company’s manufacturing capabil…CSOONLINE.COM
21 AugNew Msupedge Backdoor Targeting Taiwan Employs Stealthy CommunicationsHackers have been using a PHP vulnerability to deploy a stealthy backdoor called Msupedge. This backdoor was recently used in a cyberattack against an unnamed university in Taiwan.SYMANTEC-ENTERPRISE-BLOGS.SECURITY.COM
21 AugUnlocking the Power of AI in CybersecurityAs adversaries increasingly exploit AI, security practitioners must not fall behind. What does it take to unlock the full potential of AI in cybersecurity? The post Unlocking the Power of AI in Cybersecurity appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugAzure Kubernetes Services Vulnerability Exposed Sensitive InformationA vulnerability in Azure Kubernetes Services could have allowed attackers to escalate privileges and access sensitive information on the clusters. The post Azure Kubernetes Services Vulnerability Exposed Sensitive Information appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugTLS Bootstrap Attack on Azure Kubernetes Services can Leak Sensitive CredentialsA new threat known as "WireServing" has been identified in Azure Kubernetes Services (AKS) by Mandiant. This vulnerability could have allowed attackers to escalate privileges and access sensitive credentials within compromised clusters.CLOUD.GOOGLE.COM
21 AugCrowdStrike-Action1 deal collapses over user concernsCloud-based patch management and vulnerability remediation provider, Action1, has confirmed the company’s plans to stay founder-led days after the company received an acquisition offer from CrowdStrike at a valuation of close to $1 billion. The decision to stay independent was mo…CSOONLINE.COM
21 AugMicrosoft Copilot Studio Vulnerability Led to Information DisclosureA vulnerability in Microsoft Copilot Studio exposed information on internal services shared among tenants, potentially impacting multiple customers. The post Microsoft Copilot Studio Vulnerability Led to Information Disclosure appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugNovel Phishing Method Used in Android and iOS Financial Fraud CampaignsThis method was first disclosed by CSIRT KNF in Poland in July 2023 and later observed in Czechia by ESET analysts. Similar campaigns were also observed targeting banks in Hungary and Georgia.INFOSECURITY-MAGAZINE.COM
21 AugGitHub Enterprise Server vulnerable to critical auth bypass flawA critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to gain administrator privileges on the machine. [...]BLEEPINGCOMPUTER.COM
21 AugWhy LinkedIn Developed Its Own AI-Powered Security PlatformAn inside look at how LinkedIn developed an internal AI-assisted vulnerability management system to protect its massive infrastructure and user base. The post Why LinkedIn Developed Its Own AI-Powered Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugRansomware Again on Track to Achieve Record-Breaking ProfitsDoes That Mean Improved Defenses and Law Enforcement Disruptions Are Failing? Ransomware groups' collective profits are on track to achieve another record-breaking year, even though fewer victims overall appear to be paying a ransom, experts warn. One expert says the success come…DATABREACHTODAY.CO.UK
21 AugLitespeed Cache bug exposes millions of WordPress sites to takeover attacksA critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. [...]BLEEPINGCOMPUTER.COM
21 AugAustralian data regulator backs off Clearview AIThe Australian Information Commissioner (OAIC) on Wednesday abandoned its multi-year effort against Clearview AI, which it had ordered to stop collecting images of people in Australia after accusing the company of improperly grabbing images of faces from “across the Internet.” Th…CSOONLINE.COM
21 AugThreat Actors Abuse URL Rewriting to Mask Phishing LinksThreat actors are abusing a technique called “URL rewriting” to hide their phishing links from security filters, according to researchers at Perception Point.KNOWBE4.COM
21 AugIranian cyberespionage group deploys new BlackSmith malware in sophisticated spear-phishing campaignA known Iranian APT group has revamped its malware arsenal in a campaign against a prominent Jewish religious figure, security researchers have found. The new toolset, dubbed BlackSmith, bundles most features from the group’s previous tools with a new malware loader and PowerShel…CSOONLINE.COM
