97Articles
9Categories
2024-09-03Date
🚨 CISA KEV 1[−]
3 Sep KEVCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2021-20123  Draytek VigorConnect Path Traversal Vulnerability CVE-2021-20124 Draytek VigorConnect Path Traversal Vulnerability CVE-20…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
3 SepNorth Korea-linked APT Citrine Sleet Exploit Chrome Zero-Day to Deliver FudModule RootkitA North Korean APT used a Google Chrome zero-day flaw, CVE-2024-7971, to deploy the FudModule rootkit. Microsoft researchers linked these attacks to Citrine Sleet (AppleJeus, Labyrinth Chollima, UNC4736, or Hidden Cobra) with medium confidence.SECURITYAFFAIRS.COM
3 SepHead Mare Hacktivist Group Exploit WinRAR Vulnerability To Encrypt Windows And LinuxHead Mare, a Russian-focused hacktivist group, gained notoriety in 2023 by targeting organizations in Russia and Belarus as they employ phishing tactics to distribute WinRAR archives exploiting the CVE-2023-38831 vulnerability, gaining initial access to victims’ systems. On…GBHACKERS.COM
3 SepNorth Korean Hackers Actively Exploiting Chromium RCE Zero-Day In The WildMicrosoft has identified a North Korean threat actor, Citrine Sleet, exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution on cryptocurrency targets. The threat actor deployed the FudModule rootkit, previously attributed to Diamond Sleet, s…GBHACKERS.COM
3 SepHacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and BelarusA hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. "Head Mare uses more up-to-date methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools.…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
3 SepNew Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted AccessEight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system's permissions-based model, which revolves around the Transparency, Consent, and…THEHACKERNEWS.COM
3 Sep149: Mini-Stories: Vol 3In this episode we hear EvilMog (https://x.com/Evil_Mog) tell us a story about when he had to troubleshoot networks in Afghanistan. We also get Joe (http://x.com/gonzosec) to tell us a penetration test story. Sponsors Support for this show comes from Varonis. Do you wonder what y…PLAY.PRX.ORG
3 SepHow to ensure cybersecurity strategies align with the company’s risk toleranceAligning an organization’s appetite for risk with cybersecurity strategies is a critical challenge CISOs face, one that requires balancing technical controls and business needs. Achieving that balance demands a capacity to adapt to changing risk environments. But as the CrowdStri…CSOONLINE.COM
3 SepOperation DevilTiger, APT Hackers 0-Day Exploitation Tactics ExposedThe APT-Q-12 group, also known as Pseudo Hunter, is a Northeast Asian threat actor linked to Darkhotel, which primarily targets East Asian countries, including China, North Korea, Japan, and South Korea.  They employ sophisticated techniques to infiltrate systems and steal s…GBHACKERS.COM
3 SepCritical Atlassian Vulnerability Exploited To Connect Servers In Mining NetworksHackers usually shift their attention towards Atlassian due to flaws in its software, especially in products like Confluence, which put organizations’ private data at risk. There are many exploits accessible over the Internet, and the ease of the attack vector is one reason…GBHACKERS.COM
3 SepBlackByte Hackers Exploiting VMware ESXi Auth Bypass VulnerabilityBlackByte, a Ransomware-as-a-Service (RaaS) group that surfaced about mid-2021 appears to have traces of Conti’s evolution. It uses productive sophistication such as bypassing security measures through the use of kernel-level exploited drivers, inducing self-replicating ran…GBHACKERS.COM
3 SepCloudSOC – An OpenSource Project for SOC & Security AnalystsSecurity Operations Centers (SOCs) and security analysts are under immense pressure to stay ahead of potential attacks. Enter CloudSOC, an open-source project designed to empower SOC teams and security analysts by providing a modern architecture that leverages open-source tools f…GBHACKERS.COM
