90Articles
8Categories
2024-09-06Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 14[−]
6 SepApache fixes critical OFBiz remote code execution vulnerabilitysubmitted by IllNess to securitynews 1 points | 0 comments https://www.bleepingcomputer.com/news/security/apache-fixes-critical-ofbiz-remote-code-execution-vulnerability/ Tracked as CVE-2024-45195 and discovered by Rapid7 security researchers, this remote code execution flaw is c…INFOSEC.PUB
6 SepApache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code ExecutionA new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (…THEHACKERNEWS.COM
6 SepCritical Security Flaw Found in LiteSpeed Cache Plugin for WordPressCybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions …THEHACKERNEWS.COM
6 SepApache OFBiz for Linux & Windows Vulnerability Allows Unauthenticated Remote Code ExecutionA series of vulnerabilities affecting Apache OFBiz has come to light, raising significant cybersecurity concerns. These vulnerabilities, identified as Common Vulnerabilities and Exposures (CVEs), enable unauthenticated remote code execution on both Linux and Windows platforms. Th…GBHACKERS.COM
6 Sep KEVSonicWall Access Control Vulnerability Exploited in the WildSonicWall has issued an urgent advisory regarding a critical vulnerability in its SonicOS management access and SSLVPN. The flaw, identified as CVE-2024-40766, is actively exploited in the wild. It potentially allows unauthorized access to resources and, under certain conditions,…GBHACKERS.COM
6 SepCritical Zero-Click Exploit Discovered in Popular Wi-Fi Chipsets, PoC PublishedCVE-2024-20017 is a critical zero-click exploit found in popular Wi-Fi chipsets like MediaTek MT7622/MT7915. The vulnerability allows remote code execution without user interaction, posing a severe risk with a CVSS score of 9.8.SECURITYONLINE.INFO
6 SepWebmin/Virtualmin Vulnerability Opens Door to Loop DoS AttacksA critical vulnerability (CVE-2024-2169) in Webmin/Virtualmin control panels allows for launching DoS attacks. This flaw reveals IP addresses through the UDP service on port 10000, enabling attackers to create a loop of traffic between servers.SECURITYONLINE.INFO
6 SepCritical Vulnerability Discovered in Progress LoadMasterProgress Software has alerted users to a critical vulnerability (CVE-2024-7591) in its LoadMaster ADC and load balancer solution. The flaw, with a CVSS score of 10, allows remote attackers to execute system commands without authentication.SECURITYONLINE.INFO
6 SepApache Makes Another Attempt at Patching Exploited RCE in OFBizThe latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks. The post Apache Makes Another Attempt at Patching Exploited RCE in OFBiz appeared first on SecurityWeek .SECURITYWEEK.COM
6 SepCVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root CompromiseThe CVE-2024-26581 PoC exploit has been disclosed, posing a risk to Linux systems by allowing root compromise. The flaw exists in the nft_set_rbtree function within the Linux kernel, enabling attackers to access sensitive data on affected systems.SECURITYONLINE.INFO
6 Sep KEVRecent SonicWall Firewall Vulnerability Potentially Exploited in the WildSonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild. The post Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild appeared first on SecurityWeek .SECURITYWEEK.COM
6 SepSonicWall SSLVPN access control flaw is now exploited in attacksSonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible. [...]BLEEPINGCOMPUTER.COM
6 SepGeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet MalwareA recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code exec…THEHACKERNEWS.COM
6 SepSonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible ExploitationSonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of …THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 24[−]
6 SepResearchers Unpacked AvNeutralizer EDR Killer Used By FIN7 GroupFIN7 (aka Carbon Spider, ELBRUS, Sangria Tempest) is a Russian APT group that is primarily known for targeting the U.S. retail, restaurant, and hospitality sectors since mid-2015.  In their attacks, the FIN7 group primarily uses several tactics and techniques like spearphish…GBHACKERS.COM
6 SepFog Ransomware Now Targeting the Financial Sector; Adlumin Thwarts AttackThe Fog Ransomware group, known for targeting education and recreation sectors, has expanded its scope to attack financial services organizations, where the attackers exploited compromised VPN credentials to deploy the ransomware, targeting both Windows and Linux endpoints. It ha…GBHACKERS.COM
6 SepLiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to AttacksA vulnerability in the LiteSpeed Cache WordPress plugin leads to the exposure of sensitive information, including user cookies. The post LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