21 AugWhy Your Business Needs Email Encryption NowProtecting emails that contain sensitive data is crucial. The loss of confidential information or customer details can lead to hefty fines, negative publicity, and a significant erosion of customer trust. Unfortunately, email is often a primary target for cyberattacks such as phi…CSOONLINE.COM
21 AugThe Hidden Dangers of Email AttachmentsEmail attachments remain one of the most common vectors for delivering malware and other cyber threats. Despite advancements in email security, businesses continue to fall victim to sophisticated attacks that exploit the simplicity of opening an attachment. That’s because email a…CSOONLINE.COM
21 AugPhishing Scammers Leverage Microsoft Dynamics 365 to Target US Government ContractorsAnalysis of a phishing campaign targeting thousands of government contractors, dubbed “Operation Uncle Sam,” takes advantage of some sophisticated steps to avoid detection.KNOWBE4.COM
21 AugGoogle fixes ninth Chrome zero-day exploited in attacks this yearToday, Google released a new Chrome emergency security update to patch a zero-day vulnerability, the ninth one exploited in attacks this year. [...]BLEEPINGCOMPUTER.COM
21 AugThe Strategic Need for Employee Training and EducationWhy the Benefits Far Outweigh the Risks Today's workforce is increasingly insisting on having employer-provided education and development opportunities. Learn why offering employees opportunities for education and development is both a retention strategy and a key component of a …DATABREACHTODAY.CO.UK
21 AugThe Great Cloud Security Debate: CSP vs. Third-Party Security ToolsDo I go to my Cloud Service Provider (CSP) for cloud security tooling or to a third party vendor? Who will secure my cloud use, a CSP or a focused specialty vendor? Who is my primary cloud security tools provider? This question asked in many ways has haunted me since my analyst d…MEDIUM.COM
21 AugASD’s ACSC, CISA, FBI, and NSA, with the support of International Partners Release Best Practices for Event Logging and Threat DetectionToday, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), CISA, FBI, NSA, and international partners are releasing Best Practices for Event Logging and Threat Detection . This guide will assist organizations in defining a baseline for event loggin…CISA.GOV
21 AugGoogle fixes ninth Chrome zero-day exploited in attacks this yearToday, Google released a new Chrome emergency security update to patch a zero-day vulnerability, the ninth one tagged as exploited this year. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 5[−]
21 AugArden Claims Service Reports Data Breach, 139,000 AffectedPersonal information for about 39,000 individuals was stolen in October 2023 from class action settlement administrator Arden Claims Service. The post Arden Claims Service Reports Data Breach, 139,000 Affected appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugAre the New FAA Cyber Requirements for Future Planes Enough?Federal Aviation Administration Seeks Public Input on New Cyber Rules for Airplanes The U.S. Federal Aviation Administration is seeking public comment on a proposed rule that aims to further elevate and streamline cyber regulations for future airplanes and aircraft equipment. The…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 7[−]
21 AugChipmaker Microchip reveals cyber attacksubmitted by Alphane_Moon to cybersecurity 2 points | 0 comments https://www.theregister.com/2024/08/21/microchip_technology_security_incident/THEREGISTER.COM
21 AugStyx Stealer Creator's OPSEC Fail Leaks Client List and Profit DetailsIn what's a case of an operational security (OPSEC) lapse, the operator behind a new information stealer called Styx Stealer leaked data from their own computer, including details related to the clients, profit information, nicknames, phone numbers, and email addresses. Styx Stea…THEHACKERNEWS.COM
21 AugRansomware Gangs Are in Decline But Still Make Lots of NoiseRedSense's Bohuslavskiy and Smith on How Attacks on Healthcare Show Desperation RedSense’s Yelisey Bohuslavskiy and Marley Smith believe ransomware is declining but caution that it still poses a significant threat. While attackers recycle old methods, they're taking desperate mea…DATABREACHTODAY.CO.UK
