🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
25 Sep KEVCISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation ConcernsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question …THEHACKERNEWS.COM
25 Sep KEVThird Recent Ivanti Vulnerability Exploited in the WildCVE-2024-7593 is the third Ivanti product vulnerability patched in recent months that has been exploited in the wild. The post Third Recent Ivanti Vulnerability Exploited in the Wild appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepCitrix Releases Security Updates for XenServer and Citrix HypervisorCitrix released security updates to address multiple vulnerabilities in XenServer and Citrix Hypervisor. A cyber threat actor could exploit some of these vulnerabilities to cause a denial of service condition. CISA encourages users and administrators to review the following…CISA.GOV
⚠️ VULNERABILITY DISCLOSURE 25[−]
25 SepCrowdStrike defends access to Windows kernel at US Congressional hearing into July worldwide update failureA CrowdStrike executive told a US Congressional hearing on Tuesday that the company’s endpoint detection and response sensor has to continue accessing the Windows kernel, despite criticism by some cybersecurity experts that the kernel access contributed to the crash of millions o…CSOONLINE.COM
25 SepEvilginx - an open source program to bypass MFA: Cyber Security Today for Wednesday, September 25, 2024Evilginx: MFA Bypass Tool, Kaspersky's Exit & FTC's Data Surveillance Report - Cyber Security Today In this episode of Cyber Security Today, host Jim Love discusses a new cyber security tool called Evilginx that bypasses multi factor authentication (MFA), Kaspersky's unexpected s…CYBERSECURITYTODAY.LIBSYN.COM
25 SepWhen technical debt strikes the security stackMost veteran CISOs implicitly understand the concept of technical debt and how it increases the risk across IT assets and applications. The idea is simple in theory, if difficult in practice to address. Technical debt is the accumulation of all of those technical improvements sla…CSOONLINE.COM
25 SepChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory FunctionA now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool's memory. The technique, dubbed SpAIware, could be abused to facilitate "continuous da…THEHACKERNEWS.COM
25 SepCrowdStrike outage redefines EDR market emphasisJuly’s infamous CrowdStrike outage has shaken up the endpoint detection and response (EDR) marketplace by placing a much greater emphasis on stability and reliability. But industry analysts and other experts predict few organizations will ultimately migrate away from CrowdStrike’…CSOONLINE.COM
25 SepMultiple 0-Day Flaws in Automated Tank Gauge Systems Threaten Critical InfrastructureCybersecurity researchers from BitSight TRACE have uncovered multiple 0-day vulnerabilities in Automated Tank Gauge (ATG) systems, which are integral to managing fuel storage tanks across various critical infrastructures. These vulnerabilities in six ATG systems from five vendors…GBHACKERS.COM
25 SepIndia-Linked Hackers Targeting Pakistani Government, Law EnforcementThe India-linked threat actor SloppyLemming has been targeting government, law enforcement, and other entities in Pakistan. The post India-Linked Hackers Targeting Pakistani Government, Law Enforcement appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepCybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation ToolCybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after it discovered the program on several customers' systems. "It has a standard set of features commonly fou…THEHACKERNEWS.COM
25 SepThe "Llama" is freed: Winamp goes open source after 27 yearsThe iconic Winamp media player has fulfilled a promise made in May to go open-source and has now published its complete source code on GitHub. [...]BLEEPINGCOMPUTER.COM
25 SepDefectDojo Raises $7 Million for Application Security PlatformApplication security and vulnerability management platform DefectDojo has raised $7 million in Series A funding. The post DefectDojo Raises $7 Million for Application Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepThousands of internet-exposed fuel gauges could be hacked and dangerously exploitedThousands of automatic tank gauge (ATG) systems used in gas stations, power plants, airports, military bases, and other critical infrastructure facilities are exposed to the internet and using insecure legacy protocols and vulnerable management interfaces, according to researcher…CSOONLINE.COM
