🚨 CISA KEV 1[−]
9 Sep KEVCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2016-3714 ImageMagick Improper Input Validation Vulnerability CVE-2017-1000253 Linux Kernel PIE Stack Buffer Corruption Vulnerability CVE-…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 11[−]
9 Sep KEVApache OFBiz patches new critical remote code execution flawDevelopers of Apache OFBiz, an open-source enterprise resource planning (ERP) framework, have released a patch for a new critical flaw that can allow unauthenticated attackers to execute arbitrary code on servers. The likelihood of attackers exploiting this vulnerability in real-…CSOONLINE.COM
9 SepUpdating secure boot is crucial to keeping systems secure and working properlyNew security features are great, but it’s inevitable that bad actors will eventually find ways around even the most novel of protections. Keeping up with attackers may mean adjusting, changing, redeploying, or, in the case of secure boot, dealing with the update phases of deploym…CSOONLINE.COM
9 SepIBM webMethods Integration Server Vulnerabilities Exposes Systems to Arbitrary Command ExecutionCritical vulnerabilities have been identified, potentially exposing systems to arbitrary command execution. These vulnerabilities, cataloged under the Common Vulnerabilities and Exposures (CVE) system, highlight significant security risks that demand immediate attention. Overview…GBHACKERS.COM
9 SepRed Hat Issues Critical Patch for Pulpcore Authentication Bypass Flaw (CVE-2024-7923)Red Hat has issued a critical security advisory for an authentication bypass vulnerability (CVE-2024-7923) in Pulpcore, a content management system used in Red Hat Satellite deployments.SECURITYONLINE.INFO
9 SepCritical Flaw in IBM webMethods Integration Demand Immediate ActionIBM webMethods Integration Server is hit by a critical flaw (CVE-2024-45076) with a CVSS score of 9. 9, demanding urgent attention. This flaw allows authenticated users to execute arbitrary commands, escalate privileges, and access sensitive files.SECURITYONLINE.INFO
9 SepProgress Software Issues Patch for Vulnerability in LoadMaster and MT HypervisorProgress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that could result in the execution of arbitrary operating system commands. Tracked as CVE-2024-7591 (CVSS score: 10.0), the vulnerability has been described …THEHACKERNEWS.COM
9 SepCritical GeoServer Flaw Enabling Global Hack CampaignsThe flaw in GeoServer, tracked as CVE-2024-36401 and with a CVSS score of 9.8, was swiftly capitalized on by hackers who launched campaigns using botnet families and cryptominers to spread malicious tools like Goreverse, a reverse proxy server.BANKINFOSECURITY.COM
9 SepCritical SonicWall Vulnerability Possibly Exploited in Ransomware AttacksA recently patched SonicWall vulnerability tracked as CVE-2024-40766 may have been exploited in ransomware attacks. The post Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
9 SepHAProxy Vulnerability CVE-2024-45506 Under Active Exploit: Urgent Patching RequiredThis flaw in the HTTP/2 multiplexer can lead to an endless loop, system crashes, and remote denial-of-service attacks, with a CVSS score of 7. 5. The vulnerability impacts HAProxy Enterprise, ALOHA, and Kubernetes Ingress Controller products.SECURITYONLINE.INFO
9 SepCritical Kibana Flaws Expose Systems to Arbitrary Code ExecutionA couple of critical vulnerabilities in Kibana, tracked as CVE-2024-37288 and CVE-2024-37285, can lead to arbitrary code execution. Elastic urges an immediate update to version 8.15.1.SECURITYONLINE.INFO
9 SepAkira Ransomware Actively Exploiting SonicWall firewall RCE VulnerabilitySonicWall disclosed a critical remote code execution vulnerability (CVE-2024-40766) in SonicOS on August 22nd, 2024. While no active exploitation was initially confirmed, the advisory was updated on September 6th to indicate potential active attacks. The vulnerability, affe…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 14[−]