3 SepChrome Vulnerability Let Attackers Execute Arbitrary Code RemotelyThe stable channel for desktops has been updated to version 128.0.6613.119/.120 for Windows and Mac, and 128.0.6613.119 for Linux. This update will be gradually rolled out over the coming days and weeks. For those using the Extended Stable channel, version 128.0.6613.120 is now a…GBHACKERS.COM
3 SepCloud providers must own up to their part in the current state of insecurityThe shared responsibility model has been foundational to cybersecurity from the start. But modern developments and complications, especially in the cloud, are beginning to erode our ability to truly share responsibility for secure results. The premise of shared responsibility is …CSOONLINE.COM
3 SepResearchers Find SQL Injection Flaw to Bypass Airport TSA Security ChecksSecurity researchers discovered a SQL injection vulnerability in FlyCASS, a third-party web service used by airlines to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS).BLEEPINGCOMPUTER.COM
3 SepCity of Columbus Sues Researcher Who Disclosed Impact of Ransomware AttackThe City of Columbus sued a researcher who disclosed the impact of the data breach caused by a recent ransomware attack. The post City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
3 SepRCE Vulnerability in D-Link WAP Let Attackers Gain Remote AccessThe D-Link DAP-2310 Wireless Access Point (WAP) has been identified as vulnerable to remote code execution (RCE). Dark Wolf Solutions discovered this vulnerability, which seriously threatens users by allowing attackers to gain unauthorized remote access. This guide delves into th…GBHACKERS.COM
3 SepCost of a data breach: Cost savings with law enforcement involvementFor those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” …SECURITYINTELLIGENCE.COM
3 SepCISA Releases One Industrial Control Systems AdvisoryCISA released one Industrial Control Systems (ICS) advisory on September 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-247-01 LOYTEC Electronics LINX Series CISA encourages users and admi…CISA.GOV
3 SepNew Rust-Based Ransomware Cicada3301 Targets Windows and Linux SystemsCybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation. "It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses (SMBs),…THEHACKERNEWS.COM
3 SepD-Link says it is not fixing four RCE flaws in DIR-846W routersD-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. [...]BLEEPINGCOMPUTER.COM
3 SepVMware Patches High-Severity Code Execution Flaw in FusionVMware rolls out patch for a high-severity code execution vulnerability in the Fusion hypervisor. The post VMware Patches High-Severity Code Execution Flaw in Fusion appeared first on SecurityWeek .SECURITYWEEK.COM
3 Sep3 Men Plead Guilty to Running Service That Bypasses MFAAutomated Service Helped Subscribers Trick Victims Into Sharing One-Time Codes Three men have pleaded guilty to running OTPAgency, a subscription service for fraudsters designed to automatically phone targets and trick them into sharing the one-time codes criminals need to log in…DATABREACHTODAY.CO.UK
3 SepD-Link says it is not fixing four RCE flaws in DIR-846W routerssubmitted by IllNess to securitynews 2 points | 0 comments https://www.bleepingcomputer.com/news/security/d-link-says-it-is-not-fixing-four-rce-flaws-in-dir-846w-routers/ Though D-Link acknowledged the security problems and their severity, it noted that they fall under its standa…INFOSEC.PUB
3 SepZyxel warns of critical OS command injection flaw in routersZyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection. [...]BLEEPINGCOMPUTER.COM
3 SepQuantifying Risks to Make the Right Cybersecurity InvestmentsCRQ Can Help Organizations Optimize Investment, Improve Resilience, Manage Threats When executives fully understand the potential impact and cost of cyberthreats, they can better assign the necessary resources to combat them. Learn about how Verizon's CRQ can help to improve an o…DATABREACHTODAY.CO.UK
3 SepNew HackerOne CEO Kara Sprague to Expand Beyond Bug BountiesSprague Replaces Veteran CEO, Plans to Double Down on PTaaS and AI Red Teaming HackerOne has tapped F5's longtime product leader as it next chief executive to continue expanding its portfolio beyond operating vulnerability disclosure programs. The firm tasked Kara Sprague with bu…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 11[−]
3 SepRansomhub Attacked 210 Victims Since Feb 2024, CISA Released Advisory For DefendersThe FBI, CISA, MS-ISAC, and HHS have released a joint advisory detailing known RansomHub ransomware indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). RansomHub, a ransomware-as-a-service variant, has been active since February 2024, targeting various…GBHACKERS.COM
3 SepYour KnowBe4 Compliance Plus Fresh Content Updates from August 2024Check out the August updates in Compliance Plus so you can stay on top of featured compliance training content.KNOWBE4.COM
🔥 INCIDENT REPORTING 15[−]
3 SepMajor Data Breaches: Toronto Schools, TDECU, and Columbus Hacked: Cyber Security Today for Tuesday, September 3rd, 2024In this episode of Cyber Security Today, host Jim Love delves into recent data breaches affecting the Toronto District School Board, Texas Dow Employees Credit Union, and the city of Columbus. Discover details on the ransomware attacks, the compromised data, and the implications …CYBERSECURITYTODAY.LIBSYN.COM
3 SepBlooms Today - 3,184,010 breached accountsIn April 2024, 15M records from the online florist Blooms Today were listed for sale on a popular hacking forum . The most recent data in the breach corpus was from November 2023 and appeared alongside 3.2M unique email addresses, names, phone numbers physical addresses and parti…HAVEIBEENPWNED.COM
3 SepNovel Attack on Windows Spotted in Chinese Phishing CampaignThe malicious DLL implant for the Cobalt Strike attack toolkit gets injected into the Windows binary "runonce.exe," giving total control to the attackers. The campaign further deploys various malicious tools for reconnaissance and data exfiltration.THEREGISTER.COM
3 SepRocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android UsersMobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing scre…THEHACKERNEWS.COM
3 SepVerkada Pay $2.95 Million Failed To Secure Data Lead To Massive BreachThe FTC has ordered Verkada to implement a comprehensive information security program to address its lax security practices that allowed a hacker to compromise customer security cameras.  Verkada will pay a $2.95 million fine for violating the CAN-SPAM Act by sending unsolic…GBHACKERS.COM
3 SepResearchers Link ManticoraLoader Malware to Ares Malware DeveloperResearchers have traced the new ManticoraLoader malware-as-a-service (MaaS) to the cybercriminal group 'DarkBLUP,' previously associated with distributing AresLoader and AiDLocker ransomware from the DeadXInject group.THECYBEREXPRESS.COM
3 SepHalliburton confirms data stolen in recent cyberattackOil and gas giant Halliburton has confirmed in a filing today to the Securities and Exchange Commission (SEC) that data was stolen in the recent attack linked to the RansomHub ransomware gang. [...]BLEEPINGCOMPUTER.COM
3 SepHalliburton confirms data was stolen in ongoing cyberattackThe oil and fracking giant says it is "working to identify effects" of the ongoing cyberattack on its oil and fracking operations. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
3 SepTransport For London Confirms CyberattackPACKETSTORMSECURITY.COM
3 SepTodd’s Moving On after 185+ Episodes - Future CISO Vision - Todd Fitzgerald - CSP #190Todd Fitzgerald will be moving on from the CISO STORIES podcast after 185+ episodes, which was initiated almost 4 years ago following the publication of the #1 Best-Selling CISO COMPASS book, which has guided 1000’s of emerging, current, experienced, and new CISOs and their teams…YOUTUBE.COM
3 SepNew Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systemssubmitted by IllNess to securitynews 1 points | 0 comments https://thehackernews.com/2024/09/new-rust-based-ransomware-cicada3301.html Written in Rust and capable of targeting both Windows and Linux/ESXi hosts, Cicada3301 first emerged in June 2024, inviting potential affiliates …INFOSEC.PUB
3 SepHalliburton Confirms Data Stolen in CyberattackThe US oil giant updated an SEC filing to confirm malicious hackers “accessed and exfiltrated information” from its corporate systems. The post Halliburton Confirms Data Stolen in Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
3 SepRadiology IT Vendor Hack Hits 4 Practices, 411,000 PeopleTennessee-Based Specialty Networks Incident Is Latest Attack on Business Associates A vendor that provides information systems and transcription services to radiology practices is alerting 411,037 people of a hack discovered last December involving the theft of sensitive data. Th…DATABREACHTODAY.CO.UK
3 SepHalliburton Says Hackers Stole DataFirm Says It Is Still 'Evaluating the Nature and Scope of the Information' Oil service giant Halliburton told U.S. federal regulators Tuesday that hackers stole data after the firm acknowledged "unauthorized activity" on its networks in late August. The incident "caused disruptio…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 29[−]
3 SepISC Stormcast For Tuesday, September 3rd, 2024 https://isc.sans.edu/podcastdetail/9122, (Tue, Sep 3rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
3 SepChrome 128 Updates Patch High-Severity VulnerabilitiesGoogle has released two Chrome 128 updates to address six high-severity vulnerabilities reported by external researchers. The post Chrome 128 Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
3 SepOperation Oxidovy, Threat Actors Targeting Government And Military OfficialsThe recent campaign targeting the Czech Republic involves a malicious ZIP file that contains a decoy LNK file and a batch script. The LNK runs the batch script, which spawns a decoy PDF document and renames a masqueraded PDF file to a portable executable, which is copied to the s…GBHACKERS.COM
3 SepIranian Hackers Using Multi-Stage Malware To Attack Govt And Defense Sectors Via LinkedInMicrosoft has identified a new Iranian state-sponsored threat actor, Peach Sandstorm, deploying a custom multi-stage backdoor named Tickler.  This backdoor has been used to target various sectors, including satellite, communications equipment, oil and gas, and government, in…GBHACKERS.COM
3 SepResearchers Detailed Russian Hacktivist/State Hackers TacticsThe People’s Cyber Army of Russia is a Russian hacktivist group known for its strategic use of DDoS attacks and other disruptive tactics. Operating as part of the broader Russian cyber warfare landscape, the group has been involved in several attacks on Ukraine, reflecting …GBHACKERS.COM
3 SepBeware Of New Phishing Attack That Mimics ScreenConnect And ZoomZoom is a widely used videotelephony software used for virtual meetings, and its wide audience base attracts the hackers most. Cyble Research & Intelligence Labs (CRIL) has uncovered a sophisticated phishing operation targeting Zoom users.  The scheme utilizes a fraudule…GBHACKERS.COM
3 SepNew Custom Malware “Tickler” Attack Satellite DevicesMicrosoft identified a new custom multi-stage backdoor, “Tickler,” deployed by the Iranian state-sponsored threat actor Peach Sandstorm between April and July 2024.  Targeting sectors like satellite, communications equipment, oil and gas, and government, Tickler …GBHACKERS.COM
3 SepNew ManticoraLoader – Malware Attacking Citrix Users To Steal DataCyble Research & Intelligence Labs has recently found information about a new type of malware-as-a-service (MaaS) called ‘ManticoraLoader’ in some underground forums. Since August 8, 2024, on forums and Telegram, this MaaS service has been offered by the threat gr…GBHACKERS.COM
3 SepIntel Responds to SGX Hacking ResearchIntel has shared some clarifications on claims made by a researcher regarding the hacking of its SGX security technology. The post Intel Responds to SGX Hacking Research appeared first on SecurityWeek .SECURITYWEEK.COM
3 SepHacker Leaks Data of 390 Million Users from VK, a Russian Social Networksubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/hacker-leaks-data-of-vk-users-russian-social-network/HACKREAD.COM
3 SepVerkada to Pay $2.95 Million Over FTC Probe Into Security Camera HackingThe FTC complaint alleges that Verkada’s failures allowed a hacker to access customers’ security cameras. The post Verkada to Pay $2.95 Million Over FTC Probe Into Security Camera Hacking appeared first on SecurityWeek .SECURITYWEEK.COM
