101Articles
9Categories
2024-09-18Date
🚨 CISA KEV 1[−]
18 Sep KEVCISA Adds Five Known Exploited Vulnerabilities to CatalogCISA has added five new vulnerabilities to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-27348 Apache HugeGraph-Server Improper Access Control Vulnerability CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Code …CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
18 SepPatch Issued for Critical VMware vCenter Flaw Allowing Remote Code ExecutionBroadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the D…THEHACKERNEWS.COM
18 SepVMware vCenter Server Vulnerability Let Attackers Escalate PrivilegesVMware has issued a critical security advisory (VMSA-2024-0019) addressing two significant vulnerabilities in its vCenter Server and VMware Cloud Foundation products. CVE-2024-38812 and CVE-2024-38813 vulnerabilities could allow attackers to execute remote code and escalate privi…GBHACKERS.COM
18 SepCritical Flaws Found in VICIdial Contact Center Suite, PoC PublishedTwo critical vulnerabilities, CVE-2024-8503 (SQL Injection) and CVE-2024-8504 (Privilege Escalation), have been uncovered in the VICIdial Contact Center Suite, posing a major risk for call centers globally.SECURITYONLINE.INFO
18 SepVulnerabilities in Cellular Packet Cores Part IV: AuthenticationOur research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects an…TRENDMICRO.COM
18 SepRed Hat OpenShift Receives Patches for Two Critical FlawsRed Hat OpenShift, a popular hybrid cloud platform with robust security features, is facing two critical vulnerabilities: CVE-2024-45496 (CVSS 9.9) and CVE-2024-7387 (CVSS 9.1).SECURITYONLINE.INFO
18 Sep KEVMicrosoft Windows Kernel Vulnerability Exploited in the WildMicrosoft has confirmed the exploitation of a Windows Kernel vulnerability, identified as CVE-2024-37985, in the wild. This vulnerability, first released on July 9, 2024, and last updated on September 17, 2024, poses a significant risk due to its potential for information disclos…GBHACKERS.COM
18 SepLibreOffice Repair Mode Vulnerability Let Attackers Mark the Document as Not ValidLibreOffice users are urged to update their software after disclosing a critical vulnerability, CVE-2024-7788, which affects the document repair mode. This flaw allows attackers to manipulate document signatures, potentially leading to security breaches. Vulnerability Overview Li…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 20[−]
18 SepCybersecurity vet Madison Horn makes her bid for US CongressIt’s safe to say that Madison Horn is the only candidate for US Congress in history who has ever injected Taylor Swift lyrics into a teleprompter during a pen test. A few years ago, while working in cybersecurity at a global consulting firm, Horn conducted that white-hat hacking …CSOONLINE.COM
18 SepFrom Dreams to Reality: The Magic of 3D Printing, with Elle HuntPresently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device. I was in my mid-30s before I felt comfortable standing up in front of an audience and talking about technology. Come to think of it, "comfortable" isn'…TROYHUNT.COM
18 SepRCE Flaw in Google Cloud Affected Millions of Serverssubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.darkreading.com/cloud-security/cloudimposer-flaw-google-cloud-affected-millions-servers Attackers could have exploited a dependency confusion vulnerability dubbed "CloudImposer" affecting various Goo…DARKREADING.COM
18 SepData Theft Risk in Salesforce by Manipulating Public LinksThe vulnerability was related to the undocumented Salesforce Aura API and SOQL subqueries, allowing a blind SOQL injection attack to retrieve customer information, including personally identifiable information (PII).VARONIS.COM
18 SepRussian Security Firm Doctor Web HackedAntimalware company Doctor Web was recently targeted in a cyberattack that prompted it to disconnect all resources from its networks. The post Russian Security Firm Doctor Web Hacked appeared first on SecurityWeek .SECURITYWEEK.COM
18 SepPersonhood: Cybersecurity’s next great authentication battle as AI improvesCISOs may be intimately familiar with the dozens of forms of authentication for privileged areas of their environments, but a very different problem is arising in areas where authentication has traditionally been neither needed nor desired. Domains such as sales call centers or p…CSOONLINE.COM