21 AugQNAP adds NAS ransomware protection to latest QTS versionTaiwanese hardware vendor QNAP has added a Security Center with ransomware protection capabilities to the latest version of its QTS operating system for network-attached storage (NAS) devices. [...]BLEEPINGCOMPUTER.COM
21 Aug$2.25M Settlement Reached in Atlantic General Hack LawsuitNearly 137,000 People Affected in 2023 Ransomware Attack on Maryland-Based Hospital A ransomware attack against Berlin, Maryland-based Atlantic General Hospital that affected the personal information of 137,000 individuals in 2023 has led to a $2.25 million preliminary settlement…DATABREACHTODAY.CO.UK
21 AugHow regulatory standards and cyber insurance inform each otherShould the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal withWELIVESECURITY.COM
🕵️ THREAT INTELLIGENCE 28[−]
21 AugMapping Threats with DNSTwist and the Internet Storm Center [Guest Diary], (Tue, Aug 20th)[This is a Guest Diary by Michael Tigges, an ISC intern as part of the SANS.edu BACS program]
ISC.SANS.EDU
21 AugISC Stormcast For Wednesday, August 21st, 2024 https://isc.sans.edu/podcastdetail/9106, (Wed, Aug 21st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
21 AugBlack Hat Fireside Chat: User feedback, AI-infused email security are both required to deter phishingI recently learned all about the state-of-the art of phishing attacks – the hard way. Related: GenAI-powered attacks change the game An email arrived from the head of a PR firm whom I’ve known for 20 years asking me to … (more…) The post Black Hat Fireside Chat: User feedba…LASTWATCHDOG.COM
21 AugNew macOS Malware TodoSwift Linked to North Korean Hacking GroupsCybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups. "This application shares several behaviors with malware we've seen that originated in North…THEHACKERNEWS.COM
21 AugHackers target bank clients in Czechia, Hungary and Georgia in novel phishing campaignsubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/hackers-target-bank-clients-czechia-hungary-georgia-phishingTHERECORD.MEDIA
21 AugPro-Russia group Vermin targets Ukraine with a new malware familysubmitted by kid to cybersecurity 1 points | 0 comments https://securityaffairs.com/167327/apt/cer-ua-vermin-phishing-campaign.htmlSECURITYAFFAIRS.COM
21 AugGoogle Cloud Unveils New Security Services and CapabilitiesSeveral security-related enhancements have been announced at the 2024 Google Cloud Security Summit. The post Google Cloud Unveils New Security Services and Capabilities appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugAverage DDoS attack costs $6,000 per minute (to the victim)submitted by kid to cybersecurity 4 points | 0 comments https://www.helpnetsecurity.com/2024/08/21/ddos-attacks-duration-surge/HELPNETSECURITY.COM
21 AugThousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration IssueAs many as 15,000 applications using AWS Application Load Balancer (ALB) could be exposed to ALBeast attacks. The post Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugStory of an Undercover CIA Agent who Penetrated Al QaedaRolling Stone has a long investigative story (non-paywalled version here ) about a CIA agent who spent years posing as an Islamic radical. Unrelated, but also in the “real life spies” file: a fake Sudanese diving resort run by Mossad.SCHNEIER.COM
21 AugGoogle Play Bug Bounty Program Shutting DownGoogle is shutting down its Google Play Security Reward Program (GPSRP) after determining that it has achieved its goal. The post Google Play Bug Bounty Program Shutting Down appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugPhrack hacker zine publishes new edition after three yearsPhrack #71 has been released online and is available to read for free. This issue is the first to be released since 2021, marking a new chapter in the influential online magazine's history. [...]BLEEPINGCOMPUTER.COM
21 AugAI in OT Security — Balancing Industrial Innovation and Cyber RiskInterview with Del Rodillas, who navigates the landscape of the OT-IT convergence and cybersecurity challenges in the manufacturing and industrial sectors. The post AI in OT Security — Balancing Industrial Innovation and Cyber Risk appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
