94Articles
10Categories
2024-09-05Date
🚨 CISA KEV 1[−]
5 Sep KEVDrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global CampaignTwo DrayTek vulnerabilities added by CISA to its KEV catalog have been exploited by multiple threat groups to steal data from organizations worldwide. The post DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign appeared first on SecurityWeek .SECURITYWEEK.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
5 SepCisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote AttacksCisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information. A brief description of the two vulnerabilities is below - CVE-…THEHACKERNEWS.COM
5 Sep KEVCISA Warns of Three Actively Exploited Vulnerabilities That Demand Immediate AttentionTwo vulnerabilities, CVE-2021-20123 and CVE-2021-20124, pose serious risks for Draytek VigorConnect routers, potentially leading to unauthorized access to sensitive files. Another vulnerability, CVE-2024-7262, affects Kingsoft WPS Office.SECURITYONLINE.INFO
5 Sep KEVGoogle Fixed Actively Exploited Android Privilege Escalation Flaw (CVE-2024-32896)Google has patched a high-severity vulnerability, known as CVE-2024-32896, in its Android OS actively exploited in the wild. The issue involves a privilege escalation in the Android Framework component.SECURITYAFFAIRS.COM
5 SepCisco Warns of Backdoor Admin Account in Smart Licensing UtilityCisco has issued a warning about a backdoor admin account discovered in the Cisco Smart Licensing Utility (CSLU), allowing unauthorized access to unpatched systems. This critical flaw (CVE-2024-20439) enables remote access with admin privileges.BLEEPINGCOMPUTER.COM
5 SepVeeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical IssuesVeeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability i…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
5 SepHackers are cloning YubiKeys via new side-channel exploitMany enterprises rely on the YubiKey as a major part of their identity authentication strategy. It is one of the most popular and best-rated FIDO (fast identity online) hardware tokens for multi-factor authentication (MFA). However, in a newly-identified attack dubbed “EUCLEAK,” …CSOONLINE.COM
5 Sep"Active Listening" software reportedly used to listen in on smart phone conversations. Cyber Security Today for Thursday, September 5, 2024Is Your Phone Spying on You? D Link Vulnerabilities & Government Data Requests In this episode of Cyber Security Today, host Jim Love discusses critical remote code execution vulnerabilities in D Link routers, impacting their discontinued DIR 846 series. These flaws, including CV…CYBERSECURITYTODAY.LIBSYN.COM
5 SepNo evidence that TP-Link routers are a Chinese security threatA US House committee on China’s request for a probe into an alleged security threat posed by routers made by Chinese Wi-Fi giant TP-Link Technologies is based on scant evidence and misleadingly singles out just one company among a host of Chinese manufacturers, experts say. On Au…CSOONLINE.COM
5 SepCisco Smart Licensing Utility Vulnerability Let Attackers Gain Admin ControlCisco has issued a security advisory (Advisory ID: cisco-sa-cslu-7gHMzWmw) regarding critical vulnerabilities in the Cisco Smart Licensing Utility. These vulnerabilities could allow unauthenticated, remote attackers to gain administrative control over affected systems. The adviso…GBHACKERS.COM
5 SepVeeam Backup & Replication Vulnerabilities Let Attackers Execute Remote CodeMultiple critical vulnerabilities have been identified in Veeam Backup & Replication, a widely-used data protection and disaster recovery solution. These vulnerabilities, discovered during internal testing, pose serious risks, including remote code execution (RCE), privilege …GBHACKERS.COM
5 SepRomCom Group’s Underground Ransomware Exploits Microsoft Zero-Day FlawA new ransomware variant named Underground, linked to the Russia-based RomCom group, encrypts files on victims’ Windows machines and demands a ransom for decryption. It has been active since July 2023.SECURITYONLINE.INFO
5 SepNew report shows ongoing gender pay gap in cybersecurityThe gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary. The recent  ISC2 Cyb…SECURITYINTELLIGENCE.COM