18 SepAustralian cops bust underworld app through compromised software updatesAustralia’s Federal Police (AFB) said it hacked into a dedicated encrypted communication platform, Ghost, to dismantle global criminal operations. The action was carried out as part of “Operation Kraken,” a law enforcement action that concluded with the arrest of a New South Wale…CSOONLINE.COM
18 SepChrome 129 Patches High-Severity Vulnerability in V8 EngineGoogle has released Chrome 129 with patches for nine vulnerabilities, including a high-severity bug in the V8 engine. The post Chrome 129 Patches High-Severity Vulnerability in V8 Engine appeared first on SecurityWeek .SECURITYWEEK.COM
18 SepSpyCloud Unveils Massive Scale of Identity Exposure Due to Infostealers, Highlighting Need for Advanced Cybersecurity MeasuresResearch indicates that an infostealer malware infection is often a precursor to a ransomware attack SpyCloud , the leader in Cybercrime Analytics, today announced new cybersecurity research highlighting the growing and alarming threat of infostealers – a type of malware designed…CSOONLINE.COM
18 SepExploiting Windows MiniFilter to Bypass EDR ProtectionWindows Minifilter drivers are a type of file system filter driver that operates within the Windows operating system to manage and modify I/O operations without direct access to the file system.  They utilize the Filter Manager, which simplifies their development by providin…GBHACKERS.COM
18 SepHow cybersecurity red teams can boost backup protectionsCybersecurity red teams are known for taking a more adversarial approach to security by pretending to be an enemy that’s attacking an organization’s IT systems. Let’s look at the tactics, strategies, and importance of red teams and the role they can play in enhancing the security…NETWORKWORLD.COM
18 SepChinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and MilitaryA Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration (NASA), research universities, and priv…THEHACKERNEWS.COM
18 SepApple Releases Security Updates for Multiple ProductsApple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and app…CISA.GOV
18 SepRussian security firm Dr.Web disconnects all servers after breachOn Tuesday, Russian anti-malware company Doctor Web (Dr.Web) disclosed a security breach after its systems were targeted in a cyberattack over the weekend. [...]BLEEPINGCOMPUTER.COM
18 SepNews alert: INE Security’s cybersecurity training service earns 2024 SC Excellence AwardCary, NC, Sept.18, 2024, CyberNewsWire — INE Security is proud to announce that it has been named a winner in the prestigious 2024 SC Awards, named Best IT Security-Related Training Program . This designation underscores INE Security’s commitment to excellence … (more…LASTWATCHDOG.COM
18 SepNews alert: SpyCloud study reveals ‘infostealer’ malware can be a precursor to a ransomware attackAustin, TX, Sept. 18, 2024, CyberNewsWire — SpyCloud , the leader in Cybercrime Analytics, today announced new cybersecurity research highlighting the growing and alarming threat of infostealers – a type of malware designed to exfiltrate digital identity data, login credent…LASTWATCHDOG.COM
18 SepGitLab releases fix for critical SAML authentication bypass flawGitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE). [...]BLEEPINGCOMPUTER.COM
18 SepAustralian Police Arrest Alleged Head of Ghost Encrypted AppInternational Law Enforcement Dismantles End-to-End Encrypted Messaging Service An international law enforcement operation dismantled the Ghost encrypted messaging service in a takedown that resulted in the arrest of 51 suspects across three continents including alleged members o…DATABREACHTODAY.CO.UK
18 SepEuropol takes down "Ghost" encrypted messaging platform used for crimeEuropol and law enforcement from nine countries successfully dismantled an encrypted communications platform called "Ghost," which was used by organized crime such as drug trafficking and money laundering. [...]BLEEPINGCOMPUTER.COM
18 SepDiscord rolls out end-to-end encryption for audio, video callsDiscord has introduced the DAVE protocol, a custom end-to-end encryption (E2EE) protocol designed to protect audio and video calls on the platform from unauthorized interceptions. [...]BLEEPINGCOMPUTER.COM
📋 SECURITY BULLETINS 1[−]
18 SepMicrosoft may have revealed Windows 11 24H2 is coming this monthMicrosoft may have accidentally confirmed that Windows 11 24H2 (Windows 11 2024 Update) is arriving on September 24 as part of the optional preview update, with it rolling out to more people as part of the mandatory October Patch Tuesday updates. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 15[−]
