matlock.ca // THREAT INTELLIGENCE

106Articles

9Categories

2024-08-27Date

🚨

CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-38856 Apache OFBiz Incorrect Authorization Vulnerability These types of vulnerabilities are frequent attack vectors for malic…

KEVCISA.GOV — Tue, 27 Aug 24 1

🚨

Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-39717Versa Networks has released an advisory for a vulnerability ( CVE-2024-39717 ) in Versa Director, a key component in managing SD-WAN networks, used by some Internet Service Providers (ISPs) and Managed Service Providers (MSPs). A cyber threat actor could exploit this vulnerabilit…

KEVCISA.GOV — Tue, 27 Aug 24 1

🐛

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation

THEHACKERNEWS.COM — 27 Aug 2024

🐛

Vesra File Type Upload Vulnerability Lets Attackers Gain Sys-Admin Access from MSP

GBHACKERS.COM — 27 Aug 2024

🐛

Centreon Issues Critical Security Update to Fix SQL Injection Vulnerabilities That Threaten IT Monitoring

SECURITYONLINE.INFO — 27 Aug 2024

🐛

News Chrome 0-Day Vulnerability (CVE-2024-7965) Actively Exploited in the Wild

KEVGBHACKERS.COM — 27 Aug 2024

🐛

Update: Researcher Publishes PoC Exploit for Zero-Click Windows RCE Threat

SECURITYONLINE.INFO — 27 Aug 2024

🐛

Google says a critical Chrome bug was exploited after a patch was released

KEVCSOONLINE.COM — 27 Aug 2024

🐛

Audit of Airswift's Supply Chain Financing

QUARKSLAB.COM — 2024-08-27

🐛

SonicWall Patches Critical Flaw Affecting its Firewalls (CVE-2024-40766)

HELPNETSECURITY.COM — 27 Aug 2024

🐛

Google Tags a Tenth Chrome Zero-Day as Exploited This Year

BLEEPINGCOMPUTER.COM — 27 Aug 2024

🐛

China’s Volt Typhoon exploits Versa zero-day to hack US ISPs and IT firms

KEVCSOONLINE.COM — 27 Aug 2024

⚠️

Researcher discovers exposed ServiceBridge database

CSOONLINE.COM — 27 Aug 2024

⚠️

Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot

THEHACKERNEWS.COM — 27 Aug 2024

⚠️

10 top anti-phishing tools and services

KEVCSOONLINE.COM — 27 Aug 2024

⚠️

Critical SSTI Flaw in WPML Plugin Exposes Millions of WordPress Sites to RCE Attacks

SECURITYONLINE.INFO — 27 Aug 2024

⚠️

Researchers Discover Several Potential Attack Vectors in Bicycles With Shimano Di2 Wireless Gear-Shifting System

THECYBEREXPRESS.COM — 27 Aug 2024

⚠️

Bug bounty programs take root in Russia — with possible far-reaching implications

CSOONLINE.COM — 27 Aug 2024

⚠️

Google Warns of Exploited Chrome Vulnerability

KEVSECURITYWEEK.COM — 27 Aug 2024

⚠️

Researchers Discover Over 20 Supply Chain Vulnerabilities in MLOps Platforms

JFROG.COM — 27 Aug 2024

⚠️

The Changing Dynamics of Ransomware as Law Enforcement Strikes

HELPNETSECURITY.COM — 27 Aug 2024

⚠️

Ransomware Recovery Costs Have Doubled for State and Local Governments

KNOWBE4.COM — 27 Aug 2024

⚠️

Microsoft Copilot Prompt Injection Vulnerability Let Hackers Exfiltrate Sensitive Data

GBHACKERS.COM — 27 Aug 2024

⚠️

Nuclei: Open-Source Vulnerability Scanner

HELPNETSECURITY.COM — 27 Aug 2024

⚠️

Changing the Course of IoT's Future from Its Insecure Past - Paddy Harrington - ASW #297

YOUTUBE.COM — 2024-08-27

⚠️

Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs

BLEEPINGCOMPUTER.COM — 27 Aug 2024

⚠️

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors

THEHACKERNEWS.COM — 27 Aug 2024

⚠️

Chinese government hackers targeted U.S. internet providers with zero-day exploit, researchers say

TECHCRUNCH.COM — 27 Aug 2024

⚠️

Vulnerability Management: Tips and Techniques - John Kellerhals - CSP #189

YOUTUBE.COM — 2024-08-27

⚠️

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

KREBSONSECURITY.COM — 27 Aug 2024

⚠️

WPML Multilingual CMS Authenticated Contributor+ Remote Code Execution Via SSTI

PACKETSTORMSECURITY.COM — 27 Aug 2024

⚠️

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites

SECURITYWEEK.COM — 27 Aug 2024

⚠️

The Role of AI in Email Security: Beyond Phishing Detection

CSOONLINE.COM — 27 Aug 2024

⚠️

MGs, Free Speech, sedexp, Cthulhu, SeaTac, GrimResource, ServiceBridge, Josh Marpet.. - SWN #410

YOUTUBE.COM — 2024-08-27

⚠️

China's Volt Typhoon Exploits 0-day in Versa's SD-WAN Director Servers

DARKREADING.COM — 27 Aug 2024

⚠️

Not a SOC FAQ! This is SOC FMD!

