🚨 CISA KEV 1[−]
21 Sep KEVCISA Adds Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and MSSQL Server Bugs to its KEV CatalogThese vulnerabilities can lead to remote code execution and privilege escalation, posing a significant risk to affected systems. For example, the Oracle JDeveloper vulnerability can allow attackers to compromise the software and take over the system.SECURITYAFFAIRS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
21 SepPatch this Critical Safeguard for Privileged Passwords Authentication Bypass FlawResearchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access.HELPNETSECURITY.COM
⚠️ VULNERABILITY DISCLOSURE 2[−]
21 SepA hacker's view of civic infrastructure: Cyber Security Today - Special FeatureA Hacker's Perspective on Vulnerable Civic Infrastructure In this episode, host Jim Love explores the vulnerabilities of civic infrastructure with cybersecurity expert Nick Aleks. They discuss how hackers view and exploit city systems, the dangers of default passwords and outdate…CYBERSECURITYTODAY.LIBSYN.COM
21 SepClever 'GitHub Scanner' Campaign Abusing Repositories to Push MalwareA sophisticated campaign is using GitHub repositories to spread the Lumma Stealer malware, targeting users interested in open-source projects or receiving email notifications from them.BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 3[−]
21 SepMicrosoft Entra ID’s Administrative Units Weaponized to Gain Stealthy PersistenceDatadog Security Labs recently revealed a security risk within Microsoft Entra ID, showing how its administrative units (AUs) can be weaponized by attackers to create persistent backdoor access.SECURITYONLINE.INFO
21 SepInsecure software makers are the real cyber villains – CISAsubmitted by ptz to cybersecurity 3 points | 0 comments https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/ Software suppliers who ship buggy, insecure code are the true baddies in the cyber crime story, Jen Easterly, boss of the US government’s Cybers…SH.ITJUST.WORKS
21 SepCISA Releases Plan to Align Cybersecurity Across Federal Agenciessubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.darkreading.com/cybersecurity-operations/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies The FOCAL plan outlines baselines to synchronize cybersecurity priorities and policies across, as well…SH.ITJUST.WORKS
🔥 INCIDENT REPORTING 3[−]
21 SepGermany Seizes 47 Crypto Exchanges Used by Ransomware GangsThese exchanges allowed users to trade cryptocurrencies anonymously, creating a safe environment for cybercriminals to launder their proceeds without fear of prosecution.BLEEPINGCOMPUTER.COM
21 SepDisney ditching Slack after massive July data breachsubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/disney-ditching-slack-after-massive-july-data-breach/ The Walt Disney Company is reportedly ditching Slack after a July data breach exposed over 1TB of confidential messages …SH.ITJUST.WORKS
21 SepHacktivist Group Twelve Targets Russian Entities with Destructive Cyber AttacksA hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber attacks against Russian targets. "Rather than demand a ransom for decrypting data, Twelve prefers to encrypt victims' data and then destroy their infrast…THEHACKERNEWS.COM
🕵️ THREAT INTELLIGENCE 3[−]
21 SepFriday Squid Blogging: Squid Game Season Two TeaserThe teaser for Squid Game Season Two dropped. Blog moderation policy.SCHNEIER.COM
21 SepHow to manage and document decisionssubmitted by wop to cybersecurity 2 points | 0 comments Big or small, we make decisions every day. Rules, policies, processes, templates, etc. How do you document the process and results of your decision making and track changes? To give you some background, a lot of departments …INFOSEC.PUB
21 SepA chat app using state-of-the-art cryptographysubmitted by Super_gamer46861 to cybersecurity 1 points | 0 comments https://lemmy.world/pictrs/image/01533713-31dc-4cb8-97e6-3b6e17c51a4f.png github.com/umutcamliyurt/NanoChatSH.ITJUST.WORKS
🌐 CYBER THREAT LANDSCAPE 2[−]
21 SepUkraine Bans Telegram Use for Government and Military PersonnelUkraine has restricted the use of the Telegram messaging app by government officials, military personnel, and other defense and critical infrastructure workers, citing national security concerns. The ban was announced by the National Coordination Centre for Cybersecurity (NCCC) i…THEHACKERNEWS.COM
21 SepGlobal infostealer malware operation targets crypto users, gamersA massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named "Marko Polo." [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 1[−]
21 SepLinkedIn Halts AI Data Processing in UK Amid Privacy Concerns Raised by ICOThe U.K. Information Commissioner's Office (ICO) has confirmed that professional social networking platform LinkedIn has suspended processing users' data in the country to train its artificial intelligence (AI) models. "We are pleased that LinkedIn has reflected on the concerns w…THEHACKERNEWS.COM