25 SepWinamp releases source code, asks for help modernizing the playerThe iconic Winamp media player has fulfilled a promise made in May to go open-source and has now published its complete source code on GitHub. [...]BLEEPINGCOMPUTER.COM
25 SepThreat Actors Continue to Exploit OT/ICS through Unsophisticated MeansCISA continues to respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector . Exposed and vulnerable OT/ICS systems may allow cyber threat …CISA.GOV
25 SepCISA: Hackers target industrial systems using “unsophisticated methods”CISA warned today of threat actors trying to breach critical infrastructure networks by targeting Internet-exposed industrial devices using "unsophisticated" methods like brute force attacks and default credentials. [...]BLEEPINGCOMPUTER.COM
25 SepGoogle's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52%Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years. The tech giant said focusing …THEHACKERNEWS.COM
25 SepUS FTC Targets AI Firms in Crackdown on Deceptive PracticesFederal Trade Commission Takes Aim at Deceptive Use of Artificial Intelligence The U.S. Federal Trade Commission announced a series of law enforcement actions Wednesday targeting companies the commission said is using misleading or deceptive artificial intelligence practices to d…DATABREACHTODAY.CO.UK
25 SepCISA Warns of Hurricane-Related ScamsAs Hurricane Helene approaches, CISA urges users to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails wi…CISA.GOV
25 SepElection-Themed Phishing Threats Are on the RiseResearchers at ReliaQuest have published a report looking at cyber threats surrounding the upcoming US presidential election, warning that election-related phishing will continue to increase over the next month.KNOWBE4.COM
25 SepThe critical importance of choosing the right data center firewallData centers are the backbone of modern IT architecture. However, as organizations increasingly rely on cloud computing, remote workers, and hybrid environments, traditional security solutions struggle to keep up. At the same time, the need for robust data center security has nev…CSOONLINE.COM
25 SepGoogle sees 68% drop in Android memory safety flaws over 5 yearsThe percentage of Android vulnerabilities caused by memory safety issues has dropped from 76% in 2019 to only 24% in 2024, representing a massive decrease of over 68% in five years. [...]BLEEPINGCOMPUTER.COM
25 SepCMS Now Says 3.1 Million Affected by MOVEit HackNew Estimate Is 3 Times Higher Than Number Agency Initially Publicly Disclosed The U.S. Centers for Medicare and Medicaid Services has updated the scope of the MOVEit hacking breach last year, telling a sister agency that the software supply chain attack affected more than 3.1 mi…DATABREACHTODAY.CO.UK
25 SepAccenture forges own path to improve attack surface managementAccenture’s award-winning attack surface management program strengthens the company’s resiliency and security posture. As a global consulting and technology company, Accenture understands how quickly an attack surface can grow and become vulnerable to cyber threats. Accenture’s o…CSOONLINE.COM
25 SepManaging Security at the Network LayerHow to Safeguard Critical Infrastructure Neglecting network security can lead to serious consequences for organizations. Here are the essential practices for managing network security, along with real-world examples that reinforce the importance of comprehensive protection. The t…DATABREACHTODAY.CO.UK
25 SepEliminating Memory Safety Vulnerabilities at the SourcePosted by Jeff Vander Stoep - Android team, and Alex Rebert - Security Foundations Memory safety vulnerabilities remain a pervasive threat to software security. At Google, we believe the path to eliminating this class of vulnerabilities at scale and building high-assurance softwa…SECURITY.GOOGLEBLOG.COM
📋 SECURITY BULLETINS 1[−]
📢 SECURITY ADVISORIES 5[−]
25 SepUS CISA Releases Toolkit for Anonymous School ThreatsNew Guidance Aims to Improve School Responses to ‘Scourge’ of Anonymous Threats The Cybersecurity and Infrastructure Security Agency unveiled a new toolkit Wednesday aimed at improving school responses to anonymous threats of violence, as the agency kicked off a two-day summit fo…DATABREACHTODAY.CO.UK
25 SepASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory CompromisesToday, the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and other U.S. and international partners released the joint guide Detecting and Mitigating Active Directory Compromises . This guid…CISA.GOV