MEDIUM.COM — 27 Aug 2024

📢

Foxit security advisory (AV24-483)

CYBER.GC.CA — 2024-08-27

📢

Telegram founder’s arrest raises anxiety about future of end-to-end encryption

CSOONLINE.COM — 27 Aug 2024

📢

[Control systems] B&R security advisory (AV24-484)

CYBER.GC.CA — 2024-08-27

📢

McLaren Health: IT Operations Fully Back Online Post-Attack

DATABREACHTODAY.CO.UK — 2024-08-27

📢

Wipro, AWS Team up to Address Compliance in the Cloud Era

DATABREACHTODAY.CO.UK — 2024-08-27

🔥

Top-5 leaks of all time | Kaspersky official blog

KASPERSKY.COM — 27 Aug 2024

🔥

Seattle Airport Blames Outages on Possible Cyberattack

SECURITYWEEK.COM — 27 Aug 2024

🔥

McDonald’s Instagram Hacked by Crypto Scammers to Steal $700,000

THECYBEREXPRESS.COM — 27 Aug 2024

🔥

Cost of data breaches: The business case for security AI and automation

SECURITYINTELLIGENCE.COM — 27 Aug 2024

🔥

Microsoft 365 Flags Emails with Images as Malware: A Growing Concern for Users

GBHACKERS.COM — 27 Aug 2024

🔥

Microsoft Convenes Endpoint Security Firms Following CrowdStrike Incident

SECURITYWEEK.COM — 27 Aug 2024

🔥

Seattle Airport Blames Outages On Possible Cyberattack

PACKETSTORMSECURITY.COM — 27 Aug 2024

🔥

EDR Killer Ransomware: What It Is, How To Repel

PACKETSTORMSECURITY.COM — 27 Aug 2024

🔥

PythonAnywhere Cloud Platform Abused for Hosting Ransomware

HACKREAD.COM — 27 Aug 2024

🔥

Complete Guide to Protecting Seven Attack Vectors

TRENDMICRO.COM — 27 Aug 2024

🔥

Ransomware Hackers Steal Medical Insurance Data of 1M People

DATABREACHTODAY.CO.UK — 2024-08-27

🔥

Park’N Fly notifies 1 million customers of data breach

BLEEPINGCOMPUTER.COM — 27 Aug 2024

🔥

Attack tool update impairs Windows computers

SOPHOS.COM — 27 Aug 2024

🔥

India's Critical Infrastructure Suffers Spike in Cyberattacks

DARKREADING.COM — 27 Aug 2024

🔥

Patelco Breach Affected 726,000 Customers, Employees

DATABREACHTODAY.CO.UK — 2024-08-27

🔥

Windows Downdate tool lets you 'unpatch' Windows systems

BLEEPINGCOMPUTER.COM — 27 Aug 2024

🔥

Lateral Movement: Clearest Sign of Unfolding Ransomware Attack

HELPNETSECURITY.COM — 27 Aug 2024

🔥

Report: A Third of Organizations Suffer SaaS Data Breaches Last Year

INFOSECURITY-MAGAZINE.COM — 27 Aug 2024

🔥

US Marshals Service disputes ransomware gang's breach claims

BLEEPINGCOMPUTER.COM — 27 Aug 2024

🔥

BlackSuit ransomware stole data of 950,000 from software vendor

BLEEPINGCOMPUTER.COM — 27 Aug 2024

🕵️

ISC Stormcast For Tuesday, August 27th, 2024 https://isc.sans.edu/podcastdetail/9114, (Tue, Aug 27th)

ISC.SANS.EDU — 27 Aug 2024

🕵️

Is wpa3 reccomended on a home network?

SH.ITJUST.WORKS — 27 Aug 2024

🕵️

Hackers Claim to Have Stolen Top Secret Documents From the U.S. Marshals Service

GIZMODO.COM — 27 Aug 2024

🕵️

Pidgin Users Beware! Malicious Plugin Discovered with Keylogger

SECURITYONLINE.INFO — 27 Aug 2024

🕵️

Identity of Notorious Hacker USDoD Revealed

SECURITYWEEK.COM — 27 Aug 2024

🕵️

The Present and Future of TV Surveillance

SCHNEIER.COM — 2024-08-27

🕵️

More Carrots and Fewer Sticks

KNOWBE4.COM — 27 Aug 2024

🕵️

Cisco to Acquire AI Security Firm Robust Intelligence

SECURITYWEEK.COM — 27 Aug 2024

🕵️

Why Is Python so Popular to Infect Windows Hosts?, (Tue, Aug 27th)