6 SepCISA Breaks Silence on Controversial ‘Airport Security Bypass’ VulnerabilityResearchers and the TSA have different views on the impact of vulnerabilities in an airport security application that could allegedly allow the bypass of certain airport security systems. The post CISA Breaks Silence on Controversial ‘Airport Security Bypass’ Vulnerability appear…SECURITYWEEK.COM
6 SepRespotter: Open-Source Responder HoneypotRespotter is an open-source honeypot designed to detect attackers when they launch Responder within your environment. This application identifies active instances of Responder by exploiting its behavior when responding to any DNS query.HELPNETSECURITY.COM
6 SepHow cyber criminals are compromising AI software supply chainsWith the adoption of artificial intelligence (AI) soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important. Recent research by SentinelOne exposed a new ransomware actor, dubbed NullBulge, which targets software sup…SECURITYINTELLIGENCE.COM
6 SepIn Other News: US Army Hacks Buildings, X Hiring Cybersecurity Staff, Bitcoin ATM ScamsNoteworthy stories that might have slipped under the radar: US Special Forces can hack buildings, X is hiring cybersecurity staff, and FTC warns of Bitcoin ATM scams. The post In Other News: US Army Hacks Buildings, X Hiring Cybersecurity Staff, Bitcoin ATM Scams appeared first o…SECURITYWEEK.COM
6 SepNew malicious MS Office macro clusters discoveredCISOs with IT environments running older versions of Microsoft Office must upgrade immediately or risk the suite being used to spread malware using an old trick. This warning comes from Cisco Systems’ Talos threat intelligence service, after it discovered several new documents cr…CSOONLINE.COM
6 SepFrOSCon 2024 - free open source con -GERMAN and ENGLISHsubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/20e2c338-2aff-4abe-9865-78dffab3cb31.png Free and Open Source Software Conference. Free Software and Open Source - these are the topics of FrOSCon (Free and Open Source Software Conference).…INFOSEC.PUB
6 SepOpenStack Ironic Users Urged to Patch Critical VulnerabilityThe flaw, discovered by security researchers at Red Hat and G-Research, could lead to unauthorized access to sensitive data through mishandled images processed by qemu-img.SECURITYONLINE.INFO
6 SepPredator Spyware Exploiting “one-click” & “zero-click” FlawsRecent research indicates that the Predator spyware, once thought to be inactive due to US sanctions, has resurfaced with enhanced evasion techniques.  Despite efforts to curb its use, Predator continues to be employed in countries like the DRC and Angola, targeting high-pro…GBHACKERS.COM
6 SepGitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious CodeThreat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically involve registering domains or packages with names slightly altered from their legit…THEHACKERNEWS.COM
6 SepCar rental giant Avis discloses data breach impacting customersAmerican car rental giant Avis disclosed a data breach after attackers breached one of its business applications last month and stole customer personal information. [...]BLEEPINGCOMPUTER.COM
6 SepTwo weeks on from Pavel Durov’s arrest, Telegram ramps up moderation of ‘illegal content’Less than two weeks after Telegram founder and CEO Pavel Durov’s high-profile arrest by French police , the company has announced that it will start moderating “illegal content” in the platform’s private and group chats. Perhaps the word “announced” is overstating a change so sub…CSOONLINE.COM
6 SepPhishing Attack Takes a Two-Step Approach to Leverage Legitimate Sites and Evade DetectionAnalysis of a new phishing attack demonstrates how attackers may take a longer path to reach their malicious goals while staying “under the radar” of security products.KNOWBE4.COM
6 SepA Vulnerability in SonicWall SonicOS Management Access and SSLVPN Could Allow for Unauthorized Resource AccessA vulnerability has been discovered in SonicWall SonicOS Management Access and SSLVPN, which could allow for unauthorized resource access and in specific conditions, causing the firewall to crash. SonicOS is SonicWall’s operating system designed for their firewalls and other secu…CISECURITY.ORG
6 SepFeds Warn Health Sector to Patch Apache Tomcat FlawsHealthcare Sector Heavily Relies on Open-Source Web Server; Older Flaws Pose Risk Federal authorities are alerting healthcare entities of vulnerabilities - including older flaws - that put Apache Tomcat at risk for attacks if left unmitigated. The open-source web server is heavil…DATABREACHTODAY.CO.UK
6 SepWhite House Launches Cyber, Tech and AI Hiring Sprint'Service for America' Will Aim to Attract Diverse Candidates to the Cyber Workforce The White House announced a hiring sprint to fill cyber, technology and artificial intelligence jobs across federal agencies, dubbed Service for America, which aims to attract diverse candidates f…DATABREACHTODAY.CO.UK
