101Articles
9Categories
2024-08-28Date
🚨 CISA KEV 1[−]
28 Aug KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-7965  Google Chromium V8 Inappropriate Implementation Vulnerability These types of vulnerabilities are frequent attack vectors for m…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 11[−]
28 AugCryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining EcosystemA technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system.TRENDMICRO.COM
28 AugCritical WPML Plugin Flaw Exposes WordPress Sites to Remote Code ExecutionA critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), impacts all versions of the pl…THEHACKERNEWS.COM
28 Aug KEVCISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation ReportsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation…THEHACKERNEWS.COM
28 AugRockwell Automation ThinManager Flaw Let Attackers Execute Remote CodeRockwell Automation’s ThinManager ThinServer has been found to contain multiple critical vulnerabilities that could allow attackers to execute remote code. Nicholas Zubrisky of Trend Micro Security Research discovered the flaws, identified as CVE-2024-7986, CVE-2024-7987, a…GBHACKERS.COM
28 Aug KEVCritical Apache OFBiz Vulnerability CVE-2024-38856 Identified and Actively ExploitedThis flaw allows attackers to execute remote code without authentication, posing a serious risk. Versions up to 18.12.14 are affected, and organizations are advised to upgrade to version 18.12.15 to mitigate the issue.THECYBEREXPRESS.COM
28 AugCryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining EcosystemCVE-2023-22527 is a critical vulnerability exploited for cryptojacking activities. Attack tactics include shell scripts, XMRig miners, targeting SSH endpoints, and establishing persistence through cron jobs.TRENDMICRO.COM
28 AugCritical plugin flaw opens over a million WordPress sites to RCE attacksA critical vulnerability has been reported in WPML — a multilingual WordPress plugin with more than a million installations globally — that allows remote code execution on affected WordPress sites. The vulnerability tracked as CVE-2024-6386 received a CVSS rating of 9.9 out of 10…CSOONLINE.COM
28 AugFortra Issues Patch for High-Risk FileCatalyst Workflow Security VulnerabilityFortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect …THEHACKERNEWS.COM
28 AugBlackByte ransomware gang exploits more orgs than previously knownAccording to security researchers, the BlackByte ransomware group has been more active in exploiting organizations than previously thought. Security researchers from Cisco Talos have found evidence that the number of victims listed by BlackByte on its data leak site in recent mon…CSOONLINE.COM
28 AugAttackers Exploit Critical Atlassian Confluence Flaw for Cryptojackingsubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.darkreading.com/threat-intelligence/attackers-exploit-critical-atlassian-confluence-flaw-for-cryptojacking Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under …DARKREADING.COM
28 AugAnalysis of two arbitrary code execution vulnerabilities affecting WPS OfficeDemystifying CVE-2024-7262 and CVE-2024-7263WELIVESECURITY.COM
⚠️ VULNERABILITY DISCLOSURE 37[−]
28 AugWhat is OWASP? A standard bearer for better web application securityOriginally formed as the Open Web Application Security Project and incorporated as a nonprofit charity in 2004, OWASP provides impartial advice on best practices and promotes the creation of open standards. Today, OWASP aims to help developers write better software and enable sec…CSOONLINE.COM
28 AugFour Internet Service Providers are breached by sophisticated cyber attack. Cyber Security Today for Wednesday, August 28, 2024Critical Cyber Security Alerts: Major Vulnerabilities and Exploits Unveiled In today's episode of Cyber Security Today, host Jim Love discusses a series of alarming cyber security incidents. Topics include a sophisticated attack exploiting a zero-day vulnerability in a popular ne…CYBERSECURITYTODAY.LIBSYN.COM
28 AugNew QR Code Phishing Campaign Exploits Microsoft Sway to Steal CredentialsCybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes. "By using legitimate cloud ap…THEHACKERNEWS.COM
28 AugSport 2000 - 3,189,643 breached accountsIn April 2024, the French sporting equipment manufacturer Sport 2000 announced it had suffered a data breach . The data was subsequently put up for sale on a popular hacking forum and included 4.4M rows with 3.2M unique email addresses alongside names, physical addresses, phone n…HAVEIBEENPWNED.COM