18 SepValid Accounts Remain Top Access Point for Critical Infrastructure Attacks, Officials SayValid account abuse remains a top entry point for critical infrastructure attacks, with the CISA reporting that 2 in 5 successful intrusions last year were attributed to this method.CYBERSECURITYDIVE.COM
18 SepConstruction Companies Potentially Vulnerable Through Accounting SoftwareCybersecurity firm Huntress reported that attackers search for publicly accessible installations of Foundation software on the internet and then attempt to gain administrative access by trying combinations of default usernames and passwords.THERECORD.MEDIA
18 SepCISA Urges Software Developers to Weed Out XSS VulnerabilitiesThe CISA and the FBI recommended software developers to implement rigorous validation, sanitization, and input escaping to prevent malicious script injections and data manipulation.BLEEPINGCOMPUTER.COM
18 SepCISA, FBI Urge Organizations to Eliminate XSS VulnerabilitiesCISA and the FBI have released an alert on XSS vulnerabilities, urging organizations to adopt a secure by design approach and eliminate them. The post CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
18 SepCybersecurity risks in healthcare are an ongoing crisisWhile healthcare providers have been implementing technical, administrative and physical safeguards related to patient information, they have not been as diligent in securing their medical devices. These devices are critical to patient care and can leave hospitals at risk for cyb…SECURITYINTELLIGENCE.COM
18 SepHow Ransomware Could Sink the Maritime Industry 🛑Ransomware attacks are hitting industries hard, but what happens when they target the maritime sector? 🚢 Without strict cybersecurity regulations, businesses are left to fend for themselves. Discover how ransomware can make shipping companies economically vulnerable, and why beco…YOUTUBE.COM
18 SepDo boards understand their new role in cybersecurity?Julie Ragland was CIO of vehicle manufacturing company Navistar, and has held IT leadership roles at Adient and Johnson Controls. To Ragland, who also sits on several state agency and non-profit boards, one of the greatest responsibilities for today’s boards is in governing cyber…CIO.COM
18 SepCalifornia Enacts Laws to Combat Election, Media DeepfakesLaws Seek Removal of Deceptive Content, Labeling of Less Malicious Content California enacted regulation to crack down on the misuse of artificial intelligence as Gov. Gavin Newsom on Tuesday signed five bills focused on curbing the impact of deepfakes. The Golden State has been …DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 16[−]
18 SepLondon Transport requires in person password validation for 30,000 employees, Cyber Security Today for Wednesday, September 18, 2024Emerging Cyber Threats: Repellent Scorpius, TfL Cyber Attack, and Online Safety for Children In this episode, we discuss the emergence of the new ransomware group Repellent Scorpius and their use of the Ciccada 3301 ransomware. We cover the London Transport Authority's (TfL) in-p…CYBERSECURITYTODAY.LIBSYN.COM
18 SepThreat Actor Allegedly Selling Bharat Petroleum DatabaseA threat actor has allegedly put up for sale a database belonging to Bharat Petroleum Corporation Limited (BPCL). This alarming news was first reported by DarkWebInformer on X, raising significant cybersecurity concerns for the corporation and its stakeholders. Details of the All…GBHACKERS.COM
18 SepSANS Releases Guide to Address Rise in Attacks on Manufacturing and Industrial Control SystemsIncreased ransomware attacks on industrial control systems (ICS), mixed with general ICS insecurity found across the manufacturing sector, has given rise to a guide specifically addressing this risk.KNOWBE4.COM
18 SepAT&T to Pay $13 Million in Settlement Over 2023 Data BreachAT&T has agreed to pay $13 million in a settlement with the FCC over a 2023 data breach at a third-party vendor’s cloud environment. The post AT&T to Pay $13 Million in Settlement Over 2023 Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
18 SepAT&T Fined $13 Million For Data BreachPACKETSTORMSECURITY.COM
18 SepRansomware Groups Abusing Azure Storage Explorer For Stealing DataRansomware attackers are increasingly exfiltrating data using tools like MEGAsync and Rclone. Shellbags analysis by modePUSH reveals their navigation of directories and file shares to find sensitive data. Despite exfiltrating large amounts of data, attackers prioritize valuable a…GBHACKERS.COM