6 SepCritical GeoServer Flaw Enabling Global Hack CampaignsTargets Includes Technology, Government and Telecommunications Sectors Cybercriminals are using a critical remote code execution vulnerability in an open-source geospatial data platform to spread malware globally across several industries. GeoServer Project maintainers released a…DATABREACHTODAY.CO.UK
6 SepTexas AG Hopes to Upend HIPAA Rules to Investigate AbortionsState Says HHS Erred by Shielding Reproductive Health Info From Law Enforcement Texas Attorney General Ken Paxton is suing the Biden administration alleging that "unlawful" HIPAA privacy rule regulations are hindering the state's law enforcement investigations into abortion and o…DATABREACHTODAY.CO.UK
6 SepAbsolute Purchases Syxsense to Tackle Cyber VulnerabilitiesAcquisition Brings Vulnerability Management to Absolute's Cyber Resilience Platform Absolute Security has strengthened its platform with the acquisition of Syxsense, adding powerful automated vulnerability management tools to its existing endpoint security capabilities. The move …DATABREACHTODAY.CO.UK
6 SepCar rental giant Avis data breach impacts over 299,000 customersAmerican car rental giant Avis disclosed a data breach after attackers breached one of its business applications last month and stole customer personal information. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 3[−]
6 SepAdobe evolves its risk management strategy with homegrown frameworkDigital business has transformed virtually everything for enterprises — and it has brought with it cybersecurity challenges perhaps unimaginable just a few years ago. “The Internet has become a much more integrated place — software products no longer operate autonomously but inte…CSOONLINE.COM
6 SepCritical Foreman Flaw Exposes Red Hat Satellite to Unauthorized AccessThis authentication bypass flaw, with a CVSS score of 9.8 (the highest severity rating), could enable unauthorized users to gain administrative access to Red Hat Satellite, a commercial offering built on Foreman.SECURITYONLINE.INFO
6 SepISMG Editors: How Arrest of Telegram CEO Affects EncryptionAlso: AI's Role in Cybersecurity; New Fraud Prevention Rules In the latest weekly update, ISMG editors discussed the implications of the recent arrest of Telegram's CEO in Paris for encrypted messaging services, the transformative impact of artificial intelligence in cybersecurit…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 8[−]
6 SepRussia APT28 Cyber Attacks German Air Traffic Controlsubmitted by kid to cybersecurity 1 points | 0 comments https://www.cybersecurity-insiders.com/russia-apt28-cyber-attacks-german-air-traffic-control/CYBERSECURITY-INSIDERS.COM
6 SepChinese 'Tropic Trooper' APT Targets Mideast Governmentssubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/chinese-tropic-trooper-apt-targets-mideast-governmentsDARKREADING.COM
6 SepHackers Linked to Russia and Belarus Increasingly Target Latvian Websites, Officials SayHackers from Russia and Belarus are increasingly targeting Latvian government and critical infrastructure websites in politically motivated cyberattacks, according to Latvian cybersecurity officials.THERECORD.MEDIA
6 SepReport: 83% of Organizations Experienced at Least One Ransomware Attack in the Last YearAccording to Onapsis, 83% of organizations experienced a ransomware attack in the past year. Of those, 46% experienced four or more attacks, and 14% faced 10 or more. The attacks resulted in at least 24 hours of downtime for 61% of respondents.HELPNETSECURITY.COM
6 SepTransport for London outages drag into weekend after cyberattackIn a brief update ahead of the weekend, the London transport network said it has no evidence yet that customer data was compromised. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
6 SepTransport for London staff faces systems disruptions after cyberattack​Transport for London, the city's public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack. [...]BLEEPINGCOMPUTER.COM
6 SepWeekly Update 416Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite It's been a while since I've just gone all "AMA" on a weekly update, but this was just one of those weeks that flew…TROYHUNT.COM
6 SepCyber Security Today - Week In Review for the September 7th, 2024Toronto School Board Hack & Cybersecurity Best Practices: Expert Panel Discussion Welcome to the weekend edition of Cybersecurity Today, hosted by Jim Love! Join our expert panel featuring Terry Cutler from Cyology Labs, David Shipley of Beauceron Security, and special guest Dana…CYBERSECURITYTODAY.LIBSYN.COM
🕵️ THREAT INTELLIGENCE 17[−]