28 AugResearchers Disclosed 20 Vulnerabilities Exploited To Attack ML Used In OrgsThe MLOps pipeline automates the machine learning lifecycle, from model training to deployment, which involves defining the pipeline using Python code, monitoring for dataset or model parameter changes, training new models, evaluating them, and deploying successful models to prod…GBHACKERS.COM
28 AugMicrosoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 CopilotNew details have emerged about a patched vulnerability in Microsoft 365 Copilot that could lead to the theft of sensitive user information through a technique known as ASCII smuggling.PLEDGETIMES.COM
28 AugHow not to hire a North Korean IT spyCISOs looking for new IT hires already struggle with talent market shortages and bridging cybersecurity skills gaps . But now they face a growing challenge from an unexpected source: sanctions-busting North Korean software developers posing as potential hires. North Korea is acti…CSOONLINE.COM
28 AugAirtags Locator Device used to Grab the Stolen ParcelTwo suspects have been apprehended for mail theft after being tracked using an AirTag locator device. The incident unfolded on August 19, 2024, when deputies responded to a theft report at the Los Alamos Post Office. This innovative use of technology highlights the potential of m…GBHACKERS.COM
28 AugSouth Korean APT Group Exploits WPS Office Zero-Day for EspionageESET uncovered a new cyber-espionage campaign tied to a South Korean APT group that used a remote code execution (RCE) vulnerability in WPS Office for Windows to deploy a custom backdoor called "SpyGlace."INFOSECURITY-MAGAZINE.COM
28 Aug KEVSecond Apache OFBiz Vulnerability Exploited in AttacksCISA is warning organizations that a second Apache OFBiz flaw is being exploited in the wild shortly after the release of PoC exploits. The post Second Apache OFBiz Vulnerability Exploited in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugBlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack WaveThe threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections. "The BlackByte ransomware group contin…THEHACKERNEWS.COM
28 AugPSA: Github currently has spambot/ malware links problem.submitted by True to cybersecurity 2 points | 0 comments https://lemy.lol/pictrs/image/7731c5ff-1b38-4d46-9bb8-de3d9b75391e.jpeg Source.LEMY.LOL
28 AugChina's Volt Typhoon Exploits Zero-Day Flaw in Versa's SD-WAN Director ServersLumen researchers identified the bug and reported it to Versa in June, with active exploitation by Volt Typhoon observed since at least June. The attackers use a Web shell called VersaMem to capture credentials and monitor system activity.DARKREADING.COM
28 AugPoC Exploit for Zero-Click Vulnerability Made Available to the Massessubmitted by kid to cybersecurity 3 points | 0 comments https://www.darkreading.com/vulnerabilities-threats/poc-exploit-for-zero-click-vulnerability-made-available-to-the-massesDARKREADING.COM
28 AugVersa Director Zero-day Vulnerability Let Attackers Upload Malicious FilesVersa Networks specializes in successful business. It offers Secure Access Service Edge (SASE), consolidating networking and security services in a single, cloud-based platform. Enterprises and service providers can redesign their networks to achieve new levels of business succes…GBHACKERS.COM
28 AugPootry EDR Killer Malware Wipes Out Security Tools From Windows MachineWindows drivers can be abused to bypass security measures. Attackers can exploit vulnerabilities in legitimate drivers or use stolen or forged digital signatures to load malicious drivers into the operating system’s kernel. These drivers can then interfere with security sof…GBHACKERS.COM
28 AugCisco snaps up AI security player Robust IntelligenceCisco on Tuesday announced plans to acquire Robust Intelligence, a security startup with a platform designed to protect AI models and data throughout the development-to-production lifecycle. It’s paying an undisclosed amount to acquire the company, which Cisco has previously inve…NETWORKWORLD.COM
28 AugCISA and Partners Release Advisory on Iran-based Cyber Actors Enabling Ransomware Attacks on US OrganizationsToday, CISA—in partnership with the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3)—released Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations . This joint advisory warns of cyber actors, known in the private se…CISA.GOV
28 AugTDECU MOVEit Data Breach, 500,000+ members’ Personal Data ExposedTexas Dow Employees Credit Union (TDECU) has disclosed that the personal information of over 500,000 members was exposed due to a security compromise involving a third-party vendor, MOVEit. The breach, which occurred between May 29 and 31, raised concerns about the safety of sens…GBHACKERS.COM