5 SepCISO budget survey: Modest increases in 2024Security budgets are either flat or increasing modestly compared to 2023, due to global economic and geopolitical uncertainty, according to a new survey of CISOs. One result is slower staff hiring. Those are the main conclusions of the annual security budget report released on Th…CSOONLINE.COM
5 SepVeeam warns of critical RCE flaw in Backup & Replication softwareVeeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. [...]BLEEPINGCOMPUTER.COM
5 SepPhishing is Still the Top Initial Access VectorPhishing remains a top initial access vector for threat actors, according to researchers at ReliaQuest. Phishing and other social engineering tactics can bypass security technologies by targeting humans directly.KNOWBE4.COM
5 SepCISA Releases Four Industrial Control Systems AdvisoriesCISA released four Industrial Control Systems (ICS) advisory on September 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-249-01 Hughes Network Systems WL3000 Fusion Software ICSMA-24-249-0…CISA.GOV
5 Sep KEVCisco Fixes Root Escalation Vulnerability With Public Exploit CodeLocal attackers can exploit this weakness through malicious CLI commands without user interaction, but only if they have Administrator privileges. So far, there is no evidence of this vulnerability being exploited in the wild.BLEEPINGCOMPUTER.COM
5 SepGitHub Actions typosquatting: A high-impact supply chain attack-in-waitingAttackers have long tried to capitalize on typos by registering names in various systems — DNS, package repositories — close to those of popular resources. This technique, known as typosquatting , also works for GitHub Actions, which can lead to developers executing malicious wor…CSOONLINE.COM
5 SepRussian military hackers linked to critical infrastructure attacksThe United States and its allies have linked a group of Russian military intelligence hackers (tracked as Cadet Blizzard and Ember Bear) to Unit 29155 of Russia's Main Directorate of the General Staff of the Armed Forces. [...]BLEEPINGCOMPUTER.COM
5 SepLiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacksYet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites. [...]BLEEPINGCOMPUTER.COM
5 SepHow to Make the World Quantum Safe - Vadim Lyubashevsky - ESW VaultCheck out this episode from the ESW Vault, hand picked by main host Adrian Sanabria! This episode was initially published on April 21 2023. Quantum computers are scaling rapidly. Soon, they will be powerful enough to solve previously unsolvable problems. But they come with a glob…YOUTUBE.COM
5 SepBreach Roundup: YubiKey 5 Is Vulnerable to CloningAlso: US Fingers Russian GRU Hackers; Ohio City Sues Researcher This week, YubiKey 5 has a flaw, an Ohio city sued a researcher, the Irish regulator ended its GrokAI case, open-source AI tools exposed data, Starlink blocked X in Brazil, FCC banned Kaspersky, Intel addressed a res…DATABREACHTODAY.CO.UK
5 SepMultiple Vulnerabilities in Veeam Products Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in Veeam Products, the most severe of which could allow for remote code execution. Veeam Backup & Replication is a proprietary backup app. Veeam ONE is a solution for managing virtual and data protection environments. Veeam Service Pr…CISECURITY.ORG
5 SepBoost security and control at every stage of the cloud application lifecycleIt’s no secret that cloud security is a complex undertaking. Today’s threat actors have grown increasingly adept at launching sophisticated attacks at scale, increasing the pressure on security teams to sort through the barrage of incoming signals to quickly detect, digest, and r…CSOONLINE.COM
5 SepApache fixes critical OFBiz remote code execution vulnerabilityApache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. [...]BLEEPINGCOMPUTER.COM
5 SepKaspersky US Customers Migrate to Pango's UltraAV After BanKaspersky Hands Off 1 Million US Customers to UltraAV Amid Government Software Ban Kaspersky is transferring 1 million U.S. antivirus customers to Pango Group's UltraAV product following the Department of Commerce's ban on Kaspersky software sales or updates. The transition ensur…DATABREACHTODAY.CO.UK
5 SepUS charges 5 Russian spies for Ukraine, NATO cyberattacksFive officers of the Russian military intelligence service, the GRU, and an alleged civilian collaborator were charged Thursday in the US for destructive cyberattacks against Ukrainian computer infrastructure ahead of Russia’s invasion in February 2022. The five officers, members…CSOONLINE.COM