9 Sep5.9 terabytes of sensitive medical data leaked: Cyber Security Today for Monday, September 9th, 2024Massive Healthcare Data Breach, Google's Move to Rust, and New Sextortion Scams - Cybersecurity Today In this episode of Cybersecurity Today, hosted by Jim Love, we discuss a major healthcare data breach at Confident Health where 5.3 terabytes of sensitive mental health data were…CYBERSECURITYTODAY.LIBSYN.COM
9 SepYoung Gamers Under Attack, Here is the List of Games TargetedAs the new school year begins, students are gearing up for new classes and friendships and diving back into the digital world of video games. However, this virtual playground is not as safe as it seems. Cybercriminals are increasingly targeting young gamers, exploiting their enth…GBHACKERS.COM
9 SepAbsolute Purchases Syxsense to Tackle Cyber VulnerabilitiesAbsolute Security has acquired Syxsense, an endpoint and vulnerability management provider, to enhance its cyber resilience platform. The acquisition aims to simplify patching and remediation through automated workloads.BANKINFOSECURITY.COM
9 SepSonicWall SSLVPN Access Control Flaw is Now Exploited in Akira Ransomware AttacksInitially believed to only impact SonicOS management access, it has now been confirmed to affect SSLVPN on SonicWall firewalls, including by Akira ransomware affiliates targeting accounts with disabled MFA and outdated firmware versions.BLEEPINGCOMPUTER.COM
9 SepAustralia Threatens to Force Companies to Break EncryptionIn 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government…SCHNEIER.COM
9 SepProtecting Against Business Email Compromise (BEC): A Comprehensive GuideBusiness Email Compromise (BEC) attacks have emerged as one of the most sophisticated and financially devastating forms of cybercrime. The latest FBI Internet Crime (IC3) Report reveals that BEC resulted in $2.7 billion in adjusted losses annually. These attacks are notoriously d…CSOONLINE.COM
9 SepChinese Hackers Exploit Visual Studio Code in Southeast Asian CyberattacksThe China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia. "This threat actor used Visual Studio Code's embedded reverse …THEHACKERNEWS.COM
9 SepHow to defend against brute force and password spray attacksWhile not very sophisticated, brute force password attacks pose a significant threat to an organization's security. Learn more from Specops Software about these types of attacks and how to defend against them. [...]BLEEPINGCOMPUTER.COM
9 SepPayment gateway data breach affects 1.7 million credit card ownersPayment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals. [...]BLEEPINGCOMPUTER.COM
9 SepPatch Alert Issued for Veeam Backup & Replication SoftwareExpect Ransomware Groups to Abuse Critical-Severity Bug to Steal Data, Experts Warn Security experts are urging all Veeam Backup & Replication users to immediately update their software to patch a flaw that attackers can remotely exploit to take full control of a system. Experts …DATABREACHTODAY.CO.UK
9 SepMeta fixes easily bypassed WhatsApp ‘View Once’ privacy featureA privacy flaw in WhatsApp, an instant messenger with over 2 billion users worldwide, is being exploited by attackers to bypass the app's "View once" feature and view messages again. [...]BLEEPINGCOMPUTER.COM
9 SepProgress Software Fixes Critical LoadMaster VulnerabilityUrgent Fix Addresses Critical Flaw That Allows Remote Code Execution Progress Software released an urgent patch Thursday to fix a critical vulnerability that hackers could exploit to launch remote attacks. The company is no stranger to urgent patching. It was at the center of a M…DATABREACHTODAY.CO.UK
9 SepUS Prepares to Gather AI Foundational Model Developer InfoAction Aims to Ensure That Domestic Defense Industry Keeps Up With AI Developments The U.S. federal government is preparing to collect reports from foundational artificial intelligence model developers, including details about their cybersecurity defenses and red-teaming efforts.…DATABREACHTODAY.CO.UK
9 SepCritical SonicWall SSLVPN bug exploited in ransomware attacksRansomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 11[−]