🔥 INCIDENT REPORTING 6[−]
25 SepKansas County Ransomware Attack Exposed Nearly 30,000 Residents’ Sensitive DataFranklin County, Kansas, has fallen victim to a ransomware attack that compromised the sensitive data of nearly 30,000 residents. The breach occurred on May 19, 2024, and was not discovered until August 29, 2024. According to a report submitted by Matthew Meade, an attorney with …GBHACKERS.COM
25 SepMoneyGram Confirms Cyberattack Following OutageMoneyGram, a leading global money transfer service, has confirmed that it was the victim of a cyberattack, following a significant network outage that disrupted customer services worldwide. The company initially reported an issue with connectivity across several of its systems, w…GBHACKERS.COM
25 SepTransportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport MalwareTransportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging t…THEHACKERNEWS.COM
25 SepMoneyGram confirms a cyberattack is behind dayslong outagesubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/moneygram-confirms-a-cyberattack-is-behind-dayslong-outage/SH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 30[−]
25 SepISC Stormcast For Wednesday, September 25th, 2024 https://isc.sans.edu/podcastdetail/9152, (Wed, Sep 25th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
25 SepIran Was Behind Thousands of Text Messages Calling for Revenge Over Quran Burnings, Sweden SaysSweden is accusing Iran of hacking SMS service and sending out thousands of text messages calling for revenge over Quran burnings. The post Iran Was Behind Thousands of Text Messages Calling for Revenge Over Quran Burnings, Sweden Says appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepInfostealer malware bypasses Chrome’s new cookie-theft defensessubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/infostealer-malware-bypasses-chromes-new-cookie-theft-defenses/SH.ITJUST.WORKS
25 SepNew Android banking trojan Octo2 targets European bankssubmitted by kid to cybersecurity 1 points | 0 comments https://securityaffairs.com/168857/malware/octo2-android-banking-trojan.htmlSH.ITJUST.WORKS
25 SepNew Windows Malware Locks Computer in Kiosk ModeClever : A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. Specifically, the malware “locks” the user’s bro…SCHNEIER.COM
25 SepSecond Pwn2Own Automotive Contest Offers Over $1 Million in PrizesZDI offers over $1 million in cash and prizes at the next Pwn2Own Automotive hacking contest, set for January 2025 in Tokyo. The post Second Pwn2Own Automotive Contest Offers Over $1 Million in Prizes appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepWebinar Today: Shield Your Data, Secure Your Future: A Multi-Layered Approach to Operational ResilienceJoin the webinar to gain insights and learn actionable steps to enhance your organization's data security and resilience. The post Webinar Today: Shield Your Data, Secure Your Future: A Multi-Layered Approach to Operational Resilience appeared first on SecurityWeek .SECURITYWEEK.COM
25 Sep[Cybersecurity Awareness Month] From ‘The Inside Man’ to Real Life: AI's Role in Modern Cyber ThreatsAI and AI-generated deepfakes are proving to be the most intriguing, and in some ways troubling, recent advances in technology. KNOWBE4.COM
25 SepResearcher Says Healthcare Facility’s Doors Hackable for Over a YearA researcher analyzing building access control vulnerabilities says a US healthcare facility has yet to patch security holes one year after being notified. The post Researcher Says Healthcare Facility’s Doors Hackable for Over a Year appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepAre new gen AI tools putting your business at additional risk?If you’re wondering whether new generative artificial intelligence (gen AI) tools are putting your business at risk, the answer is: Probably. Even more so with the increased use of AI tools in the workplace. A recent Deloitte study found more than 60% of knowledge workers u…SECURITYINTELLIGENCE.COM
25 SepWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
25 Sep[WTH?] Critical Vulnerabilities in Automated Tank Gauges. This Is Not OK.A new wave of concern has surfaced around the security of Automated Tank Gauges (ATGs), critical systems that monitor and manage liquid levels in storage tanks at facilities like oil refineries and chemical plants.KNOWBE4.COM