28 AugChinese Nation-State Attackers Tied to Versa Zero-Day HitTargeted Versa Software Used by Service Providers to Manage Wide Area Networks Chinese nation-state attackers are actively exploiting a zero-day vulnerability in Versa Director software, used by major internet and managed service providers to deploy, configure and monitor network…DATABREACHTODAY.CO.UK
28 AugBlackByte Blends Known Tactics With New Encryptor Variant and Vulnerability Exploits to Support Ongoing AttacksThe latest encryptor variant identified by researchers at Cisco Talos appends the file extension ‘blackbytent_h’ to encrypted files. This variant also includes the deployment of four vulnerable drivers, an increase from previous reports.TALOSINTELLIGENCE.COM
28 AugAPT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace BackdoorA South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace. The activity has been attributed to a threat actor dubbed APT-C-60, accordi…THEHACKERNEWS.COM
28 AugWPS Office Zero-Day Exploited by South Korea-Linked CyberspiesA WPS Office zero-day vulnerability tracked as CVE⁠-⁠2024⁠-⁠7262 was exploited by South Korean hacker group APT-C-60. The post WPS Office Zero-Day Exploited by South Korea-Linked Cyberspies appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugDICK’s Sporting Goods says confidential data exposed in cyberattackDICK'S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that sensitive information was exposed in a cyberattack detected last Wednesday. [...]BLEEPINGCOMPUTER.COM
28 AugCensys Finds Hundreds of Exposed Servers as Volt Typhoon APT Targets ISPs, MSPsAmidst Volt Typhoon zero-day exploitation, Censys finds hundreds of exposed servers presenting ripe attack surface for attackers. The post Censys Finds Hundreds of Exposed Servers as Volt Typhoon APT Targets ISPs, MSPs appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugGoogle increases Chrome bug bounty rewards up to $250,000Google has more than doubled payouts for Google Chrome security flaws reported through its Vulnerability Reward Program, with the maximum possible reward for a single bug now exceeding $250,000. [...]BLEEPINGCOMPUTER.COM
28 AugDICK’s shuts down email, locks employee accounts after cyberattackDICK'S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that sensitive information was exposed in a cyberattack detected last Wednesday. [...]BLEEPINGCOMPUTER.COM
28 AugGoogle Now Offering Up to $250,000 for Chrome VulnerabilitiesGoogle has significantly increased the rewards for Chrome browser vulnerabilities, offering up to $250,000 for remote code execution bugs. The post Google Now Offering Up to $250,000 for Chrome Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugTool used by ransomware groups now seen killing EDR: ReportDefenders are being warned that a tool used by several ransomware gangs to sabotage the functions of endpoint protection software has been updated, with at least one attacker using a new capability to wipe endpoint detection and response (EDR) software from a victim’s IT system. …CSOONLINE.COM
28 AugUS Law Enforcement Cracks Down on AI-Led Child Abuse ContentPolice, Prosecutors Say CSAM Generated by AI Is the Same as Traditional CSAM U.S. law enforcement is cracking down on users who use artificial intelligence to generate child sexual abuse material, stating there is no difference between material made by a computer and material fro…DATABREACHTODAY.CO.UK
28 AugUS offers $2.5 million reward for hacker linked to Angler Exploit KitThe U.S. Department of State and the Secret Service have announced a reward of $2,500,000 for information leading to Belarusian national Volodymyr Kadariya (Владимир Кадария) for cybercrime activities. [...]BLEEPINGCOMPUTER.COM
28 AugTelegram Founder Pavel Durov Charged by French CourtBillionaire Telegram Owner Faces Charges Freighted With A 10-Year Minimum Sentence French authorities charged Telegram CEO and owner Pavel Durov with a slew of offenses including complicity with hacking, child sexual abuse material and refusal to cooperate with law enforcement au…DATABREACHTODAY.CO.UK
28 AugMicrosoft Copilot Fixes ASCII Smuggling VulnerabilitySecurity Researcher Uncovered the Flaw, Which Allowed System Takeover Microsoft says it fixed a security flaw in artificial intelligence chatbot Copilot that enabled attackers to steal multifactor authentication code using a prompt injection attack. Security researcher Johann Reh…DATABREACHTODAY.CO.UK
28 AugUnpatchable 0-day in surveillance cam is being exploited to install Miraisubmitted by BrikoX to cybersecurity 2 points | 0 comments https://arstechnica.com/security/2024/08/unpatchable-0-day-in-surveillance-cam-is-being-exploited-to-install-mirai/ Vulnerability is easy to exploit and allows attackers to remotely execute commands.ARSTECHNICA.COM
28 AugSouth Korean hackers exploited WPS Office zero-day to deploy malwareThe South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. [...]BLEEPINGCOMPUTER.COM
28 AugHitachi Energy Vulnerabilities Plague SCADA Power Systemssubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.darkreading.com/ics-ot-security/hitachi-energy-vulnerabilities-plague-scada-power-systems The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.DARKREADING.COM
📢 SECURITY ADVISORIES 5[−]
28 AugRising Tides: Runa Sandvik on Creating Work that Makes a DifferenceRuna Sandvik is an inaugural member of CISA's Technical Advisory Council and the Aspen Institute's Global Cybersecurity Group, and a board member of the Signals Network. But she is so much more. The post Rising Tides: Runa Sandvik on Creating Work that Makes a Difference appeared…SECURITYWEEK.COM
28 AugFortra fixes critical FileCatalyst Workflow hardcoded password issueFortra is warning of a critical hardcoded password flaw in FileCatalyst Workflow that could allow attackers unauthorized access to an internal database to steal data and gain administrator privileges. [...]BLEEPINGCOMPUTER.COM
28 AugIranian Hackers Target US in Ransomware and Espionage AttacksNew Reports and Joint Advisory Warn of Growing Cybersecurity Threats Linked to Iran A joint advisory from the FBI and Cybersecurity and Infrastructure Security Agency, as well as reports published Wednesday by Microsoft and the Google-owned cybersecurity firm Mandiant, are all wa…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 10[−]
28 Aug950,000 Impacted by Young Consulting Data BreachThe personal information of over 950,000 people was compromised in a BlackSuit ransomware attack on Young Consulting. The post 950,000 Impacted by Young Consulting Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugEmail Compromise Remains Top Threat Incident Type for the Third Quarter in a RowNew analysis of Q2 threats shows a consistent pattern of behavior on the part of threat actors and threat groups, providing organizations with a clear path to protect themselves.KNOWBE4.COM
28 AugLargest Healthcare Data Breaches of 2023submitted by kid to cybersecurity 1 points | 0 comments https://www.cybersecurity-insiders.com/largest-healthcare-data-breaches-of-2023/CYBERSECURITY-INSIDERS.COM
28 Aug32 Million Sensitive Records Exposed From Service Management ProviderA significant data breach occurred at ServiceBridge, a technology company specializing in field service management. An unsecured database housing a substantial volume of sensitive business information was exposed to the public. The compromised database contained 31.5 million reco…GBHACKERS.COM
28 AugIranian hackers work with ransomware gangs to extort breached orgsAn Iran-based hacking group known as Pioneer Kitten is breaching defense, education, finance, and healthcare organizations across the United States and working with affiliates of several ransomware operations to extort the victims. [...]BLEEPINGCOMPUTER.COM
28 AugSeaTac Airport Cyber Attack: What You Need to Know Before Flying!🚨 SeaTac Airport was hit by a cyber attack, causing disruptions and delays! The Port of Seattle confirmed the attack, urging travelers to check in online, get boarding passes in advance, and allow extra time. Stay informed and prepared—get your flight info directly from the airli…YOUTUBE.COM
28 AugPoorTry Windows driver evolves into a full-featured EDR wiperThe malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial for the operation of security solutions and making restoration harder. [...]BLEEPINGCOMPUTER.COM
28 AugNothing to Smile About: Hacks on Dental Practices SwellOver 1.2 Million Patients' Sensitive Data Exposed So Far This Year Some dentists don't have much to smile about these days when it comes to cyberattacks. More than 1.2 million of their patients have had their sensitive data compromised in at least two dozen hacks and other breach…DATABREACHTODAY.CO.UK
28 AugThe art and science behind Microsoft threat hunting: Part 3In this blog post, read how Microsoft Incident Response leverages three types of threat intelligence to enhance incident response scenarios. The post The art and science behind Microsoft threat hunting: Part 3 appeared first on Microsoft Security Blog .MICROSOFT.COM
🕵️ THREAT INTELLIGENCE 21[−]
28 AugVega-Lite with Kibana to Parse and Display IP Activity over Time, (Tue, Aug 27th)I have been curious for a while looking at Kibana&#;x26;#;39;s Vega log parsing options to try to come up with displays and layout that aren&#;x26;#;39;t standard in Kibana. A lot of the potential layouts already exists in K…ISC.SANS.EDU
28 AugISC Stormcast For Wednesday, August 28th, 2024 https://isc.sans.edu/podcastdetail/9116, (Wed, Aug 28th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
28 AugPatchwork Actors Using Weaponized Encrypted Zip Files to Attack OrgsThe cyber espionage group Patchwork, also known by various aliases, has been active since 2009, primarily targeting Asian organizations in sectors such as government, military, and industry.  Based in South Asia, the group has been conducting cyber-espionage campaigns for ov…GBHACKERS.COM
28 AugUS Offering $2.5 Million Reward for Belarusian Malware DistributorThe US government is offering a $2.5 million reward for information leading to the arrest of malware distributor Volodymyr Kadariya. The post US Offering $2.5 Million Reward for Belarusian Malware Distributor appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugHow Lessons Learned From the 2016 Campaign Led US Officials to Be More Open About Iran HackThe lessons learned from the 2016 election hacking made US officials more open about the recent Iranian hack targeting presidential campaigns. The post How Lessons Learned From the 2016 Campaign Led US Officials to Be More Open About Iran Hack appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugMatthew Green on Telegram’s EncryptionMatthew Green wrote a really good blog post on what Telegram’s encryption is and is not.SCHNEIER.COM
28 AugCheck Point Acquires Cybersecurity Startup CyberintIsraeli cybersecurity firm Check Point Software Technologies has announced the acquisition of threat intelligence company Cyberint, marking its third startup acquisition in a year.CYBERSCOOP.COM
28 Aug‘ASCII Smuggling’ attack exposes sensitive Microsoft Copilot datasubmitted by kid to cybersecurity 1 points | 0 comments https://www.scmagazine.com/news/ascii-smuggling-attack-exposes-sensitive-microsoft-copilot-dataSCMAGAZINE.COM
28 AugPhishing Attacks Are Increasingly Targeting Social Media and Smartphone UsersThreat actors are increasingly tailoring their attacks to target social media apps and smartphone users, according to a new report from the Anti-Phishing Working Group (APWG).KNOWBE4.COM
28 AugMalware Delivered via Malicious Pidgin Plugin, Signal ForkThreat actors delivered malware via instant messaging applications, including a malicious Pidgin plugin and an unofficial Signal fork. The post Malware Delivered via Malicious Pidgin Plugin, Signal Fork appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugCheck Point to Acquire External Cyber Risk Management Firm CyberintCheck Point says the acquisition will enhance its own SOC capabilities and expand its managed threat intelligence offerings. The post Check Point to Acquire External Cyber Risk Management Firm Cyberint appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 1 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
28 AugResearch Unveils Eight Android And iOS That Leaks Users Sensitive DataThe eight Android and iOS apps fail to adequately protect user data, which transmits sensitive information, such as device details, geolocation, and credentials, over the HTTP protocol instead of HTTPS.  It exposes the data to potential attacks like data theft, eavesdropping…GBHACKERS.COM
28 AugLinkedIn Hires Former Twitter Security Chief Lea Kissner as New CISOLea Kissner replaces Geoff Belknap as Chief Information Security Officer (CISO) at Microsoft-owned LinkedIn. The post LinkedIn Hires Former Twitter Security Chief Lea Kissner as New CISO appeared first on SecurityWeek .SECURITYWEEK.COM
28 AugNew LummaC2 Malware Variant Uses PowerShell, Obfuscation to Steal Datasubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/lummac2-malware-variant-powershell-obfuscation-steal-data/HACKREAD.COM
28 AugPeach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operationsBetween April and July 2024, Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor, which we named Tickler. Tickler has been used in attacks against targets in the satellite, communications equipment, oil and gas, as w…MICROSOFT.COM
28 AugNew Tickler malware used to backdoor US govt, defense orgsThe APT33 Iranian hacking group has used new Tickler malware to backdoor the networks of organizations in the government, defense, satellite, oil and gas sectors in the United States and the United Arab Emirates. [...]BLEEPINGCOMPUTER.COM
28 AugTelegram Founder Set to Appear Before French CourtHearing Is Scheduled to Take Place Wednesday Telegram CEO and owner Pavel Durov is set to appear before a French court on Wednesday after being freed from police custody. Paris authorities arrested Durov on Saturday evening. French authorities also issued a warrant for the arrest…DATABREACHTODAY.CO.UK
28 AugNew Tickler malware used to backdoor US govt, defense orgsThe APT33 Iranian hacking group has used new Tickler malware to backdoor the networks of organizations in the government, defense, satellite, oil and gas sectors in the United States and the United Arab Emirates. [...]BLEEPINGCOMPUTER.COM
28 AugCisco Bolsters AI Security by Buying Robust IntelligenceAcquisition Underscores the Importance of AI Security in Modern IT Infrastructure Cisco announced its intent to acquire Robust Intelligence to fortify the security of AI applications. With this acquisition, Cisco aims to address AI-related risks, incorporating advanced protection…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 3[−]
28 AugNew Phishing Campaign Steals VPN Credentials Using Social Engineering MethodsThe GuidePoint Research and Intelligence Team (GRIT) discovered attacker domain names and IP addresses targeting over 130 US organizations through a campaign that begins by stealing credentials and passcodes using social engineering tactics.SECURITYBOULEVARD.COM
28 AugStealing cash using NFC relay – Week in Security with Tony AnscombeThe discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have becomeWELIVESECURITY.COM
🎙️ PODCASTS 1[−]
28 AugSave 25% on InfoSec World 2024! 🎉 Cybersecurity Event of the Year!🚨 Get ready for InfoSec World 2024 at Disney's Coronado Springs Resort! 🌟 Join top cybersecurity experts from September 23rd-25th for this premier event in Lake Buena Vista, Florida. Security Weekly listeners can save 25% on their pass using code ISW24-SW25 when registering at se…YOUTUBE.COM
📡 INFOSEC NEWS 12[−]
28 AugUniversity criticised for using Ebola outbreak lure in phishing testA phishing exercise conducted by the IT department of the University of California Santa Cruz (UCSC) has backfired, after causing unnecessary panic amongst students and staff. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
28 AugCoinSwitch sues WazirX to recover trapped fundsCoinSwitch, a prominent Indian cryptocurrency exchange, is suing rival platform WazirX to recover trapped funds. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
28 AugHow to protect and preserve your data in Telegram in 2024 | Kaspersky official blogUp-to-date tips on Telegram security following Pavel Durov's arrest.KASPERSKY.COM
28 AugMicrosoft's Sway Serves as Launchpad for 'Quishing' CampaignA new QR code phishing campaign is using Microsoft Sway to steal credentials. The attacks primarily target users in Asia and North America, particularly in the technology, manufacturing, and finance sectors.DARKREADING.COM
28 AugSeeking a Job in Cybersecurity? Protect Yourself From ScamsLearn How to Recognize Fraudulent Job Postings and Avoid Becoming a Scam Victim The demand for skilled cybersecurity professionals, coupled with the rise in remote work, has led to an increase in fraudulent job postings targeting tech-savvy individuals. Learn why this is so and h…DATABREACHTODAY.CO.UK
28 AugIt's down to the wire—but you don’t have to miss mWISEFor just a few days, the mWise cybersecurity conference is rolling back registration pricing to the Early Bird rate. Hurry, sale ends Wednesday, September 4. Learn more from mWISE Conference on how to get this discount. [...]BLEEPINGCOMPUTER.COM
28 AugEx-Twitter CISO Lea Kissner appointed as LinkedIn security chiefKissner previously served as Twitter's chief information security officer, and held senior security and privacy positions at Apple, Google, and Lacework. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
28 AugEmployee arrested for locking Windows admins out of 254 servers in extortion plotA former core infrastructure engineer at an industrial company headquartered in Somerset County, New Jersey, was arrested after locking Windows admins out of 254 servers in a failed extortion plot targeting his employer. [...]BLEEPINGCOMPUTER.COM
28 AugWhen Get-Out-The-Vote Efforts Look Like PhishingMultiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part …KREBSONSECURITY.COM