92Articles
10Categories
2024-08-23Date
🚨 CISA KEV 2[−]
23 Aug KEVSolarWinds fixes critical developer oversightSolarWinds has issued a hotfix to patch up a security oversight that could allow remote access to sensitive credentials hardcoded in its Web Help Desk (WHD) product. The vulnerability, tracked as CVE-2024-28987 , has been rated “critical” with a CVSS score of 9.1 out of 10. “The …CSOONLINE.COM
23 Aug KEVCISA Adds One Known Exploited Vulnerability to Catalog for Versa Networks DirectorCISA has added one new vulnerability to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-39717 Versa Director Dangerous File Type Upload Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cy…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 9[−]
23 AugCritical GitHub Enterprise Server Flaw Patched, Admin Access at RiskGitHub disclosed three security vulnerabilities in GitHub Enterprise Server (GHES), including CVE-2024-6800, CVE-2024-6337, and CVE-2024-7711. The most severe, CVE-2024-6800, allowed attackers to forge a SAML response, granting site admin privileges.SECURITYONLINE.INFO
23 AugPoC Exploit Released for RCE 0-day CVE-2024-41992 in Arcadyan FMIMG51AX000J ModelA PoC exploit has been released for a critical vulnerability (CVE-2024-41992) found in the Arcadyan FMIMG51AX000J model, as well as other devices using the same firmware version.SECURITYONLINE.INFO
23 AugMicrosoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive DataThe flaw, tracked as CVE-2024-38206, allows an authenticated attacker to bypass SSRF protection and leak information over a network. A researcher at Tenable discovered the vulnerability, which exploits Copilot's ability to make external web requests.THEHACKERNEWS.COM
23 AugGitHub fixes critical Enterprise Server bug granting admin privilegesMicrosoft-owned source code management platform, GitHub, has rolled out fixes for three vulnerabilities affecting its Enterprise Server product, including a critical one allowing site administrator privileges to an attacker. Reported via the GitHub Bug Bounty Program, the critica…CSOONLINE.COM
23 AugSonicWall Issues Urgent Patch for Critical Firewall VulnerabilitySonicWall has released an urgent patch to address a critical vulnerability (CVE-2024-40766) in SonicOS, which could allow unauthorized access to their firewalls. The vulnerability could lead to system compromise and network disruption.SECURITYONLINE.INFO
23 AugChinese APT group Velvet Ant deployed custom backdoor on Cisco Nexus switchesA Chinese state-sponsored cyberespionage group tracked as Velvet Ant exploited a zero-day vulnerability in Cisco NX-OS earlier this year to deploy a custom malware implant on an organization’s network switches, according to researchers from security firm Sygnia. The backdoor was …CSOONLINE.COM
23 AugWordPress users not on Windows urged to update due to critical LiteSpeed Cache flawMore than five million WordPress sites are at risk of compromise due to a critical flaw in the LiteSpeed Cache plugin discovered in early August, according to researchers at Patchstack. The unauthenticated privilege escalation vulnerability, CVE-2024-28000 , allows an attacker to…CSOONLINE.COM
23 AugDell Power Manager Privilege Escalation VulnerabilityDell Technologies has issued a critical security update for its Dell Power Manager software following the discovery of a significant vulnerability that could allow attackers to execute code and escalate privileges on affected systems. The vulnerability, identified as CVE-2024-395…GBHACKERS.COM
23 AugIran-based Cyber Actors Enabling Ransomware Attacks on US OrganizationsSummary The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that, as of August 2024, a group of I…CISA.GOV
⚠️ VULNERABILITY DISCLOSURE 23[−]
23 AugEquiniti settles SEC charges stemming from a pair of cyber intrusionsThe US Securities and Exchange Commission (SEC) announced on Tuesday that it has settled charges against New York-based registered transfer agent Equiniti Trust Company for “failing to assure that client securities and funds were protected against theft or misuse.” The charges st…CSOONLINE.COM
23 AugCybercriminals Exploit File Sharing Services to Advance Phishing AttacksIn these file-sharing phishing attacks, cybercriminals impersonate colleagues or trusted services to trick targets into clicking on malicious links that can lead to data theft or malware infection.HELPNETSECURITY.COM