3 SepNASA Focuses on Cybersecurity of Its Mission-Critical Softwaresubmitted by BrikoX to cybersecurity 2 points | 0 comments https://www.darkreading.com/ics-ot-security/nasa-focuses-on-cybersecurity-of-its-mission-critical-software The software verification and validation efforts helps NASA improve the safety and cost-effectiveness of its missi…DARKREADING.COM
3 SepNew Fury Stealer Attacking Victims to Steal Login PasswordsA new malicious software named “Fury Stealer” has been detected, posing a significant threat to online security. The malware, created by an unidentified threat actor, is designed to steal sensitive information, including login passwords, from unsuspecting victims. Cyb…GBHACKERS.COM
3 SepCISO Conversations: Jaya Baloo From Rapid7 and Jonathan Trull From QualysCSOs Jaya Baloo and Jonathan Trull discuss the route, role, and requirements in becoming and being a successful CISO. The post CISO Conversations: Jaya Baloo From Rapid7 and Jonathan Trull From Qualys appeared first on SecurityWeek .SECURITYWEEK.COM
3 SepClearview AI Fined $33.7 Million by Dutch Data Protection Watchdog Over ‘Illegal Database’ of FacesDutch agency said a database with billions of photos of faces amounted to serious violations of GDPR. The post Clearview AI Fined $33.7 Million by Dutch Data Protection Watchdog Over ‘Illegal Database’ of Faces appeared first on SecurityWeek .SECURITYWEEK.COM
3 SepSextortion Scams Now Include Photos of Your HomeAn old but persistent email scam known as "sextortion" has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target's home in a bid to make threats about publishing the vide…KREBSONSECURITY.COM
3 SepList of Old NSA Training VideosThe NSA’s “ National Cryptographic School Television Catalogue ” from 1991 lists about 600 COMSEC and SIGINT training videos. There are a bunch explaining the operations of various cryptographic equipment, and a few code words I have never heard of before.SCHNEIER.COM
3 SepEncryption - SWN VaultCheck out this episode from the SWN Vault, hand picked by main host Doug White! This SDL episode was initially published on November 8, 2017. What is encryption anyway? Doug and Russel explain symmetric encryption, asymmetric encryption, and how crypto gets broken! Visit https://…YOUTUBE.COM
3 SepEvolving NPM Package Campaign Targets Roblox Devs, For Yearssubmitted by BrikoX to cybersecurity 2 points | 0 comments https://www.darkreading.com/threat-intelligence/evolving-npm-package-campaign-roblox-devs Attackers have added aggressive social engineering to their arsenal, along with a novel Windows-manipulating persistence mechanism …DARKREADING.COM
3 SepVerkada Agrees to $2.95M Civil Penalty With US FTCCloud-Based Security Camera Firm Pledges Better Security in US FTC Settlement A California security camera company agreed to pay a $2.95 million civil penalty and implement a security program after hackers in 2021 accessed video from 150,000 internet-connected security cameras, i…DATABREACHTODAY.CO.UK
3 SepCyber A.I. Group Announces Global PresentationLive Webcast from Monaco will Explore the Extraordinary Opportunities in an Era of Explosive Innovation and Growth Cyber A.I. Group, Inc., a rapidly growing cybersecurity, artificial intelligence, and IT services firm, specializing in acquiring a diverse range of related service …GBHACKERS.COM
3 SepFBI warns crypto firms of aggressive social engineering attacksThe FBI warns of North Korean hackers aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks, aiming to deploy malware that steals their crypto assets. [...]BLEEPINGCOMPUTER.COM
3 SepNew Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Accesssubmitted by IllNess to securitynews 2 points | 1 comments https://thehackernews.com/2024/09/new-flaws-in-microsoft-macos-apps-could.htmlINFOSEC.PUB
3 SepFBI: North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attackssubmitted by kid to cybersecurity 3 points | 0 comments https://www.ic3.gov/Media/Y2024/PSA240903IC3.GOV
3 SepOrganizations in the Middle East Targeted By Malware Impersonating Palo Alto GlobalProtect VPNA social engineering campaign is targeting entities in the Middle East using malware that impersonates Palo Alto Networks’ GlobalProtect VPN, according to researchers at Trend Micro.KNOWBE4.COM