ISC.SANS.EDU — 27 Aug 2024

🕵️

NTLM Credential Theft Risk in Python Apps Threaten Windows Security

HACKREAD.COM — 27 Aug 2024

🕵️

Hackers Use Rare Stealth Techniques to Down Asian Military, Gov't Orgs

DARKREADING.COM — 27 Aug 2024

🕵️

Group Offers CAPTCHA-Solving Services to Cybercriminals

INFOSECURITY-MAGAZINE.COM — 27 Aug 2024

🕵️

CyberheistNews Vol 14 #35 [PROVED] Unsuspecting Call Recipients Are Super Vulnerable to AI Vishing

KNOWBE4.COM — 27 Aug 2024

🕵️

When Convenience Costs: CISOs Struggle With SaaS Security Oversight

SECURITYWEEK.COM — 27 Aug 2024

🕵️

Join SASE Converge — Where the Future of SASE Comes Together

PALOALTONETWORKS.COM — 27 Aug 2024

🕵️

Apache HTTPD Vulns, Hacking IoT Speakers, Use Cases for WASM, Slack AI Leak - ASW #297

YOUTUBE.COM — 2024-08-27

🕵️

Cribl Raises $319 Million at $3.5 Billion Valuation

SECURITYWEEK.COM — 27 Aug 2024

🕵️

Can You Trust AI in Cybersecurity? 🤔 Edward Wu Breaks It Down!

YOUTUBE.COM — 2024-08-27

🕵️

Cribl Gets $319M on $3.5B Valuation to Boost Data Management

DATABREACHTODAY.CO.UK — 2024-08-27

🕵️

Check Point to Buy External Risk Management Vendor Cyberint

DATABREACHTODAY.CO.UK — 2024-08-27

🕵️

Tech Orgs: UN Cybercrime Treaty Will Worsen Global Security

DATABREACHTODAY.CO.UK — 2024-08-27

🌐

Hackers Infect ISPs With Malware That Steals Customer Credentials

PACKETSTORMSECURITY.COM — 27 Aug 2024

🌐

macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

THEHACKERNEWS.COM — 27 Aug 2024

🌐

Malware infiltrates Pidgin messenger’s official plugin repository

BLEEPINGCOMPUTER.COM — 27 Aug 2024

🎙️

The AI Fix #13: ChatGPT runs for mayor, and should we stop killer robots?

GRAHAMCLULEY.COM — 27 Aug 2024

📡

Tech Support Scam Found Hijacking Microsoft Search Queries Through Google Ads

MALWAREBYTES.COM — 27 Aug 2024

📡

Zimbabwe Government Places Priority on Cybersecurity Training for Public Servants

THECYBEREXPRESS.COM — 27 Aug 2024

📡

Researchers Warn of Text Scams That Send Drivers Fake Bills for Highway Tolls

THERECORD.MEDIA — 27 Aug 2024

📡

Uber Hit With $324m GDPR Fine

INFOSECURITY-MAGAZINE.COM — 27 Aug 2024

📡

CTEM in the Spotlight: How Gartner's New Categories Help to Manage Exposures

THEHACKERNEWS.COM — 27 Aug 2024

📡

Microsoft Sway abused in massive QR code phishing campaign

BLEEPINGCOMPUTER.COM — 27 Aug 2024

📡

NASA IV&V Facility Expands Cybersecurity Work and Educational Outreach

THECYBEREXPRESS.COM — 27 Aug 2024

📡

How to identify unknown assets while pen testing

BLEEPINGCOMPUTER.COM — 27 Aug 2024

📡

AMD Internal Data Reportedly Offered For Sale

PACKETSTORMSECURITY.COM — 27 Aug 2024

📡

In a Kyiv Hangar, Ukraine Launches a Cyber Range for Everyone

THERECORD.MEDIA — 27 Aug 2024

📡

Watchdog Warns FBI Is Sloppy On Secure Data Storage And Destruction

PACKETSTORMSECURITY.COM — 27 Aug 2024

📡

Microsoft Security Tools Questioned For Treating Employees As Threats

PACKETSTORMSECURITY.COM — 27 Aug 2024

📡

Two Strategies to Protect Your Business From the Next Large-Scale Tech Failure

HELPNETSECURITY.COM — 27 Aug 2024

📡

Top Universities to Battle in Cybersecurity at UNSW’s Upcoming Australian Cybersecurity Games

THECYBEREXPRESS.COM — 27 Aug 2024

📡

The U.S. military’s latest psyop? Advertising on Tinder

TECHCRUNCH.COM — 27 Aug 2024

📡

New Cheana Stealer Threat Targets VPN Users Across Multiple Operating Systems

THECYBEREXPRESS.COM — 27 Aug 2024

📡

Notion exits Russia and will terminate accounts in September

BLEEPINGCOMPUTER.COM — 27 Aug 2024

📡

Windows 11 KB5041587 update adds sharing to Android devices

BLEEPINGCOMPUTER.COM — 27 Aug 2024

📡

Election Security Partners Host 7th Annual Tabletop the Vote Exercise for 2024

CISA.GOV — Tue, 27 Aug 24 1

📡

Old devices, new dangers: The risks of unsupported IoT tech

WELIVESECURITY.COM — 27 Aug 2024