18 SepU.S. government ‘took control’ of a botnet run by Chinese government hackers, says FBI directorThe FBI, NSA and other U.S. government agencies detailed a Chinese-government operation that used 260,000 of internet-connected devices to launch cyberattacks. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
18 SepSpyCloud Unveils Massive Scale of Identity Exposure Due to Infostealers, Highlighting Need for Advanced Cybersecurity MeasuresResearch indicates that an infostealer malware infection is often a precursor to a ransomware attack SpyCloud, the leader in Cybercrime Analytics, today announced new cybersecurity research highlighting the growing and alarming threat of infostealers – a type of malware designed …GBHACKERS.COM
18 SepUse the STAR Method for Your Cybersecurity Job InterviewTell Interviewers How You Respond to Incidents and Solve Problems The STAR - Situation, Task, Action, Result - method is a widely used framework for answering behavioral interview questions. It allows job candidates to present their experiences in a structured way, making it easi…DATABREACHTODAY.CO.UK
18 SepX hacking spree fuels "$HACKED" crypto token pump-and-dumpAn X account hacking spree has fueled a successful pump-and-dump scheme for the $HACKED Solana token, with people rushing to buy the coin. [...]BLEEPINGCOMPUTER.COM
18 SepMicrosoft: Vanilla Tempest hit healthcare with INC ransomware​Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks. [...]BLEEPINGCOMPUTER.COM
18 SepMicrosoft: Vanilla Tempest hackers hit healthcare with INC ransomware​Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks. [...]BLEEPINGCOMPUTER.COM
18 SepHow Mega Attacks Are Spotlighting Critical 3rd-Party RisksRecent mega data breaches involving third-party vendors - such as the Change Healthcare cyberattack - are intensifying the spotlight on critical security risk management and governance issues for business associates and other suppliers, said regulatory attorney Rachel Rose.DATABREACHTODAY.CO.UK
18 SepSmashing Security podcast #385: TFL security derailed, and is Trump the king of crypto?Transport for London (TfL) suffers a cybersecurity incident and tells its 30,000 staff they will all have to their identities verified... in-person. Who might have been behind the attack and why? Meanwhile, Donald Trump's curious relationship with cryptocurrency is explored. All …GRAHAMCLULEY.COM
18 SepHow comprehensive security simplifies the defense of your digital estateEnd-to-end security is a modern, comprehensive approach to data protection that aligns data protection and incident response across devices, systems, and users. Read the blog post to explore why it’s an attractive option for organizations committed to strengthening their cybersec…MICROSOFT.COM
18 SepUnderstanding cyber-incident disclosureProper disclosure of a cyber-incident can help shield your business from further financial and reputational damage, and cyber-insurers can step in to helpWELIVESECURITY.COM
🕵️ THREAT INTELLIGENCE 25[−]
18 SepISC Stormcast For Wednesday, September 18th, 2024 https://isc.sans.edu/podcastdetail/9142, (Wed, Sep 18th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
18 SepChrome 129 Released with Fix for Multiple Security VulnerabilitiesThe Chrome team has officially announced the release of Chrome 129, which is now available on the stable channel for Windows, Mac, and Linux. This update, which will be gradually rolled out over the coming days and weeks, addresses several security vulnerabilities and introduces …GBHACKERS.COM
18 SepUkraine, Gaza Wars Inspire DDoS Surge Against Finservssubmitted by BrikoX to cybersecurity 0 points | 0 comments https://www.darkreading.com/threat-intelligence/ukraine-gaza-wars-ddos-surge-finservs Hacktivists love to target financial services companies, and their attacks are growing both larger and longer.DARKREADING.COM
18 SepPython Infostealer Patching Windows Exodus App, (Wed, Sep 18th)A few months ago, I wrote a diary[ 1 ] about a Python script that replaced the Exodus[ 2 ] Wallet app with a rogue one on macOS. Infostealers are everywhere these days. They target mainly browsers (cookies, credentials) and classic applications that may handle…ISC.SANS.EDU
18 SepNorth Korean Hackers Target Energy and Aerospace Industries with New MISTPEN MalwareA North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity cluster is being tracked by Googl…THEHACKERNEWS.COM