23 AugSolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk FlawSolarWinds has issued a Web Help Desk hotfix to remove hardcoded credentials from last week’s hotfix for a critical-severity vulnerability. The post SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw appeared first on SecurityWeek .SECURITYWEEK.COM
23 AugNew Opportunistic Campaign Exploit Log4j Vulnerability for Cryptomining and System CompromiseThis latest Log4j exploitation-based attack uses obfuscated LDAP requests to evade detection and executes malicious scripts, establishing persistence and exfiltrating data through encrypted channels.SECURITYLABS.DATADOGHQ.COM
23 AugThe Trouble with Procurement Departments, Resellers and StripePresently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device. It should be so simple: you're a customer who wants to purchase something so you whip out the credit card and buy it. I must have done this thousands of times, a…TROYHUNT.COM
23 Aug KEVMain Line Health deploys chaos engineering to bolster healthcare resilienceMain Line Health (MLH), a not-for-profit health system serving portions of Philadelphia and its western suburbs, faces the cybersecurity threats common to others in the healthcare sector : threat actors with significant incentives to extort healthcare delivery organizations by co…CSOONLINE.COM
23 AugLeveraging Ancient Tactics for Modern MalwareThe HYAS Threat Intelligence team has detected threat actors using Steam for malicious activities, like hosting C2 domain addresses and exploiting user accounts. One actor used a Substitution Cipher to hide C2 domains.HYAS.COM
23 Aug KEVGoogle Chrome Update Fixes Flaw Exploited in the Wildsubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/vulnerabilities-threats/google-chrome-update-fixes-flaw-exploited-in-the-wildDARKREADING.COM
23 AugKanister Vulnerability Opens Door to Cluster-Level Privilege EscalationExploiting this flaw, attackers can manipulate daemonsets, create service account tokens, and impersonate high-privilege accounts like cluster-admin. This could lead to a complete cluster takeover.SECURITYONLINE.INFO
23 AugPG_MEM Malware Targets PostgreSQL Databases for Crypto MiningCryptojacking attackers are targeting poorly secured PostgreSQL databases on Linux systems. According to Aqua Security researchers, the attack begins with brute-force attempts to gain access to the database credentials.AQUASEC.COM
23 AugUS oil giant Halliburton confirms cyberattack behind systems shutdown​Halliburton, one of the world's largest providers of services to the energy industry, has confirmed a cyberattack that forced it to shut down some of its systems earlier this week. [...]BLEEPINGCOMPUTER.COM
23 AugCritical Vulnerabilities Uncovered in Progress WhatsUp GoldThese vulnerabilities pose risks to organizations using outdated versions, allowing unauthorized access to sensitive data and privilege escalation through SQL Injection techniques.SECURITYONLINE.INFO
23 AugSecure Web Gateways Have Failed Us & Using AI to Prevent the Next CrowdStrike Outage -... - ESW #373###SquareX With employees spending most of their working hours on the browser, web attacks are one of the biggest attack vectors today. Yet, both enterprises and security vendors today aren’t focused on securing the browser – a huge risk given that attackers can easily bypass Sec…YOUTUBE.COM
23 AugLet’s Get Real About Where AI can Help SecOps & AI, Automation & Low-Code - Mike Lybor... - ESW #373### Swimlane and GenAI Join Swimlane CISO, Mike Lyborg and Security Weekly’s Mandy Logan as they cut through the AI peanut butter! While Generative AI is the not-so-new hot topic, it's also not the first time the cybersecurity industry has embraced emerging technology that can mi…YOUTUBE.COM
23 AugSecure Web Gateways Have Failed Us & Using AI to Prevent the Next CrowdStrike Outage -... - ESW #373SquareX With employees spending most of their working hours on the browser, web attacks are one of the biggest attack vectors today. Yet, both enterprises and security vendors today aren’t focused on securing the browser – a huge risk given that attackers can easily bypass Secure…YOUTUBE.COM
23 AugThe Number of Email-Based Cyber Attacks Detected Surge 239% in 1H 2024New data shows the most prevalent and obvious path into an organization – email – continues to be exploited by a growing number of cybercriminals.KNOWBE4.COM