21 AugNorth Korean Hackers Deploy New MoonPeak Trojan in Cyber CampaignA new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign. Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits s…THEHACKERNEWS.COM
21 AugCritical Authentication Flaw Haunts GitHub Enterprise ServerGitHub patches a trio of security defects in the GitHub Enterprise Server product and recommends urgent patching for corporate users. The post Critical Authentication Flaw Haunts GitHub Enterprise Server appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugNew Phishing Technique Bypasses Security on iOS and Android to Steal Bank CredentialsNew phishing attacks target iOS and Android users with Progressive Web Applications and WebAPKs to steal banking information. The post New Phishing Technique Bypasses Security on iOS and Android to Steal Bank Credentials appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugRussia tells citizens to switch off home surveillance because the Ukrainians are comingsubmitted by kid to cybersecurity 2 points | 0 comments https://www.theregister.com/2024/08/21/russia_memo_ukraine_invasion/THEREGISTER.COM
21 AugCybersecurity in 2024: Reflecting on the Past, Preparing for the FutureAs Europe is returning from summer breaks, it is time to reflect on the first half of 2024 and look forward to the rest of the year.KNOWBE4.COM
21 AugHow to Account for Disinformation Risks in Election SecurityCISO Lester Godsey on Building Custom Frameworks to Combat Election-Related Threats Maricopa County CISO Lester Godsey highlights the growing threat of misinformation and its impact on election security. He explains how his team is integrating cybersecurity frameworks to address …DATABREACHTODAY.CO.UK
21 AugSlack AI can leak private data via prompt injectionsubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.theregister.com/2024/08/21/slack_ai_prompt_injection/ Whack yakety-yak app chaps rapped for security crackTHEREGISTER.COM
21 AugUS Political Campaigns Targeted by Iranian Spear Phishing AttacksResearchers at Recorded Future’s Insikt Group warn that the Iranian state-sponsored threat actor “GreenCharlie” is launching spear phishing attacks against US political campaigns.KNOWBE4.COM
21 AugHackers steal banking creds from iOS, Android users via PWA appsThreat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. [...]BLEEPINGCOMPUTER.COM
21 AugNovel technique allows malicious apps to escape iOS and Android guardrailssubmitted by BrikoX to cybersecurity 1 points | 0 comments https://arstechnica.com/security/2024/08/novel-technique-allows-malicious-apps-to-escape-ios-and-android-guardrails/ cross-posted from: lemmy.zip/post/21331797 Web-based apps escape iOS “Walled Garden” and Android side-lo…ARSTECHNICA.COM
21 AugResearchers Thrust a Virtual Stick Into the Bike SpokesWireless Gear Shifting System Is Vulnerable to Replay Attacks Imagine cruising down a bike path and having the gears suddenly shift without warning. Security researchers say cybercriminals could take advantage of new wireless controlled bicycle gear systems to make that happen - …DATABREACHTODAY.CO.UK
21 AugHow Cybercrime Fuels Human Trafficking and Gambling ScamsInfoblox Researchers on Links Between Human Trafficking, Cybercrime and Gambling Illegal gambling operations depend on trafficked individuals to perform cybercriminal activities. Threat researchers at Infoblox explain how cybercriminals use trafficked people for operations such a…DATABREACHTODAY.CO.UK
21 AugCrowdStrike denies merger talks with Action1A CrowdStrike executive has taken to LinkedIn to dismiss reports that the security software vendor was in talks to acquire patch management tool maker Action1. In early August, reports by publications including CSOonline and CyberSecurity Dive referenced an internal email from Ac…CSOONLINE.COM
21 AugMicrosoft again ranked number one in modern endpoint security market shareIDC Worldwide Corporate Endpoint Security Market Shares report for 2023 ranks Microsoft number one in market share with a 40.7% increase in share over last year. The post Microsoft again ranked number one in modern endpoint security market share appeared first on Microsoft Securi…MICROSOFT.COM