18 SepDiscord Announces End-to-End Encryption for Audio & Video ChatsDiscord has introduced end-to-end encryption (E2EE) for audio and video chats. Known as the DAVE protocol, this new feature aims to provide users with a more secure communication experience without compromising the platform’s renowned quality and performance. A Commitment t…GBHACKERS.COM
18 SepNorth Korean Hackers Target Energy and Aerospace Industries with New MISTPEN MalwareMISTPEN is a trojanized version of a legitimate Notepad++ plugin that allows the threat actor to download and execute files from a command-and-control server. The threat group constantly enhances its malware, making it harder to detect and analyze.THEHACKERNEWS.COM
18 SepNorth Korean Hackers Target Software Developers With Phony Coding TestsResearchers at ReversingLabs warn that North Korea’s Lazarus Group is targeting software developers with phony job interviews.KNOWBE4.COM
18 SepUNC2970 Hackers Attacking Job Seekers Using Weaponized PDF ReaderUNC2970, a North Korean cyber espionage group, used customized SumatraPDF trojans to deliver MISTPEN backdoors to victims through phishing emails pretending to be job recruiters.  The group targeted the energy and aerospace industries, copying job descriptions and engaging w…GBHACKERS.COM
18 SepINE Security Wins 2024 SC Excellence AwardINE Security is proud to announce that it has been named a winner in the prestigious 2024 SC Awards, named Best IT Security-Related Training Program. This designation underscores INE Security’s commitment to excellence and leadership in the cybersecurity industry. The SC Awards, …GBHACKERS.COM
18 SepAustralian Police Infiltrate Encrypted Messaging App Ghost and Arrest DozensAustralian police have infiltrated encrypted messaging app Ghost, which has been used for illegal activities, and arrested dozens of people. The post Australian Police Infiltrate Encrypted Messaging App Ghost and Arrest Dozens appeared first on SecurityWeek .SECURITYWEEK.COM
18 SepA Must See for KnowBe4 Customers and Partners: Geoff White to Keynote KB4-CON EMEA 2024As a valued KnowBe4 customer and partner, we're thrilled to bring you exciting news about our upcoming KB4-CON EMEA 2024 in London.KNOWBE4.COM
18 SepNews alert: Evergy selects OneLayer to manage, secure its private cellular OT assetsBoston, Mass., Sept. 18, 2024] — One Layer , the leader in managing and securing enterprise private 5G/LTE Operational Technology (OT) networks, announced today the selection of its OneLayer Bridge private LTE network device management and zero trust security platform ̷…LASTWATCHDOG.COM
18 SepThreat Actors Target Accounting Software Used by Construction ContractorsMalicious hackers are caught brute-forcing Foundation Accounting Software at scale, compromising organizations in the construction industry. The post Threat Actors Target Accounting Software Used by Construction Contractors appeared first on SecurityWeek .SECURITYWEEK.COM
18 SepNorth Korean Hackers Lure Critical Infrastructure Employees With Fake JobsA North Korean group tracked as UNC2970 has been spotted trying to deliver new malware to people in the aerospace and energy industries. The post North Korean Hackers Lure Critical Infrastructure Employees With Fake Jobs appeared first on SecurityWeek .SECURITYWEEK.COM
18 Sep4 Top Security Automation Use Cases: A Detailed GuideLearn about the top 4 security automation use cases that can streamline your cybersecurity efforts. This guide covers reducing enriching indicators of compromise (IoCs), monitoring external attack surface(s), scanning for web application vulnerabilities and monitoring for leaked …BLEEPINGCOMPUTER.COM
18 SepChinese botnet infects 260,000 SOHO routers, IP cameras with malwareThe FBI and cybersecurity researchers have disrupted a massive Chinese botnet called "Raptor Train" that infected over 260,000 networking devices to target critical infrastructure in the US and in other countries. [...]BLEEPINGCOMPUTER.COM
18 SepNew "Raptor Train" IoT Botnet Compromises Over 200,000 Devices WorldwideCybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett). The sophisticated botn…THEHACKERNEWS.COM
18 SepChinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan MilitaryBlack Lotus Labs estimates that more than 200,000 routers, network-attached storage servers, and IP cameras have been ensnared in the botnet. The post Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military appeared first on SecurityWeek .SECURITYWEEK.COM