9 SepWhat’s next after the CISO role?Few roles have changed as much as the chief information security officer in the nearly 30 years since Steve Katz first held the title at Citicorp in the mid-1990s. As the role has evolved from managing technical controls to business risk, it’s paved the way for CISOs to advance i…CSOONLINE.COM
9 SepFeds Indicted Two Alleged Administrators of WWH Club Dark Web MarketplaceTwo men from Russia and Kazakhstan, Alex Khodyrev and Pavel Kublitskii, have been indicted in Tampa, Florida, for operating the Dark Web cybercriminal marketplace WWH Club.SECURITYAFFAIRS.COM
9 SepCISA Releases Election Security Focused Checklists for Both Cybersecurity and Physical SecurityCISA.GOV
9 SepCybersecurity and the Business - Theresa Lanowitz - BSW #363Cybersecurity resilience, different from cyber resilience, is critical as threats grow in frequency and complexity. With digital innovation driving business, cybersecurity resilience is essential for maintaining stakeholder trust and compliance. But where do you start? Theresa La…YOUTUBE.COM
🔥 INCIDENT REPORTING 9[−]
9 SepTIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber CampaignA previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers in Taiwan as part of a cyber attack campaign that commenced in 2024. Trend Micro is tracking the adversary under the moniker TIDRONE, stating the a…THEHACKERNEWS.COM
9 SepThousands of Avis car rental customers had personal data stolen in cyberattackThe car rental giant says personal information, credit card information, and driver's license numbers were stolen in the August cyberattack. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
9 SepNew RAMBO Attack Allows Air-Gapped Data Theft via RAM Radio SignalsAn academic researcher has devised a new method of exfiltrating data from air-gapped systems using radio signals from memory buses. The post New RAMBO Attack Allows Air-Gapped Data Theft via RAM Radio Signals appeared first on SecurityWeek .SECURITYWEEK.COM
9 Sep300,000 Impacted by Data Breach at Car Rental Firm AvisAvis Car Rental is notifying roughly 300,000 individuals that their personal information was stolen in an August 2024 data breach. The post 300,000 Impacted by Data Breach at Car Rental Firm Avis appeared first on SecurityWeek .SECURITYWEEK.COM
9 SepNew RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped NetworksA novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO by Dr. Mordechai Guri, the head of the Offensive…THEHACKERNEWS.COM
9 SepHighline Public Schools closes schools following cyberattackHighline Public Schools, a K-12 district in Washington state, has shut down all schools and canceled school activities after its technology systems were compromised in a cyberattack. [...]BLEEPINGCOMPUTER.COM
9 SepAcadian Ambulance Notifying Nearly 3 Million of Data TheftRansomware Gang Daixin Claims It Published Sensitive Patient Info on Dark Web Site A Louisiana-based ambulance company that provides emergency medical care services in four states is notifying nearly 3 million people that their sensitive health information was potentially stolen …DATABREACHTODAY.CO.UK
9 SepChinese hackers use new data theft malware in govt attacksNew attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks. [...]BLEEPINGCOMPUTER.COM
9 Sep300K Victims Compromised in Avis Car Rental Breachsubmitted by kid to cybersecurity 4 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/300k-victims-data-compromised-avis-car-rental-breachDARKREADING.COM
🕵️ THREAT INTELLIGENCE 19[−]
9 SepISC Stormcast For Monday, September 9th, 2024 https://isc.sans.edu/podcastdetail/9130, (Mon, Sep 9th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
9 SepU.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major AttacksThe U.S. government and a coalition of international partners have officially attributed a Russian hacking group tracked as Cadet Blizzard to the General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155). "These cyber actors are responsible f…THEHACKERNEWS.COM
9 SepUnmasking PackXOR: The FIN7 Packer ExposedDespite its connection to FIN7, other threat actors have also employed PackXOR to distribute payloads like XMRig cryptominer and R77 rootkit, often in conjunction with SilentCryptoMiner.SECURITYONLINE.INFO