5 SepEnrichment Data: Keeping it Fresh, (Fri, Sep 6th)I like to enrich my honeypot data from a variety of sources to help understand a bit more about the context of the attack. This includes the types of networks the attacks are coming from or whether malware submitted to a honeypot is new. I use a variety of sources to enrich my co…ISC.SANS.EDU
📋 SECURITY BULLETINS 1[−]
5 SepTor Browser 13.5.3 Released, What’s New?The Tor Project has unveiled Tor Browser 13.5.3, a significant update that brings crucial security enhancements and usability improvements. This latest version is now available for download from the official Tor Browser website and distribution directory. Important security updat…GBHACKERS.COM
📢 SECURITY ADVISORIES 5[−]
5 SepNIST Cybersecurity Framework (CSF) and CTEM – Better TogetherIt’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage c…THEHACKERNEWS.COM
5 SepAbusix Launches Guardian: Cutting-Edge Security Platform for Email and Network ProvidersAbusix, a network security company that offers solutions for email security and network abuse report handling, today announced the launch of Guardian, a comprehensive suite of tools designed to enhance organizational security and compliance. As part of this launch, the company ha…GBHACKERS.COM
5 SepLitespeed Cache Flaw Exposes Millions of WordPress Sites to Takeover AttacksDiscovered by security researcher Rafie Muhammad, the flaw allows unauthorized users to take control of logged-in accounts, potentially gaining administrator privileges on WordPress sites.SECURITYONLINE.INFO
5 SepFBI, CISA, NSA, and US and International Partners Release Advisory on Russian Military Cyber Actors Targeting US and Global Critical InfrastructureToday, the Federal Bureau of Investigation (FBI)—in partnership with CISA, the National Security Agency (NSA), and other U.S. and international partners—released a joint Cybersecurity Advisory Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure . This adv…CISA.GOV
🔥 INCIDENT REPORTING 10[−]
5 SepPlanned Parenthood confirms cyberattack as RansomHub claims breachPlanned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage. [...]BLEEPINGCOMPUTER.COM
5 SepNew Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading FirmThe Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China. The previously unreported malware is written in Golang, and thus is a cross-platform weapon…THEHACKERNEWS.COM
5 SepThe SEC’s 2023 final rules on cybersecurity disclosuresAs part of its mission to protect investors and maintain efficient markets, the US Securities and Exchange Commission (SEC) released a new set of final rules[1] on July 26, 2023, which changed how publicly traded companies in the U.S. must disclose information about cybersecurity…SOPHOS.COM
5 SepMicrochip Technology Confirms Personal Information Stolen in Ransomware AttackMicrochip Technology says employee contact information and other types of data was stolen in an August ransomware attack. The post Microchip Technology Confirms Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepLazarus Hackers Attacking Job-Seekers to Deliver Javascript MalwareThe Lazarus Group is one of the most notorious hacker groups linked to the North Korean government. The group is known for its cyberattacks and has been active since 2010.  However, Group-IB cyber security researchers recently discovered that Lazarus was actively intens…GBHACKERS.COM
5 SepNotorious Mallox Ransomware Evolved From Private Ransomware to RaaSMallox is a sophisticated ransomware that is known for its destructive capabilities and multi-extortion tactics, which include encrypting victims’ data and threatening to publish it on public TOR-based websites. In 2023, it demonstrated significant expansion with more than …GBHACKERS.COM
5 SepCicada ransomware – what you need to knowCicada (also known as Cicada3301) is a sophisticated ransomware, written in Rust, that has claimed more than 20 victims since its discovery in June 2024. Read more in my article on the Tripwire State of Security blog.TRIPWIRE.COM
5 SepBanks Brace for DORA Cybersecurity Deadline on Jan. 17New EU Rules Focus on Operational Resilience, Breach Reporting and Third-Party Risk The Digital Operational Resilience Act aims to reshape the financial services industry by introducing strict cybersecurity standards. Financial institutions must comply with the new rules by Jan. …DATABREACHTODAY.CO.UK
