16Articles
7Categories
2024-08-24Date
🚨 CISA KEV 1[βˆ’]
24 Aug KEVCISA Adds Dahua IP Camera, Linux Kernel, and Microsoft Exchange Server Bugs to its KEV CatalogThe CISA has added new vulnerabilities to its Known Exploited Vulnerabilities catalog, including Dahua IP Camera authentication bypass flaws, a Linux Kernel buffer overflow issue, and a Microsoft Exchange Server vulnerability.SECURITYAFFAIRS.COM
πŸ› COMMON VULNERABILITIES AND EXPOSURES 3[βˆ’]
24 AugExploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows Kernel Streaming WOW ThunkThis vulnerability allows local attackers to escalate privileges to SYSTEM level through a heap-based buffer overflow. With a CVSS score of 7.8, CVE-2024-38054 is a critical flaw patched by Microsoft in July.SECURITYONLINE.INFO
24 AugChina-linked APT Velvet Ant Exploited Zero-Day to Compromise Cisco Nexus SwitchesThe China-linked APT group Velvet Ant exploited a zero-day vulnerability in Cisco switches, CVE-2024-20399, to take control of network devices. The flaw in Cisco NX-OS Software's CLI enabled attackers with Admin credentials to run arbitrary commands.SECURITYAFFAIRS.COM
24 Aug KEVCISA Urges Federal Agencies to Patch Versa Director Vulnerability by SeptemberThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS s…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 2[βˆ’]
24 AugSlack Patches AI Bug That Exposed Private ChannelsSlack fixed a vulnerability in its AI feature that could allow attackers to steal data from private channels. The flaw involved a prompt injection flaw in an AI feature, which allowed attackers to manipulate the system to perform malicious actions.DARKREADING.COM
24 AugUrgent Edge Security Update: Microsoft Patches Zero-day & RCE VulnerabilitiesThe urgent security update, Microsoft Edge Stable Channel Version 128.0.2739.42, based on Chromium versions 128.0.6613.85 and 128.0.6613.84, addresses a total of 25 security issues.SECURITYONLINE.INFO
πŸ”₯ INCIDENT REPORTING 2[βˆ’]
24 AugCyber Security Today Week In Review: Saturday, August 24th, 2024Join host Jim Love in this weekend edition of Cyber Security Today, featuring a distinguished panel including Terry Cutler (Cyology Labs), David Shipley (Beauceron Security), and special guest Tara Gold (Cado Security). The episode delves into key cybersecurity topics including t…CYBERSECURITYTODAY.LIBSYN.COM
24 AugNSA Issues Guidance for Better Logging, Threat Detection to Prevent LotL IncidentsThe NSA has released guidelines to improve logging and threat detection for Living-off-the-Land (LotL) attacks in cloud services, enterprise networks, mobile devices, and OT networks as part of a global effort for critical infrastructure security.DARKREADING.COM
πŸ•΅οΈ THREAT INTELLIGENCE 4[βˆ’]
24 AugThe end of the road for some cyber startups & making detection actually work! - ESW #373This week, in the enterprise security news, 1. A funding that looks like an acquisition 2. And two for-sure acquisitions 3. Rumors that there are funding problems for early stage cyber startups, and we’ll see a lot more acquisitions before the end of the year 4. Speaking of rumor…YOUTUBE.COM
24 AugMeta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsAppMeta Platforms on Friday became the latest company after Microsoft, Google, and OpenAI to expose the activities of an Iranian state-sponsored threat actor, who it said used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and t…THEHACKERNEWS.COM
24 AugGreasy Opal's CAPTCHA Solver Still Serving Cybercrime After 16 YearsGreasy Opal, a well-known developer, has been aiding cybercriminals for 16 years by offering a tool that can solve CAPTCHAs automatically on a large scale, bypassing security measures.BLEEPINGCOMPUTER.COM
24 AugEmail Security for Every Tastesubmitted by loudwhisper to cybersecurity 1 points | 0 comments https://loudwhisper.me/blog/email-security/ cross-posted from: infosec.pub/post/16642151 (I have just learned you can cross-post!) As someone who has read plenty of discussions about email security (some of them in t…LOUDWHISPER.ME
🌐 CYBER THREAT LANDSCAPE 1[βˆ’]
24 AugStealthy 'sedexp' Linux malware evaded detection for two yearsA stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework. [...]BLEEPINGCOMPUTER.COM
πŸ“‘ INFOSEC NEWS 3[βˆ’]
24 AugHackers Now Use AppDomain Injection to Drop Cobalt Strike BeaconsHackers are now using AppDomain Injection to drop Cobalt Strike beacons in a series of attacks that began in July 2024. This technique, known as AppDomain Manager Injection, can weaponize any Microsoft .NET application on Windows.BLEEPINGCOMPUTER.COM
24 AugSecurity Flaws in UK Political Party Donation Platforms ExposedDataDome researchers found that major UK political parties lack critical security features to protect against bot and credential stuffing attacks on their donation platforms.INFOSECURITY-MAGAZINE.COM
24 AugLiverpool Fans Lose Big in Premier League Ticket ScamsLiverpool fans have suffered the most in Premier League ticket scams for the 2023/24 season, losing over Β£17,000 (~$22,460) to criminals, as revealed by a report from NatWest Bank. Arsenal supporters were also hit hard, losing Β£12,000 (~$15,855).INFOSECURITY-MAGAZINE.COM