21 AugAuswirkungen auf IT-Fachkräfte: 10 Anzeichen für einen schlechten CSOSind IT-Mitarbeiter unzufrieden, kann das an schlechten Führungskräften oder an einer unzureichenden IT-Strategie liegen. Foto: fizkes – shutterstock.com Unternehmen können die für sie allgemein schlechte Lage am Arbeitsmarkt kaum beeinflussen. Doch sie können einige Faktoren ver…CSOONLINE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
21 AugCERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW BaitThe Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks that aim to infect devices with malware. The activity has been attributed to a threat cluster it tracks as UAC-0020, which is also known as Vermin. The exact scale and scope of the attack…THEHACKERNEWS.COM
21 AugTA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware ToolsetIran-linked TA453 targeted a religious figure with a fake podcast interview invitation, attempting to deliver the BlackSmith malware toolkit. The initial lure involved an email leading to a malicious link containing the AnvilEcho PowerShell trojan.PROOFPOINT.COM
🎙️ PODCASTS 1[−]
21 AugThe AI Fix #12: AI made from human brain cells, and is there life after death?In episode 12 of The AI Fix, Mark and Graham meet an LLM having an existential crisis, ChatGPT speaks Welsh for no reason, Graham does an impression of a water spout, Eric Schmidt shares a new and unexpected take on "do no evil", and our hosts feel like David Attenborough as they…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 14[−]
21 AugDetecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API KeysAs cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is important for any security professional to know where to look for signs of compromise.…THEHACKERNEWS.COM
21 AugCzech Mobile Users Targeted in New Banking Credential Theft SchemeMobile users in the Czech Republic are the target of a novel phishing campaign that leverages a Progressive Web Application (PWA) in an attempt to steal their banking account credentials. The attacks have targeted the Czech-based Československá obchodní banka (CSOB), as well as t…THEHACKERNEWS.COM
21 AugUnmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure TroveStyx Stealer is based on the Phemedrone Stealer and is available for purchase online. It has the ability to steal passwords, cookies, crypto wallet data, and messenger sessions, as well as gather system information.RESEARCH.CHECKPOINT.COM
21 AugIt's Time To Untangle the SaaS Ball of YarnIt's no great revelation to say that SaaS applications have changed the way we operate, both in our personal and professional lives. We routinely rely on cloud-based and remote applications to conduct our basic functions, with the result that the only true perimeter of our networ…THEHACKERNEWS.COM
21 AugSophos UK Volunteers Transform Outdoor Learning Space for Autistic YouthA group of Sophos employees recently volunteered at Prior’s Court's Countryside Learning Centre, dedicating a day to enhancing the safety and accessibility of outdoor learning spaces for autistic students.SOPHOS.COM
21 AugUbuntu Addresses Multiple OpenJDK 8 VulnerabilitiesCanonical has released security fixes for multiple OpenJDK 8 vulnerabilities that could result in denial of service, information disclosure, or arbitrary code execution on certain Ubuntu releases.TUXCARE.COM
21 AugTyping these four characters could crash your iPhoneA bug in the iPhone makes it crash just by typing four characters. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
21 AugMicrosoft to rollout Windows Recall to Insiders in OctoberMicrosoft announced today that it will start rolling out its AI-powered Windows Recall feature to Insiders with Copilot+ PCs in October. [...]BLEEPINGCOMPUTER.COM
21 AugMicrosoft to roll out Windows Recall to Insiders in OctoberMicrosoft announced today that it will start rolling out its AI-powered Windows Recall feature to Insiders with Copilot+ PCs in October. [...]BLEEPINGCOMPUTER.COM
21 AugMan sentenced for hacking state registry to fake his own deathA 39-year old man from Somerset, Kentucky, was sentenced to 81 months in federal prison for identity theft and faking his own death in government registry systems. [...]BLEEPINGCOMPUTER.COM