6 SepMalvertising Campaign Phishes Lowe's Employeessubmitted by IllNess to securitynews 1 points | 0 comments https://www.darkreading.com/threat-intelligence/malvertising-campaign-phish-lowes-employeesINFOSEC.PUB
6 SepISC Stormcast For Friday, September 6th, 2024 https://isc.sans.edu/podcastdetail/9128, (Fri, Sep 6th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
6 SepRussian Military Hackers Attacking US and Global Critical InfrastructureRussian military hackers, identified as Unit 29155, have been actively targeting critical infrastructure in the United States and globally. This unit, known for its sophisticated cyber operations, has been linked to attacks aimed at disrupting and compromising vital sectors. The …GBHACKERS.COM
6 SepTropic Trooper Attacks Government Organizations to Steal Sensitive DataTropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group, and it has been active since 2011. This APT group primarily targets government institutions, military agencies, healthcare, transportation, and high-tech industries in Taiwan, the Ph…GBHACKERS.COM
6 SepNoiseAttack is a Novel Backdoor That Uses Power Spectral Density For EvasionNoiseAttack is a new method of secretly attacking deep learning models. It uses triggers made from White Gaussian Noise to create several targeted classes in the model, rather than just one, like most current methods.  This approach also helps avoid being easily detected, wh…GBHACKERS.COM
6 SepCybersecurity M&A Roundup: 36 Deals Announced in August 2024Roundup of the three dozen cybersecurity-related merger and acquisition (M&A) deals announced in August 2024. The post Cybersecurity M&A Roundup: 36 Deals Announced in August 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
6 SepVeeam Patches Critical Vulnerabilities in Enterprise ProductsVeeam has released patches for critical-severity vulnerabilities in Backup & Replication, ONE, and Service Provider Console. The post Veeam Patches Critical Vulnerabilities in Enterprise Products appeared first on SecurityWeek .SECURITYWEEK.COM
6 SepMuddyWater Hijacks RMM Software for EspionageMuddyWater, an Iranian hacker group since 2017, has been using legitimate RMM software to target organizations globally, focusing on government, military, telecom, and oil sectors.SECURITYONLINE.INFO
6 SepBBTok Abuses Legitimate Windows Utility Command Tool to Stay UndetectedCybercriminals in Latin America have increased their use of phishing scams targeting business transactions and judicial-related matters. By leveraging trust and fear, respectively, these attacks often involve malicious links or file attachments that lead to malware infections, wh…GBHACKERS.COM
6 SepYubiKey Side-Channel AttackThere is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack , requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment. …SCHNEIER.COM
6 SepIP Addresses - SWN VaultCheck out this episode from the SWN Vault, hand picked by main host Doug White! This SDL episode was initially published on August 9, 2017. Doug explains the basics of how IP Addresses work, with help from Doug in an alternate dimension. Beware of the terminator! Visit https://ww…YOUTUBE.COM
6 SepAfter CrowdStrike Outage: Time to Rebuild Microsoft Windows?Global Outage Triggers Calls for 'Less-Invasive Access' to Essential Functions The global disruption caused by a faulty CrowdStrike software triggering a kernel panic and computer meltdowns has led government agencies, experts and vendors to call for rethinking Windows operating …DATABREACHTODAY.CO.UK
6 SepUS Gov Removing Four-Year-Degree Requirements for Cyber JobsThe US government will remove "unnecessary degree requirements" in favor of skills-based hiring to help fill 500,000 open cybersecurity jobs. The post US Gov Removing Four-Year-Degree Requirements for Cyber Jobs appeared first on SecurityWeek .SECURITYWEEK.COM
6 SepMoody's Ratings: Cyber Insurance Competition Up, Prices DownCredit Rating Business Says Cyber Insurance Market 'Poised for Significant Growth' Competition has been increasing in the cyber insurance market, leading to a "moderate" decrease in insurance premiums after several years of rate increases. So reports Moody's Ratings, which said t…DATABREACHTODAY.CO.UK
6 SepUnderground Demand for Malicious LLMs Is RobustSo-Called Mallas Are Easily Bought or Rented The underground market for illicit large language models is a lucrative one, said academic researchers who called for better safeguards against artificial intelligence misuse. "This laissez-faire approach essentially provides a fertile…DATABREACHTODAY.CO.UK
6 SepLive Video of Promachoteuthis SquidThe first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile. Blog moderation policy.SCHNEIER.COM
6 SepFound: 280 Android apps that use OCR to steal cryptocurrency credentialssubmitted by BrikoX to cybersecurity 7 points | 0 comments https://arstechnica.com/security/2024/09/found-280-android-apps-that-use-ocr-to-steal-cryptocurrency-credentials/ Optical Character Recognition converts passwords shown in images to machine-readable text.ARSTECHNICA.COM