23 AugAmerican Radio Relay League confirms $1 million ransom paymentThe American Radio Relay League (ARRL) paid a $1 million ransom for a decryptor that helped restore systems encrypted in a May ransomware attack [...]BLEEPINGCOMPUTER.COM
23 AugSlack Patches Prompt Injection Flaw in AI Tool SetHackers Could Exploit Bug to Manipulate Slack AI's LLM to Steal Data Chat app Slack patched a vulnerability in its artificial intelligence tool set that hackers could have exploited to manipulate an underlying large language model to phish employees and steal sensitive data. Slac…DATABREACHTODAY.CO.UK
23 AugMultiple Vulnerabilities in SolarWinds Web Help Desk Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in SolarWinds Web Help Desk (WHD), the most severe of which could allow for remote code execution. Web Help Desk (WHD) is a SolarWinds IT help desk solution. Successful exploitation of the most severe of these vulnerabilities could al…CISECURITY.ORG
23 AugCybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-AnforderungenMit der Zunahme von Cyberbedrohungen steigt auch die Zahl der Compliance-Rahmenwerke. So können CISOs diese Herausforderung bewältigen. Foto: Dapitart – shutterstock.com Die Anforderungen von Cybersicherheitsvorschriften können je nach Unternehmensgröße, Region, Branche, Datensen…CSOONLINE.COM
23 Aug KEVChrome Zero-day Vulnerability Actively Exploited in the WildGoogle has announced the release of Chrome 128 to the stable channel for Windows, Mac, and Linux. This update, Chrome 128.0.6613.84 for Linux and 128.0.6613.84/.85 for Windows and Mac addresses a critical zero-day vulnerability actively exploited in the wild. The update includes …GBHACKERS.COM
23 Aug KEVProgress WhatsUp Gold Vulnerabilities Let Attackers Inject SQL CommandsThe Progress WhatsUp Gold team confirmed the existence of critical vulnerabilities in all versions of their software released before 2024.0.0. If exploited, these vulnerabilities could allow attackers to inject SQL commands, posing significant security risks to users. Although th…GBHACKERS.COM
📋 SECURITY BULLETINS 1[−]
23 AugMicrosoft shares temp fix for Linux boot issues on dual-boot systemsMicrosoft shared a workaround for Linux boot issues triggered by August security updates on dual-boot systems with Secure Boot enabled [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 2[−]
🔥 INCIDENT REPORTING 12[−]
23 AugPopular search terms are leveraged in cyber attacks: Cyber Security Today for Friday, August 23, 2024In this episode, host Jim Love delves into significant cybersecurity news, including a rise in FakeBat malware infections from malvertising campaigns, car companies selling driver data to brokers without consent, and McAfee's new deepfake detection tool. Highlights include the so…CYBERSECURITYTODAY.LIBSYN.COM
23 AugFrom Cybercrime to Terrorism, FBI Director Says America Faces Many Elevated Threats ‘All at Once’Wray declined to talk about any specific investigation or threat but said investigations into cyberattacks, including against election infrastructure, candidates or campaigns, require help from the private sector. The post From Cybercrime to Terrorism, FBI Director Says America F…SECURITYWEEK.COM
23 AugNew Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome DataThe threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that c…THEHACKERNEWS.COM
23 AugHow Paris Olympic authorities battled cyberattacks, and won goldThe Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions. In p…SECURITYINTELLIGENCE.COM
23 AugQilin Ransomware Caught Stealing Credentials Stored in Google ChromeA recent Qilin ransomware attack targeted several endpoints, stealing VPN credentials and Chrome browser data. This attack, detected in July 2024, involved network access through compromised VPN credentials without multi-factor authentication.SOPHOS.COM
23 AugNew macOS Malware "Cthulhu Stealer" Targets Apple Users' DataDisguised as a legitimate software, Cthulhu Stealer is designed to steal credentials, cryptocurrency wallets, and other sensitive information. It prompts users to enter their system password and MetaMask password, exfiltrating them to a C2 server.THEHACKERNEWS.COM