18 SepThe Inside Man Biggest Fan Contest is Heating UpWe are halfway through our annual The Inside Man Biggest Fan Contest, and we already have some amazing entries! Encourage your users to get their entries posted to social media by the end of the month using the hashtag: #TheInsideManBiggestFanContestKNOWBE4.COM
18 SepU.S. Government Indicts Chinese National For Alleged Spear Phishing AttacksThe U.S. Justice Department has indicted a Chinese national, Song Wu, for allegedly sending spear phishing emails to employees at various U.S. military and government entities, research institutions and private companies.KNOWBE4.COM
18 SepIntezer's $33M Series C Funding to Fuel AI, Customer SupportNorwest Money Fuels Integration of Cloud Defense Tools, Autonomous Alert Management Norwest Venture Partners led a $33 million Series C round to accelerate Intezer's product development, strengthen AI models and broaden security alert coverage. The funding will enable the New Yor…DATABREACHTODAY.CO.UK
18 SepBeware the Great AI Bubble PoppingCrashing Markets, Slower Innovation, But More Sustainable AI Development If the bubble isn't popping already, it'll pop soon, say many investors and close observers of the AI industry. If past bubbles are a benchmark, the burst will filter out companies with no solid business mod…DATABREACHTODAY.CO.UK
18 SepSwiss Post to Strengthen Cybersecurity With Open Systems BuyAcquisition Set to Boost SASE Protection, Network Connectivity for Swiss Businesses Swiss Post has signed an agreement to acquire Open Systems, a cybersecurity leader specializing in secure access service edge. The deal, expected to close by late 2024, will expand Swiss Post's of…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 3[−]
18 SepUS Indicts Chinese National for Phishing for NASA TechProsecutors allege that Chinese national Wu Song targeted US academics and engineers to obtain applications used in aerospace engineering and fluid dynamics, which could be used for developing missiles and weapons.BANKINFOSECURITY.COM
📡 INFOSEC NEWS 13[−]
18 SepGSMA Plans End-to-End Encryption for Cross-Platform RCS MessagingThe GSM Association, the governing body that oversees the development of the Rich Communications Services (RCS) protocol, on Tuesday, said it's working towards implementing end-to-end encryption (E2EE) to secure messages sent between the Android and iOS ecosystems. "The next majo…THEHACKERNEWS.COM
18 SepAdvanced Phishing Attacks Put X Accounts at RiskAdvanced phishing attacks are putting X accounts, formerly known as Twitter, at risk. Even with two-factor authentication in place, researchers at eSentire have found that account takeovers are still possible.INFOSECURITY-MAGAZINE.COM
18 SepChrome Introduces One-Time Permissions and Enhanced Safety Check for Safer BrowsingGoogle has announced that it's rolling out a new set of features to its Chrome browser that gives users more control over their data when surfing the internet and protects against online threats. "With the newest version of Chrome, you can take advantage of our upgraded Safety Ch…THEHACKERNEWS.COM
18 SepSambaSpy, a new RAT | Kaspersky official blogKaspersky experts have discovered a new RAT, SambaSpy.KASPERSKY.COM
18 SepWhy Pay A Pentester?The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the grandmaster Garry Kasparov in 1997, only to be stunned when the machine claimed victory. Fast forward to today, would we have imagined…THEHACKERNEWS.COM
18 SepScam ‘Funeral Streaming’ Groups Thrive on FacebookScammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers ha…KREBSONSECURITY.COM
18 SepBehind the Scenes of a Race Team: The Highs and Lows!Ever wondered what it’s like to be part of a race team? 🏎️ It’s not just about the excitement on the track—behind the scenes, every win and loss hits hard. From celebrating podium finishes to dealing with tough race weekends, get an insider’s view of the emotional rollercoaster t…YOUTUBE.COM
18 SepApple pulls iPadOS 18 update bricking M4 iPad Pro devicesApple has paused the rollout of iPadOS 18 on iPad Pro tablets with the M4 chip after numerous owners reported the update is "bricking" their devices, with no way to turn them on after performing the update. [...]BLEEPINGCOMPUTER.COM
18 SepOver 1,000 Companies EXPOSED! Sensitive Data Leaked 😱More than 1,000 ServiceNow enterprise instances were found exposing sensitive knowledge base articles publicly due to simple configuration errors. These weren’t just any articles – they contained critical corporate information that should’ve been kept internal. It's a shocking re…YOUTUBE.COM