5 SepRansomware Gang Claims Cyberattack on Planned ParenthoodPlanned Parenthood confirms "cybersecurity incident" as RansomHub ransomware gang threatens to leak 93 Gb of data stolen from the nonprofit last week. The post Ransomware Gang Claims Cyberattack on Planned Parenthood appeared first on SecurityWeek .SECURITYWEEK.COM
🕵️ THREAT INTELLIGENCE 31[−]
5 SepAttack Surface [Guest Diary], (Wed, Sep 4th)[This is a Guest Diary by Joshua Tyrrell, an ISC intern as part of the SANS.edu BACS program] ISC.SANS.EDU
5 SepISC Stormcast For Thursday, September 5th, 2024 https://isc.sans.edu/podcastdetail/9126, (Thu, Sep 5th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
5 SepMalware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCoreThreat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos. The program in question is a payload generation framework called MacroPack, which is used to generate Office documents, Visual Basic script…THEHACKERNEWS.COM
5 SepThreat Actors Using MacroPack to Deploy Brute Ratel, Havoc, and PhantomCore PayloadsMalicious actors potentially utilized the MacroPack red-teaming framework to distribute harmful payloads like Brute Ratel and Havoc tools, as well as a new version of the PhantomCore remote access trojan.TALOSINTELLIGENCE.COM
5 SepFBI Warns Crypto Firms of Aggressive Social Engineering AttacksThe FBI issued a warning about aggressive social engineering attacks by North Korean hacking groups targeting cryptocurrency firms. The attacks involve deploying malware to steal crypto assets through highly targeted tactics that are hard to detect.BLEEPINGCOMPUTER.COM
5 SepWhere's a good place to look for entry-level GRC jobs?submitted by hellofriend to cybersecurity 1 points | 0 comments I’m looking to start a career in GRC. Been searching a bunch of different things (e.g. cybersecurity internal audit, GRC analyst, cyber audit, risk analyst, etc.) but everything that’s coming up is mid-senior positio…SH.ITJUST.WORKS
5 SepUS Targets Russian Election Influence Operation With Charges, Sanctions, Domain SeizuresThe US has cracked down on an influence operation sponsored by the Russian government, announcing charges, sanctions and domain seizures. The post US Targets Russian Election Influence Operation With Charges, Sanctions, Domain Seizures appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepGrowth of Web3 Fuled New Opportunities for Threat Actors to Attack Finance SectorsWeb3 and DeFi have been appealing to many threat actors, and there has been a significant boost in heists that have become larger than any they have experienced in more traditional finance. Mandiant’s investigation into the 2016 Bangladesh Bank heist revealed that the North…GBHACKERS.COM
5 SepFake OnlyFans cybercrime tool infects hackers with malwareHackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware. [...]BLEEPINGCOMPUTER.COM
5 SepLong Analysis of the M-209Really interesting analysis of the American M-209 encryption device and its security.SCHNEIER.COM
5 SepTwo Nigerians Sentenced to Prison in US for BEC FraudFranklin Ifeanyichukwu Okwonna and Ebuka Raphael Umeti were sentenced to prison in the US for business email compromise (BEC) fraud. The post Two Nigerians Sentenced to Prison in US for BEC Fraud appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepHow Do You Know When AI is Powerful Enough to be Dangerous? Regulators Try to Do the MathAn AI model trained on 10 to the 26th floating-point operations per second must now be reported to the U.S. government and could soon trigger even stricter requirements in California. The post How Do You Know When AI is Powerful Enough to be Dangerous? Regulators Try to Do the Ma…SECURITYWEEK.COM
5 SepIran pays millions to stop data leak related to bankssubmitted by kid to cybersecurity 1 points | 0 comments https://www.cybersecurity-insiders.com/iran-pays-millions-to-stop-data-leak-related-to-banks/CYBERSECURITY-INSIDERS.COM
5 SepPalo Alto closes IBM QRadar SaaS buy, extends security partnershipPalo Alto Networks has closed the deal to acquire IBM’s QRadar software-as-a-service security intelligence platform. Now that the deal is complete, existing QRadar customers will be moved, for no charge, to Palo Alto’s Cortex Extended Security Intelligence and Automation (XSIAM) …NETWORKWORLD.COM