🌐 CYBER THREAT LANDSCAPE 7[−]
6 SepFake OnlyFans Tool Backstabs Cybercriminals, Steals PasswordsA fake OnlyFans tool circulating among hackers promises to help steal accounts but actually infects them with the Lumma stealer malware, as discovered by Veriti Research.BLEEPINGCOMPUTER.COM
6 SepThe State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025The 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients re…THEHACKERNEWS.COM
6 SepHead Mare Hacktivist Group Targets Russia and BelarusThe group, active since at least 2023, exclusively targets companies in these countries. They use modern techniques to gain initial access to systems, primarily through phishing emails with custom malware like PhantomDL and PhantomCore.SECURITYAFFAIRS.COM
6 SepUse of Predator Spyware Rebounds After a Dip From Biden Sanctions, Researchers SayDespite facing sanctions, Predator has managed to attract new customers and has been detected in various countries, including the Democratic Republic of Congo and Angola.THERECORD.MEDIA
6 SepNew Android SpyAgent Campaign Steals Crypto Credentials via Image RecognitionA new mobile malware called SpyAgent has been uncovered by McAfee's Mobile Research Team. This malware targets mnemonic keys used for cryptocurrency wallets by scanning for images containing them on your device.MCAFEE.COM
6 SepSpyAgent Android malware steals your crypto recovery phrases from imagesA new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device. [...]BLEEPINGCOMPUTER.COM
🎙️ PODCASTS 1[−]
6 SepAI - What did you miss this summer? Hasthtag Trending for Friday, September 5th, 2024AI Summer Recap: OpenAI's GPT 5, GPT Next, and Beyond Join host Jim Love as he navigates through the major AI and cybersecurity stories that dominated summer 2023. From CrowdStrike's impact on Windows security to OpenAI's tantalizing announcements of GPT 4.0 Omni and the anticipa…CYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 16[−]
6 SepPavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal ActivityTelegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-…THEHACKERNEWS.COM
6 SepHow cybercriminals attack young gamers: the most common and dangerous scams | Kaspersky official blogOur new report investigates cyberthreats aimed at child gamers.KASPERSKY.COM
6 SepTIDRONE Targets Military and Satellite Industries in TaiwanOur research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.TRENDMICRO.COM
6 SepAtomic macOS Stealer leads sensitive data theft on macOSSophos X-Ops explores the distribution and capabilities of the Atomic macOS Stealer (AMOS)SOPHOS.COM
6 SepInfosec Spending to Hit 3-Year Growth Peak, Reach $212B Next Year: GartnerGlobal spending on information security is on track to reach nearly $212 billion next year, with a projected 15% increase from 2024. The majority of this spending is in security software, particularly in endpoint protection platforms.CYBERSECURITYDIVE.COM
6 SepGoffloader: In-Memory Execution, No Disk RequiredPraetorian has uncovered GoffLoader, an in-memory execution tool that allows security professionals to run BOF and unmanaged Cobalt Strike PE files directly in memory without writing to disk.SECURITYONLINE.INFO
6 SepWhite House Launches Cybersecurity Hiring Sprint To Help Fill 500,000 Job OpeningsThe White House has launched a cybersecurity hiring sprint to fill 500,000 job openings, part of a program to address the ongoing shortage in cyber, technology, and AI positions.CYBERSECURITYDIVE.COM
6 SepMalvertising Campaign Phishes Lowe's EmployeesThe fake landing pages closely mimicked the real Lowe's portal, prompting employees to enter their sales numbers, passwords, and security question answers, which then were sent to attackers.DARKREADING.COM
6 SepUS Posts Indictments, Rewards in Russia’s WhisperGate Hacks Against UkraineThe US has indicted members of Russian military intelligence unit 29155 for cyber-operations including WhisperGate hacks against Ukraine, offering up to $10 million for information.THERECORD.MEDIA
6 SepSami Khoury, Head of Canada’s Cyber Agency, Starts New Role in GovernmentSami Khoury, the head of Canada's cyber agency, is moving to a new role as the government's senior official for cybersecurity after leading the Canadian Centre for Cyber Security (CCCS) since August 2021.THERECORD.MEDIA
6 SepRussian Doppelganger Campaign ExposedPACKETSTORMSECURITY.COM
6 SepMicrosoft Office 2024 to disable ActiveX controls by default​After Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps. [...]BLEEPINGCOMPUTER.COM
6 SepBitcoin ATM scams skyrocket – Week in security with Tony AnscombeThe schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scamsWELIVESECURITY.COM