9 SepPredator Spyware Resurfaces With Fresh InfrastructureRecorded Future observes renewed Predator spyware activity on fresh infrastructure after a drop caused by US sanctions. The post Predator Spyware Resurfaces With Fresh Infrastructure appeared first on SecurityWeek .SECURITYWEEK.COM
9 SepOne Million US Kaspersky Customers Transferred to Pango’s UltraAVKaspersky’s customers in the US are being acquired by cybersecurity firm Pango and will be offered UltraAV antimalware software. The post One Million US Kaspersky Customers Transferred to Pango’s UltraAV appeared first on SecurityWeek .SECURITYWEEK.COM
9 SepWireshark 4.4's IP Address Functions, (Mon, Sep 9th)New IP address functions have been added in Wireshark 4.4 (if you use Wireshark on Windows, there&#;x26;#;39;s a bug in release 4.4.0: the DLL with these functions is missing , it will be included in release 4.4.1; all is fine with Linux and Mac v…ISC.SANS.EDU
9 SepTwo Indicted in US for Running Dark Web Marketplaces Offering Stolen InformationA Kazakhstani and a Russian national were indicted in the US for operating dark web sites facilitating PII, card, and banking information trading. The post Two Indicted in US for Running Dark Web Marketplaces Offering Stolen Information appeared first on SecurityWeek .SECURITYWEEK.COM
9 SepBlind Eagle Targets Colombian Insurance Sector with Customized Quasar RATThe Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) known as Quasar RAT since June 2024. "Attacks have originated with phishing emails impersonat…THEHACKERNEWS.COM
9 SepTIDRONE APT targets drone manufacturers in Taiwansubmitted by kid to cybersecurity 1 points | 0 comments https://securityaffairs.com/168210/apt/tidrone-targets-organizations-taiwan.htmlSECURITYAFFAIRS.COM
9 SepGerman Cyber Agency Investigating APT28 Phishing CampaignDer Spiegel Reports Russian State Hackers Mimicked Kiel Institute The German cyber agency is reportedly investigating a phishing campaign tied to Russian state hacking group APT28 that used a bogus website mimicking an influential think tank. The campaign, which ran for months, u…DATABREACHTODAY.CO.UK
9 SepGoogle Pushes Rust in Legacy Firmware to Tackle Memory Safety FlawsGoogle’s adoption of memory safe programming languages now includes the deployment of Rust in legacy low-level firmware codebases. The post Google Pushes Rust in Legacy Firmware to Tackle Memory Safety Flaws appeared first on SecurityWeek .SECURITYWEEK.COM
9 SepHackers Target Taiwan UAV, Military IndustriesThreat Actor Is Likely a Beijing Cyberespionage Operator A Chinese-speaking hacking group is targeting drone manufacturers in Taiwan and other military-related industries on the island country located roughly 100 miles from mainland China. Trend Micro on Friday said it tracks the…DATABREACHTODAY.CO.UK
9 SepFBI Report Says Cryptocurrency Scams Surged in 2023Victims Reported $5.6 Billion in Financial Losses Associated With Crypto Schemes The FBI's Internet Crime Complaint Center on Monday issued a report revealing victims filed more than 69,000 public complaints related to cryptocurrency fraud and $5.6 billion in financial losses in …DATABREACHTODAY.CO.UK
9 SepElection-Themed Scams Are on the RiseResearchers at Malwarebytes warn of a surge in election-themed scams ahead of November’s presidential election in the US. These attacks can be expected to increase as the election grows closer.KNOWBE4.COM
9 SepUse of Malicious Links Surges by 133% in Q1, Setting the Tone for the First Half of 2024Threat actors are opting for malicious links over attachments in email-based attacks because it gives them a critical advantage that many solutions can’t address.KNOWBE4.COM
9 SepC-Suite & Boardroom Blind Spots While Aligning Cybersecurity Strategy with Business - BSW #363In the leadership and communications segment, Blind Spots in the C-Suite & Boardroom, Evolving Cybersecurity: Aligning Strategy with Business Growth, How to Lead Like a Coach, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://secu…YOUTUBE.COM