23 AugKarakurt Ransomware Group Suspect Appears in US CourtroomLatvian Charged With Serving as Extortion Specialist for Russian-Speaking Group A Latvian national accused of serving as a Russian-speaking ransomware group's extortion specialist appeared in a U.S. courtroom this week to face a four-count indictment filed against him. Moscow res…DATABREACHTODAY.CO.UK
23 AugHalliburton shuts down systems after cyberattackA company spokesperson for the oil drilling and fracking giant declined to name the executive overseeing cybersecurity, if any. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
23 AugMedibank to Spend AU$126M on Post-Breach Security UpgradeAustralian Insurer Expects Years of Litigation Related to 2022 Hack Australia's largest provider of private health insurance says it expects to spend a total of AU$126 million, or $84.78 million, over a three-year period to upgrade its IT security. A Russia-based cybercriminal gr…DATABREACHTODAY.CO.UK
23 AugISMG Editors: CISO Disclosure Rules Changing Post-SolarWindsAlso: Ransomware Threats in Healthcare; the Growth of Mimecast In the latest weekly update, ISMG editors discussed the evolving disclosure responsibilities of CISOs, yet another ransomware attack targeting the healthcare sector, and Mimecast's latest strategic acquisition as part…DATABREACHTODAY.CO.UK
23 AugFeds to Health Sector: Don't Skimp on Physical SecurityCyberattacks Soar, But Guarding PHI From Break-Ins, Natural Disasters Is Critical Despite the endless barrage of cyberattacks hitting the healthcare sector, HIPAA-regulated entities must not neglect their duty to protect electronic patient information against physical threats, in…DATABREACHTODAY.CO.UK
23 AugBanking Lobby Asks Ginnie Mae to Modify Cyber Reporting RuleBanking and Housing Policy Groups Call New Cyber Reporting Measures 'Impractical' A group of banking and housing lobbyists are urging Ginnie Mae to redo its latest set of cybersecurity incident reporting requirements for custodians of mortgage-backed securities, calling the new m…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 23[−]
23 AugSurveillance WatchThis is a fantastic project mapping the global surveillance industry.SCHNEIER.COM
23 AugISC Stormcast For Friday, August 23rd, 2024 https://isc.sans.edu/podcastdetail/9110, (Fri, Aug 23rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
23 AugNew macOS Malware "Cthulhu Stealer" Targets Apple Users' DataCybersecurity researchers have uncovered a new information stealer that's designed to target Apple macOS hosts and harvest a wide range of information, underscoring how threat actors are increasingly setting their sights on the operating system. Dubbed Cthulhu Stealer, the malwar…THEHACKERNEWS.COM
23 AugNew macOS Malware TodoSwift Linked to North Korean Hacking GroupsA new macOS malware called TodoSwift has been linked to North Korean hacking groups by cybersecurity researchers. TodoSwift shares similarities with known malicious software used by groups like BlueNoroff, including KANDYKORN and RustBucket.THEHACKERNEWS.COM
23 AugFBI Exposing Sensitive Data via Improper Handling of Storage Devices: AuditAudit finds weaknesses in FBI’s inventory management and disposition procedures for drives containing sensitive information. The post FBI Exposing Sensitive Data via Improper Handling of Storage Devices: Audit appeared first on SecurityWeek .SECURITYWEEK.COM
23 AugRussian Member of Karakurt Cyber Extortion Gang Charged in USDeniss Zolotarjovs was charged in a US court for extorting victims and laundering cryptocurrency as part of the Karakurt cyber extortion group. The post Russian Member of Karakurt Cyber Extortion Gang Charged in US appeared first on SecurityWeek .SECURITYWEEK.COM
23 AugTake a Selfie Using a NY Surveillance CameraThis site will let you take a selfie with a New York City traffic surveillance camera.SCHNEIER.COM
23 AugHacker Tried to Dodge Child Support by Breaking Into Registry to Fake His Death, Prosecutors SayKentucky man attempted to fake his death to avoid paying child support obligations by hacking into state registries and falsifying official records. The post Hacker Tried to Dodge Child Support by Breaking Into Registry to Fake His Death, Prosecutors Say appeared first on Securit…SECURITYWEEK.COM
23 AugUS, Allies Release Guidance on Event Logging and Threat DetectionGovernment agencies in the US and allied countries have released guidance on how organizations can define a baseline for event logging best practices. The post US, Allies Release Guidance on Event Logging and Threat Detection appeared first on SecurityWeek .SECURITYWEEK.COM
23 AugDegraded Performance Issue Sparks Concern Among CrowdStrike CustomersCrowdStrike has addressed a cloud service issue causing degraded performance and boot times for some of its customers. The post Degraded Performance Issue Sparks Concern Among CrowdStrike Customers appeared first on SecurityWeek .SECURITYWEEK.COM
23 AugMalvertising Campaign Impersonates Dozens of Google ProductsA malvertising campaign is abusing Google ads to impersonate Google’s entire product line, according to researchers at Malwarebytes. The malicious ads are designed to lure victims into a tech support scam.KNOWBE4.COM
23 AugDeceptive AI: A New Wave of Cyber ThreatsAs artificial intelligence (AI) technology advances, its influence on social media has become more and more pervasive and riddled with challenges. In particular, the ability for humans to discern genuine content from AI-generated material.KNOWBE4.COM
23 AugRussian laundering millions for Lazarus hackers arrested in ArgentinaThe federal police in Argentina (PFA) have arrested a 29-year-old Russian national in Buenos Aires, who is facing money laundering charges related to cryptocurrency proceeds of the notorious North Korean hackers' Lazarus Group.' [...]BLEEPINGCOMPUTER.COM
23 AugGreasy Opal's CAPTCHA solver still serving cybercrime after 16 yearsA developer that researchers now track as Greasy Opal, operating as a seemingly legitimate business, has been fueling the cybercrime-as-a-service industry with a tool that bypasses account security solutions and allows bot-led CAPTCHA solving at scale. [...]BLEEPINGCOMPUTER.COM
23 AugIn Other News: FAA Improving Cyber Rules, Android Malware Enables ATM Withdrawals, Data Theft via Slack AINoteworthy stories that might have slipped under the radar: FAA improving cyber rules for airplanes, NGate Android malware used to steal cash from ATMs, abusing Slack AI to steal data. The post In Other News: FAA Improving Cyber Rules, Android Malware Enables ATM Withdrawals, Dat…SECURITYWEEK.COM
23 AugOff-Topic Fridaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
23 AugMoonPeak Malware From North Korean Actors Unveils New Details on Attacker InfrastructureMoonPeak is an evolved form of the Xeno RAT malware previously used by North Korean actors and is capable of loading plugins, launching processes, and communicating with a command-and-control (C2) server.TALOSINTELLIGENCE.COM
23 AugDOJ Lawsuit Accuses Georgia Tech of Cybersecurity FailuresNew Lawsuit Alleges Georgia Tech Submitted 'False' Cybersecurity Score to DOD The Justice Department intervened in a whistleblower lawsuit against the Georgia Institute of Technology and the Georgia Tech Research Corp. for allegedly failing to implement federally required cyberse…DATABREACHTODAY.CO.UK
23 AugThe end of the road for some cyber startups & making detection actually work! - ESW #373This week, in the enterprise security news, 1. A funding that looks like an acquisition 2. And two for-sure acquisitions 3. Rumors that there are funding problems for early stage cyber startups, and we’ll see a lot more acquisitions before the end of the year 4. Speaking of rumor…YOUTUBE.COM
23 AugFaking your own death, Fake Reviews, Solar Winds, Recall, Winux, Kubernetes, and More - SWN #409Faking your death, Fake Reviews, Solar Winds, AWS, Recall, Winux, Kubernetes, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-409YOUTUBE.COM
23 AugBusiness Email Compromise Scams Rise 20%, Making up Nearly Half of all Spam EmailsNew research on email threats points to AI-based tools to assist in generating BEC content. And the overwhelming targeted role may or may not surprise you.KNOWBE4.COM
23 AugFriday Squid Blogging: Self-Healing Materials from Squid TeethMaking self-healing materials based on the teeth in squid suckers. Blog moderation policy.SCHNEIER.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
23 AugHardware Backdoor in Millions of Shanghai Fudan Microelectronics RFID Cards Allows CloningResearchers from Quarkslab found a hardware backdoor in the FM11RF08S RFID cards manufactured by Shanghai Fudan Microelectronics, enabling attackers to compromise user-defined keys within minutes.SECURITYAFFAIRS.COM
23 AugNew PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie DownloadsCybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based…THEHACKERNEWS.COM
