🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
7 SepVeeam Backup & Replication Faces RCE Flaw Allows Full System TakeoverA critical Remote Code Execution (RCE) flaw, CVE-2024-40711, with a CVSS score of 9. 8 has been discovered in Veeam Backup & Replication, allowing unauthorized attackers to take full control over systems.SECURITYONLINE.INFO
⚠️ VULNERABILITY DISCLOSURE 4[−]
7 SepNew Stealthy Malware Campaign Dubbed DarkCracks Exploits GLPI and WordPress SitesDarkCracks isn’t your typical malware campaign—it’s a sophisticated Launcher designed for long-term exploitation. It deploys malicious payloads through public websites, like school portals and booking systems, to infect unsuspecting users.SECURITYONLINE.INFO
7 SepFog Ransomware Now Targeting the Financial SectorFog, a variant of STOP/DJVU family, targets various sectors, exploiting VPN vulnerabilities to infiltrate network defenses. After infiltration, Fog ransomware disables protective measures, encrypts vital files, and demands ransom via the Tor network.ADLUMIN.COM
7 SepApache fixes critical OFBiz remote code execution vulnerabilityApache has addressed a critical remote code execution vulnerability in its OFBiz software, which could allow attackers to run malicious code on Linux and Windows servers. OFBiz is a CRM and ERP suite that serves as a Java-based web framework.BLEEPINGCOMPUTER.COM
7 SepPython & Notepad++, (Sat, Sep 7th)PythonScript is a Notepad++ plugin that provides a Python interpreter to edit Notepad++ documents.
ISC.SANS.EDU
🔥 INCIDENT REPORTING 2[−]
7 SepCyberVolk Ransomware: A New and Evolving Threat to Global CybersecurityCyberVolk, infamous for DDoS attacks and data breaches, has gained particular notoriety for its ransomware, detected in July 2024, due to its advanced features and capabilities.SECURITYONLINE.INFO
7 SepTransport for London staff faces systems disruptions after cyberattacksubmitted by IllNess to securitynews 1 points | 0 comments https://www.bleepingcomputer.com/news/security/transport-for-london-staff-faces-systems-disruptions-after-cyberattack/ Transport for London, the city’s public transportation agency, revealed today that its staff has limit…INFOSEC.PUB
🕵️ THREAT INTELLIGENCE 5[−]
7 SepNorth Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job ScamsThreat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation. These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about thre…THEHACKERNEWS.COM
7 SepBlindEagle Targets Colombian Insurance Sector with BlotchyQuasarThe BlindEagle APT group has recently targeted the Colombian insurance sector. The attack chain starts with a phishing email impersonating DIAN, the Colombian tax authority.ZSCALER.COM
7 SepTROOPERS24 IT Security Conference - 19 videossubmitted by ashar to security_cpe 1 points | 0 comments TROOPERS24 Playlist TROOPERS24 ScheduleINFOSEC.PUB
7 SepNorth Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scamssubmitted by IllNess to securitynews 2 points | 0 comments https://thehackernews.com/2024/09/north-korean-threat-actors-deploy.html “After an initial chat conversation, the attacker sent a ZIP file that contained COVERTCATCH malware disguised as a Python coding challenge,” resear…INFOSEC.PUB
7 SepFreeBSD Gets €686,400 to Boost Security Featuressubmitted by BrikoX to cybersecurity 2 points | 0 comments https://www.darkreading.com/application-security/freebsd-gets-stf-funding-boost-security-features The funds from Germany’s Sovereign Tech Fund will be used to integrate security features such as zero trust capabilities an…DARKREADING.COM
📡 INFOSEC NEWS 6[−]
7 SepPenpie DeFi platform files reports with FBI, Singapore police after $27 million crypto theftThe Penpie DeFi platform recently reported a $27 million cryptocurrency theft to the FBI and Singapore police. Hackers targeted the protocol, stealing ethereum and prompting Penpie to halt withdrawals and deposits.THERECORD.MEDIA
7 SepFBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh NationalsTwo men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that specializes in the sale of sensitive personal and financial information. Alex Khodyrev, a 35-year-old Kazakhstan national, and Pavel Kublitskii, a 37-year-…THEHACKERNEWS.COM
7 SepFor security, we have to stop picking up the phoneToday's scams can be as simple as picking up a phone call. To avoid the next fraud, there are good reasons to let your calls run to voicemail. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
7 SepSextortion scam now use your "cheating" spouse’s name as a lureA new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof. [...]BLEEPINGCOMPUTER.COM
7 SepNew RAMBO attack steals data using RAM in air-gapped computersA novel side-channel attack dubbed "RAMBO" (Radiation of Air-gapped Memory Bus for Offense) generates electromagnetic radiation from a device's RAM to send data from air-gapped computers. [...]BLEEPINGCOMPUTER.COM
7 SepSextortion scams now use your "cheating" spouse’s name as a lureA new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof. [...]BLEEPINGCOMPUTER.COM