25 SepTamnoon Raises $12 Million for Cloud Security Remediation ServiceTamnoon has raised $12 million in Series A funding for its Managed Cloud Security Remediation service. The post Tamnoon Raises $12 Million for Cloud Security Remediation Service appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepAI Security Firm Shows How Threat Actors Could Abuse Google Gemini for WorkspaceHiddenLayer has discovered that Google Gemini for Workspace is prone to indirect prompt injection attacks. The post AI Security Firm Shows How Threat Actors Could Abuse Google Gemini for Workspace appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepHacker Conversations: Joe Grand – Mischiefmaker, Troublemaker, TeacherJoe Grand is the epitome of a hacker. Childhood curiosity followed by mischief-making tipping over into illegal behavior before developing into a responsible good faith hacker. The post Hacker Conversations: Joe Grand – Mischiefmaker, Troublemaker, Teacher appeared first on Secur…SECURITYWEEK.COM
25 SepA Leader in the 2024 Gartner Magic Quadrant for EPPPalo Alto Networks was named a leader in endpoint protection platforms by Gartner for Cortex XDR. The post A Leader in the 2024 Gartner Magic Quadrant for EPP appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
25 SepChatGPT macOS app Flaw Could've Enabled Long-Term Spyware via Memory Functionsubmitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2024/09/chatgpt-macos-flaw-couldve-enabled-long.htmlSH.ITJUST.WORKS
25 SepCyber Founder Recipe for Success: Clear Vision and Trusted ExpertsA clear, consistent vision, along with reliable experts, are the two essential ingredients for startup founders to achieve success—both in cyber and beyond. The post Cyber Founder Recipe for Success: Clear Vision and Trusted Experts appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepBSidesYXE 2024 - Saskatoonsubmitted by ashar to security_cpe 1 points | 0 comments https://bsidesyxe.ca/wp-content/uploads/2024/03/cropped-logo-small.png BSidesYXE 2024 Saskatoon Agenda BSidesYXE 2024 Saskatoon PlaylistINFOSEC.PUB
25 SepThe AI Revolution: Balancing Innovation and Ethics in the Age of Intelligent TechnologyArtificial intelligence (AI) is revolutionizing most, if not all, industries worldwide. AI systems use complex algorithms and large datasets to analyze information, make predictions and adjust to new scenarios through machine learning – enabling them to improve over time without …KNOWBE4.COM
25 SepOver 100 EU Firms Commit to Implementing Key AI Act ProvisionsMeta, Apple, Mistral, Nvidia Not Among AI Pact's Signatories More than 100 tech companies including OpenAI, Microsoft and Amazon on Wednesday made voluntary commitments to conduct trustworthy and safe development of artificial intelligence in the European Union, with a few notabl…DATABREACHTODAY.CO.UK
25 SepMozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consentsubmitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2024/09/mozilla-faces-privacy-complaint-for.htmlSH.ITJUST.WORKS
25 SepOpenAI Exec Mira Murati Says She’s Leaving Artificial Intelligence CompanyMira Murati, who served a few days as its interim CEO during a period of turmoil last year, said she’s leaving the artificial intelligence company. The post OpenAI Exec Mira Murati Says She’s Leaving Artificial Intelligence Company appeared first on SecurityWeek .SECURITYWEEK.COM
25 SepCommvault to Boost AWS Data Protection With $47M Clumio BuyClumio Adds Advanced Cyber Resilience, AWS Data Recovery to Commvault's Platform Commvault aims to boost its AWS cyber resilience capabilities through the buy of Clumio. With a focus on protecting critical data stored in Amazon S3, this move will boost Commvault’s recovery effort…DATABREACHTODAY.CO.UK
25 SepMicrosoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection PlatformsGartner® names Microsoft a Leader in Endpoint Protection Platforms—a reflection, we believe, of our continued progress in helping organizations protect their endpoints against even the most sophisticated attacks, while driving continued efficiency for security operations center t…MICROSOFT.COM
25 SepActivate your data responsibly in the era of AI with Microsoft PurviewWe are announcing preview for Microsoft Purview Information Protection to restrict content in Microsoft Fabric with sensitivity labels and Microsoft Purview Data Loss Prevention policies for lakehouses, and spotlighting our recent general availability of Microsoft Purview Data Go…MICROSOFT.COM