3 SepMajor Scam Operation Uses Deepfake VideosResearchers at Palo Alto Networks’ Unit 42 are tracking dozens of scam campaigns that are using deepfake videos to impersonate CEOs, news anchors, and high-profile government officials.KNOWBE4.COM
3 SepYubiKeys are vulnerable to cloning attacks thanks to newly discovered side channelsubmitted by kid to cybersecurity 1 points | 0 comments https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channelARSTECHNICA.COM
3 SepUS NTIA Probes Data Center Security RisksAgency Publishes Notice Soliciting Comments on Potential Federal Response An artificial intelligence-fueled growth in data center construction has the federal government asking what it should do to help manage data security risks. The NTIA is interested in identifying opportuniti…DATABREACHTODAY.CO.UK
3 SepONCD Unveils BGP Security Road Map Amid Rising ThreatsDirector Hails New Guidance as 'First Step' in Resolving BGP Security Risks Harry Coker, director of the Office of the National Cyber Director, described new guidance published Tuesday that aims to bolster internet routing security as a critical "first step" in addressing long-st…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 1[−]
3 SepRoblox Developers Under Attack by New Malicious NPM CampaignRoblox developers are being targeted by a new malicious npm campaign. Cybercriminals have created fake Roblox npm packages with the aim of deploying a remote access trojan called Quasar.TECHRADAR.COM
🎙️ PODCASTS 2[−]
3 SepTransatlantic Cable podcast episode 361 | Kaspersky official blogEpisode 361 looks at the right to disconnect, Black Myth: Wukong and much more!KASPERSKY.COM
3 SepThe AI Fix #14: There are two Rs in “strawberry”, and an AI makes unsmellable smellsIn episode 14 of "The AI Fix", Graham makes an apology, Mark wonders if suicide drones have second thoughts, people pretend to be robots, and some researchers prove that all you need for an AI to generate a somewhat usable version of the computer game Doom out of thin air is to a…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 11[−]
3 SepEx-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion AttemptA 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his former employer. Daniel Rhyne of Kansas City, Missouri, has been charged with one count of extortion in relation to a threat to cause damage t…THEHACKERNEWS.COM
3 SepSecrets Exposed: Why Your CISO Should Worry About SlackIn the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: I…THEHACKERNEWS.COM
3 SepCanonical Addresses Critical Linux Kernel AWS Vulnerabilities with New PatchesSecurity researchers have identified six vulnerabilities, including a race condition in the Bluetooth RFCOMM protocol driver that can crash the system, a race condition in the Bluetooth subsystem, and a double-free error in the net/mlx5e module.THECYBEREXPRESS.COM
3 SepIntel Responds To SGX Hacking ResearchPACKETSTORMSECURITY.COM
3 SepHow to export notes from Notion and make an offline backup of your data | Kaspersky official blogA step-by-step guide to backing up Notion notes, and migrating them to free rival apps Obsidian or AFFiNE.KASPERSKY.COM
3 SepClearview AI fined €30.5 million for unlawful data collectionThe Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) on Clearview AI for unlawful data collection using facial recognition, including photos of Dutch citizens. [...]BLEEPINGCOMPUTER.COM
3 SepNew Windows PowerToy launches, repositions apps to saved layouts​Microsoft has released a new Workspaces PowerToy that helps launch sets of applications using custom desktop layouts and configurations with a mouse click. [...]BLEEPINGCOMPUTER.COM
3 SepFTC: Over $110 million lost to Bitcoin ATM scams in 2023​The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023. [...]BLEEPINGCOMPUTER.COM
3 SepHow AI Goes RogueThis is the second blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights.TRENDMICRO.COM
3 SepIn plain sight: Malicious ads hiding in search resultsSometimes there’s more than just an enticing product offer hiding behind an adWELIVESECURITY.COM