5 SepWhite House brands BGP routing a ‘national security concern’ as it unveils reform roadmapThe White House Office of the National Cyber Director (ONCD) has published its roadmap for fixing increasingly troublesome security weaknesses in the Internet’s core routing protocol, Border Gateway Protocol (BGP). BGP is infamously prone to configuration errors that can have con…NETWORKWORLD.COM
5 SepCisco Patches Critical Vulnerabilities in Smart Licensing UtilityCisco has released patches for multiple vulnerabilities, including two critical-severity flaws in Smart Licensing Utility. The post Cisco Patches Critical Vulnerabilities in Smart Licensing Utility appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepEarth Lusca Using Multiplatform Backdoor to Attack Windows & Linux MachinesEarth Lusca is a suspected China-based cyber espionage group active since at least April 2019. Besides this, hackers often target Windows and Linux machines primarily due to their widespread use and potential for financial gain. Trend Micro security experts recently uncovered a s…GBHACKERS.COM
5 SepThe AI Wild West: Unraveling the Security and Privacy Risks of GenAI AppsGenAI users are uploading data to over eight apps every month – what are the security and privacy concerns? The post The AI Wild West: Unraveling the Security and Privacy Risks of GenAI Apps appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepAcuvity Raises $9 Million Seed Funding for Gen-AI Governance and In-house DevelopmentActivity emerged from stealth with $9 million seed funding to provide solutions for enterprises to safely adopt GenAI. The post Acuvity Raises $9 Million Seed Funding for Gen-AI Governance and In-house Development appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepHacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwordsHackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware. [...]BLEEPINGCOMPUTER.COM
5 SepManufacturing Sector Is the Latest Target of Advanced Credential Harvesting AttacksA new attack runs slow and steady, focused on compromising large manufacturing companies using contextual social engineering to trick victims into giving up credentials.KNOWBE4.COM
5 SepZyxel warns of vulnerabilities in a wide range of its productssubmitted by BrikoX to cybersecurity 1 points | 0 comments https://arstechnica.com/security/2024/09/zyxel-warns-of-vulnerabilities-in-a-wide-range-of-its-products/ Most serious vulnerabilities carry severity ratings of 9.8 and 8.1 out of a possible 10.ARSTECHNICA.COM
5 SepCryptohack Roundup: Focus on Pig ButcheringAlso: Hacker Launders Stolen WazirX Funds; Galois, Uniswap Settlements This week, pig-butchering scams and bitcoin ATM scams increased, an update in the FTX case, stolen WazirX funds were laundered, settlements in the SEC-Galois and CFTC-Uniswap cases, Scotland seized crypto in a…DATABREACHTODAY.CO.UK
5 SepChinese-Speaking Hacker Group Targets Human Rights Studies in Middle EastUnnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. "Sighting this group's [Tactics, Techniques, and Procedures] in critical governmental entities in the …THEHACKERNEWS.COM
5 SepRussian GRU Unit Tied to Assassinations Linked to Global Cyber Sabotage and EspionageA secretive Russian military unit, previously linked to assassinations and destabilization in Europe, is blamed for destructive wiper malware attacks in Ukraine. The post Russian GRU Unit Tied to Assassinations Linked to Global Cyber Sabotage and Espionage appeared first on Secur…SECURITYWEEK.COM
5 SepRussian GRU Unit Tied to Assassinations Now Linked to Global Cyber Sabotage and EspionageA secretive Russian military unit, previously linked to assassinations and destabilization in Europe, is blamed for destructive wiper malware attacks in Ukraine. The post Russian GRU Unit Tied to Assassinations Now Linked to Global Cyber Sabotage and Espionage appeared first on S…SECURITYWEEK.COM
5 Sep KEVFormer OpenAI Scientist's Startup Raises $1B Seed FundingIlya Sutskever Aims to Build Safe, Super-Intelligent AI A three-month-old startup promising safe artificial intelligence raised $1 billion in an all-cash deal in a seed funding round. Co-founded by former OpenAI Chief Scientist Ilya Sutskever, Safe Superintelligence will reported…DATABREACHTODAY.CO.UK