23 AugLearn with Region 8’s Webinar ProgramJoin us each month for special events and webinars featuring topics crucial to infrastructure security.CISA.GOV
23 AugNGate Android Malware Relays NFC Traffic to Steal Credit Card DataThis malware allows attackers to emulate victims' cards, enabling them to make unauthorized payments or withdraw cash from ATMs. The campaign has been active since November 2023.WELIVESECURITY.COM
🎙️ PODCASTS 1[−]
📡 INFOSEC NEWS 15[−]
23 AugLatvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime GroupA 33-year-old Latvian national living in Moscow, Russia, has been charged in the U.S. for allegedly stealing data, extorting victims, and laundering ransom payments since August 2021. Deniss Zolotarjovs (aka Sforza_cesarini) has been charged with conspiring to commit money launde…THEHACKERNEWS.COM
23 AugFraudulent Slack Ad Shows Malvertiser’s Patience and SkillsThe suspicious ad for Slack appeared legitimate but was likely malicious. Clicking on it would initially redirect to slack.com. However, after several days, it started redirecting to a click tracker, showing signs of a potentially malicious campaign.MALWAREBYTES.COM
23 AugFocus on What Matters Most: Exposure Management and Your Attack SurfaceRead the full article for key points from Intruder’s VP of Product, Andy Hornegold’s recent talk on exposure management. If you’d like to hear Andy’s insights first-hand, watch Intruder’s on-demand webinar. To learn more about reducing your attack surface, reach out to their…THEHACKERNEWS.COM
23 AugNew Phishing Campaign Targets US Government OrganizationsThe attackers have become more sophisticated in their approach, specifically targeting email addresses from 338 US government entities. The phishing links redirect victims to a fake Microsoft Teams login page.SECURITYONLINE.INFO
23 AugWebinar: Experience the Power of a Must-Have All-in-One Cybersecurity PlatformLet's be honest. The world of cybersecurity feels like a constant war zone. You're bombarded by threats, scrambling to keep up with patches, and drowning in an endless flood of alerts. It's exhausting, isn’t it? But what if there was a better way? Imagine having every essential c…THEHACKERNEWS.COM
23 AugPandas Errors: What encoding are my logs in?, (Fri, Aug 23rd)While trying to process some of my honeypot data, I ran into the following error in my Python script: "Exception has occurred: ValueError values should be unique if codes is not None" ISC.SANS.EDU
23 AugLocal Networks Go Global When Domain Names CollideThe proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn't exist at the time. Meaning, they are continuously sending t…KREBSONSECURITY.COM
23 AugSolarWinds Leaks Credentials In HotfixPACKETSTORMSECURITY.COM
23 AugHow to hack wireless bicycle gears | Kaspersky official blogA security analysis of Shimano Di2 wireless gear-shifting system has uncovered several attack vectors therefor.KASPERSKY.COM
23 AugIs AI Making Banking Safer or Just More Complicated?As Banks Combat Fraud, Customers Feel the Strain of Overly Cautious Measures In today’s AI-driven world, banks are becoming increasingly vigilant, often freezing accounts or demanding extensive documentation at the slightest hint of suspicious activity. Sending money, once a stra…DATABREACHTODAY.CO.UK
23 AugHackers now use AppDomain Injection to drop CobaltStrike beaconsA wave of attacks that started in July 2024 rely on a less common technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET application on Windows. [...]BLEEPINGCOMPUTER.COM
23 AugNew Windows 10 22H2 beta fixes memory leaks and crashesMicrosoft has released a new Windows 10 22H2 beta (KB5041582) with memory leak and crash fixes for Insiders in the Beta and Release Preview channels. [...]BLEEPINGCOMPUTER.COM
23 AugA Tangled Web We Weave: When Reported M&A Never MaterializesWhy Acquisition Reports Emerge in the Media, and What It Means for Those Mentioned Companies historically responded to M&A reports with milquetoast statements about "not commenting on rumors or speculation," but aggressive clapbacks have become much more common. Increasingly,…DATABREACHTODAY.CO.UK
23 AugPWA phishing on Android and iOS – Week in security with Tony AnscombePhishing using PWAs? ESET Research's latest discovery might just ruin some users' assumptions about their preferred platform's securityWELIVESECURITY.COM