9 SepDarktrace CEO Swap: Gustafsson Steps Down; Popelka Steps UpCOO Jill Popelka Promoted to Chief Executive as Thoma Bravo Acquisition Nears Close Darktrace has promoted COO Jill Popelka to CEO, replacing long-time leader Poppy Gustafsson. As the cybersecurity AI vendor prepares to finalize its sale to Thoma Bravo, Popelka will steer Darktra…DATABREACHTODAY.CO.UK
9 SepPredator spyware operation is back with a new infrastructuresubmitted by kid to cybersecurity 2 points | 0 comments https://securityaffairs.com/168222/intelligence/predator-spyware-new-infrastructure.htmlSECURITYAFFAIRS.COM
9 SepNew RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networkssubmitted by kid to cybersecurity 4 points | 0 comments https://thehackernews.com/2024/09/new-rambo-attack-uses-ram-radio-signals.html?m=1THEHACKERNEWS.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
9 SepEarth Preta Evolves its Attacks with New Malware and StrategiesIn this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.TRENDMICRO.COM
9 SepNew Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery KeysAndroid device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat dubbed SpyAgent. The malware "targets mnemonic keys by scanning for images on your device that might contain them," McAfee Labs researcher SangRyol Ryu…THEHACKERNEWS.COM
9 SepNew RAMBO Attack Steals Data Using RAM in Air-Gapped ComputersThe attack involves malware manipulating the computer's RAM to emit controlled electromagnetic radiation that can transmit data to nearby recipients. The attack, created by Israeli researchers, leverages memory access patterns to modulate the RAM.BLEEPINGCOMPUTER.COM
9 SepQuad7 botnet targets more SOHO and VPN routers, media serversThe Quad7 botnet is expanding its targeting scope with the addition of new clusters and custom implants that now also target Zyxel VPN appliances and Ruckus wireless routers. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 11[−]
9 SepIndustry Moves for the week of September 9, 2024 - SecurityWeekExplore industry moves and significant changes in the industry for the week of September 9, 2024. Stay updated with the latest industry trends and shifts.SECURITYWEEK.COM
9 SepFeds Warn Health Sector to Patch Apache Tomcat FlawsThe Department of Health and Human Services' Health Sector Cybersecurity Coordination Center highlighted the ongoing discovery of vulnerabilities in Tomcat that pose a risk to organizations.BANKINFOSECURITY.COM
9 SepWing Security SaaS Pulse: Continuous Security & Actionable Insights — For FreeDesigned to be more than a one-time assessment— Wing Security’s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it’s free! Introducing SaaS Pulse: Free Continuous SaaS Risk Management Just like waiting…THEHACKERNEWS.COM
9 SepLummaC2 Stealer and Malicious Chrome Extension Wreak HavocThis attack begins with victims unknowingly downloading a malicious ZIP archive containing an installer file that sideloads a malicious DLL. This DLL then downloads the LummaC2 Stealer and a PowerShell script from a command-and-control server.SECURITYONLINE.INFO
9 SepWebinar: How to Protect Your Company from GenAI Data Leakage Without Losing It’s Productivity BenefitsGenAI has become a table stakes tool for employees, due to the productivity gains and innovative capabilities it offers. Developers use it to write code, finance teams use it to analyze reports, and sales teams create customer emails and assets. Yet, these capabilities are exactl…THEHACKERNEWS.COM
9 SepSextortion Scam Now Use Your “Cheating” Spouse’s Name as a LureA new sextortion scam variant is targeting spouses by claiming their partner is cheating on them and providing alleged proof in emails. These scams involve threatening to share compromising images or videos unless a payment is made.BLEEPINGCOMPUTER.COM
9 SepOne More Tool Will Do It? Reflecting on the CrowdStrike FalloutThe proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However…THEHACKERNEWS.COM
9 SepBug lets anyone bypass WhatsApp’s ‘View Once’ privacy featureA flaw in the design of WhatsApp's "View Once" privacy feature let's anyone save pictures and videos that should be ephemeral. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM