🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
31 AugNorth Korean hackers exploit Chrome zero-day to deploy rootkitsubmitted by IllNess to securitynews 1 points | 0 comments https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-chrome-zero-day-to-deploy-rootkit/ North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the Fu…INFOSEC.PUB
⚠️ VULNERABILITY DISCLOSURE 7[−]
31 AugWomen in Cyber Day finds those it celebrates ‘leaving in droves’The information security industry has been trying for years to improve the participation of and respect for women in the cyber community, with some rising to CSO positions. But with International Women in Cyber Day being celebrated Sunday, Sept. 1, one US-based CISO thinks things…CSOONLINE.COM
31 AugCommercial Spyware Vendors Have a Copycat in Top Russian APTsubmitted by IllNess to securitynews 1 points | 0 comments https://www.darkreading.com/threat-intelligence/commercial-spyware-vendors-have-a-copycat-in-top-russian-apt In the watering-hole attacks, threat actors infected two websites, cabinet.gov[.]mn and mfa.gov[.]mn, which belo…INFOSEC.PUB
31 AugOperation DevilTiger: APT-Q-12’s Shadowy Tactics and Zero-Day Exploits UnveiledThe QiAnXin Threat Intelligence Center has revealed the details of "Operation DevilTiger," a cyber espionage campaign carried out by the elusive APT-Q-12 group, also known as "Pseudo Hunter."SECURITYONLINE.INFO
31 AugMastering AI & Cybersecurity: Navigating the Future - A Special Panel DiscussionWelcome to a special weekend edition of Cyber Security Today! In this long weekend episode, we delve into the world of artificial intelligence (AI) and its impact on various sectors, particularly as organizations ramp up their plans for the upcoming year. Join our host Jim Love a…CYBERSECURITYTODAY.LIBSYN.COM
31 AugWill Machine Learning Replace The WAF? - John Graham-Cumming - OWASP 2024submitted by ashar to security_cpe 2 points | 0 comments https://lisbon.globalappsec.org/assets/images/logo.png Will Machine Learning Replace The WAF? - John Graham-Cumming Based on 20 years of experience using machine learning and keyword/pattern based systems this talk will loo…INFOSEC.PUB
31 AugResearchers find SQL injection to bypass airport TSA security checkssubmitted by IllNess to securitynews 3 points | 2 comments https://www.bleepingcomputer.com/news/security/researchers-find-sql-injection-to-bypass-airport-tsa-security-checks/ Researchers Ian Carroll and Sam Curry discovered the vulnerability in FlyCASS, a third-party web-based s…INFOSEC.PUB
31 AugNorth Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day ExploitA recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary…THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 2[−]
31 AugGodzilla Fileless Backdoors Targeting Atlassian ConfluenceThe Godzilla fileless backdoor relies on a complex series of actions, such as cryptographic operations, class loading, and dynamic injection, to establish unauthorized access.TRENDMICRO.COM
31 AugFBI: RansomHub Ransomware Breached 210 Victims Since February 2024The ransomware operation focuses on data theft extortion rather than encrypting files, with victims facing the threat of stolen data being leaked or sold if negotiations fail.BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 4[−]
31 AugSuspected Espionage Campaign Delivers New Voldemort MalwareThe campaign, which targeted organizations worldwide, involved impersonating tax authorities from various countries and utilizing Google Sheets for command and control (C2).PROOFPOINT.COM
31 AugWireshark 4.4.0 is now available, (Sat, Aug 31st)This is the first 4.4 release. Many new features have been added, details are here .
ISC.SANS.EDU
31 Aug'Voldemort' Malware Curses Orgs Using Global Tax Authoritiessubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities The global malware campaign (that must not be named?) is targeting organizations by impersonating tax authorities, and u…DARKREADING.COM
31 AugGlobal AppSec 2024 Lisbonsubmitted by ashar to security_cpe 1 points | 0 comments https://lisbon.globalappsec.org/assets/images/logo.png Global AppSec 2024 Lisbon Playlist Global AppSec 2024 Lisbon ScheduleINFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 2[−]
31 AugRocinante: The Trojan Horse That Wanted to FlyOnce installed, the Rocinante malware prompts the victim to grant Accessibility Services and displays phishing screens tailored to different banks to steal personal information.THREATFABRIC.COM
31 AugGitHub comments abused to push password stealing malware masked as fixesGitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 2[−]
31 AugNew Snake Keylogger Variant Slithers Into Phishing CampaignsThe attack starts with a phishing email disguised as a fund transfer notification, with an attached Excel file named “swift copy.xls” that triggers the deployment of Snake Keylogger on the victim's computer upon opening.SECURITYONLINE.INFO
31 AugDocker-OSX image used for security research hit by Apple DMCA takedownThe popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright. [...]BLEEPINGCOMPUTER.COM