5 SepUS Broadens Indictments Against Russian Intelligence HackersJustice Department Adds Russian Intelligence Officers to Ukraine Hacking Indictment The United States announced a superseding indictment Thursday that adds five Russian military intelligence officers as defendants while warning that Kremlin cyberthreat actors continue to target U…DATABREACHTODAY.CO.UK
5 SepRansomHub Claims Theft of Montana Planned Parenthood DataExperts Say Orgs That Handle Highly Sensitive Health Info Are Targets of Attacks Planned Parenthood of Montana, which provides patients with reproductive healthcare services including birth control and abortion, is responding to a hack and a threat by cybercriminal group RansomHu…DATABREACHTODAY.CO.UK
5 SepFEMA Has Begun Deploying Cyber Advisers to Disaster ZonesFEMA CIO: Cyber Advisers Provide Critical Security Guidance Amid Recovery Efforts Charles Armstrong, chief information officer of the Federal Emergency Management Agency, told the Billington Cybersecurity Summit his agency has begun deploying cyber advisors to disaster recovery z…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 3[−]
5 SepBanking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility CommandNotorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection.TRENDMICRO.COM
5 SepUS charges five Russian military hackers with targeting Ukraine’s government with destructive malwareThe U.S. government indictment demonstrated deep knowledge of the Russian spies' activities, including their real-world meetings at a cafe in Moscow. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
🎙️ PODCASTS 2[−]
5 SepTransatlantic Cable podcast episode 362 | Kaspersky official blogEpisode 362 looks at X’s recent ban, voice-over theft and Apple’s big App store conundrum.KASPERSKY.COM
5 SepESET Research Podcast: HotPageESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driverWELIVESECURITY.COM
📡 INFOSEC NEWS 13[−]
5 SepHow to Identify and Stop ScrapersFighting sophisticated scrapers requires advanced detection methods. Discover the techniques needed to identify and manage these hidden threats outlined in our investigation.F5.COM
5 SepRevival Hijack Attack Puts 22,000 PyPI Packages at Risk of HijackThis method could potentially lead to numerous malicious package downloads. The attack involves hijacking popular projects by registering new projects under the names of removed packages on PyPI.JFROG.COM
5 SepU.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation CrackdownThe U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. Accusing the Russian government-directed foreign malign influence campaign of violat…THEHACKERNEWS.COM
5 SepEUCLEAK Attack Allows Yubico Security Keys to be ClonedDespite this, the risk is limited as attackers would need physical access to the device, specific knowledge of targeted accounts, and specialized equipment for the attack.HELPNETSECURITY.COM
5 SepMusician charged with $10M streaming royalties fraud using AI and botsNorth Carolina musician Michael Smith was indicted for collecting over $10 million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music using AI-generated songs streamed by thousands of bots in a massive streaming fraud scheme. [...]BLEEPINGCOMPUTER.COM
5 SepIntricate Babylon RAT Campaign Targets Malaysian Politicians, GovernmentThis campaign, active since July, utilizes at least three malicious ISO files to compromise Malaysian entities, containing components like a malicious executable and a decoy PDF file, ultimately delivering the Babylon RAT as a final payload.CYBLE.COM
5 SepMicrosoft removes revenge porn from Bing search using new toolMicrosoft announced today that it has partnered with StopNCII to proactively remove harmful intimate images and videos from Bing using digital hashes people create from their sensitive media. [...]BLEEPINGCOMPUTER.COM
5 SepHow to Identify and Stop ScrapersFighting sophisticated scrapers requires advanced detection methods. Discover the techniques needed to identify and manage these hidden threats outlined in our investigation.F5.COM
5 SepHow to Identify and Stop ScrapersFighting sophisticated scrapers requires advanced detection methods. Discover the techniques needed to identify and manage these hidden threats outlined in our investigation.F5.COM