25 SepLíder en el Magic Quadrant™ de Gartner® de 2024 para plataformas de protección del endpoint (EPP)Palo Alto Networks, líder de nuevo en el Magic Quadrant™ de Gartner® para plataformas de protección del endpoint por Cortex XDR Autor: Gonen Fink, vicepresidente sénior de Productos Cortex Ahora que la ciberseguridad evoluciona tan … The post Líder en el Magic Quadrant™ de …PALOALTONETWORKS.COM
25 SepLíder no Magic Quadrant™ da Gartner® 2024 em EPPPara o Cortex XDR, a Palo Alto Networks é reconhecida como líder mais uma vez no Magic Quadrant™ da Gartner® para Plataformas de Proteção de Endpoint (EPP) Autor: Gonen Fink, SVP, Cortex … The post Líder no Magic Quadrant™ da Gartner® 2024 em EPP appeared first on Palo Alto…PALOALTONETWORKS.COM
25 SepEin Leader im Gartner® Magic Quadrant™ 2024 für EPPPalo Alto Networks wurde für Cortex XDR im Gartner® Magic Quadrant™ für EPP (Endpunktschutzplattformen) als Leader ausgezeichnet Autor: Gonen Fink, SVP of Cortex Products In der sich schnell entwickelnden Cybersicherheitslandschaft, in der hochentwickelte Bedrohungen von … …PALOALTONETWORKS.COM
25 SepLeader dans le Gartner® Magic Quadrant™ 2024 des solutions EPPAvec Cortex XDR, Palo Alto Networks se classe parmi les Leaders du Gartner Magic Quadrant des plateformes de protection des terminaux (EPP) Auteur : Gonen Fink, SVP des produits Cortex Alors que les cybermenaces deviennent de plus en plus … The post Leader dans le Gartner® …PALOALTONETWORKS.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
25 SepDon’t panic and other tips for staying safe from scarewareKeep your cool, arm yourself with the right knowledge, and other tips for staying unshaken by fraudsters’ scare tacticsWELIVESECURITY.COM
📡 INFOSEC NEWS 12[−]
25 SepHow to make offline backups of documents, photos, music, and videos from websites and online services | Kaspersky official blogThe best ways to save your online data so that it doesn’t go AWOLKASPERSKY.COM
25 SepAgentic AI in SOCs: A Solution to SOAR's Unfulfilled PromisesSecurity Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency. However, despite three generations of technology and 10 years of a…THEHACKERNEWS.COM
25 SepExpert Tips on How to Spot a Phishing LinkPhishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links:1. Check Suspicious URLs Phishing URLs are of…THEHACKERNEWS.COM
25 SepMozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User ConsentVienna-based privacy non-profit noyb (short for None Of Your Business) has filed a complaint with the Austrian data protection authority (DPA) against Firefox maker Mozilla for enabling a new feature called Privacy Preserving Attribution (PPA) without explicitly seeking users' co…THEHACKERNEWS.COM
25 SepTimeshare Owner? The Mexican Drug Cartels Want YouThe FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick elderly people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an …KREBSONSECURITY.COM
25 SepDNS Reflection Update and Odd Corrupted DNS Requests, (Wed, Sep 25th)Occasionally, I tend to check in on what reflective DNS denial of service attacks are doing. We usually see steady levels of attacks. Usually, they attempt to use spoofed requests for ANY records to achieve the highest possible amplification. Currently, I am seeing these two reco…ISC.SANS.EDU
25 SepMeta halts routing via Deutsche Telekom over €20M peering feeMeta announced that it's ending its direct peering relationship with Deutsche Telekom following a court's ruling earlier this year that would oblige the tech firm to pay the telecom €20,000,000 to continue using its network. [...]BLEEPINGCOMPUTER.COM
25 SepMozilla accused of tracking users in Firefox without consentEuropean digital rights group NOYB (None Of Your Business) has filed a privacy complaint with the Austrian data protection watchdog (DSB) against Mozilla, alleging the company uses a Firefox privacy feature (enabled without consent) to track users' online behavior. [...]BLEEPINGCOMPUTER.COM
25 SepTo Be a Cybersecurity Pro, Think Like a Puzzle SolverHow Curiosity and Gamification Drive Cybersecurity Excellence Curiosity is one of the most important traits for success in cybersecurity. Professionals in this field regularly face complex problems that require an inquisitive mind, and gamified, hands-on learning is one of the be…DATABREACHTODAY.CO.UK
25 SepLaunch Test TitleLaunch Test Description Lorem ipsum dolor sit amet consectetur adipiscing elit. Quisque faucibus ex sapien vitae pellentesque sem placerat.F5.COM