102Articles
7Categories
2024-09-27Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
27 SepCritical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to AttackersA critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a C…THEHACKERNEWS.COM
27 SepCritical Vulnerabilities Found in NVIDIA Container ToolkitNvidia Container Toolkit has critical vulnerabilities (CVE-2024-0132 and CVE-2024-0133) up to v1.16.1, allowing attackers to access the host file system, execute code, escalate privileges, and disrupt services.SECURITYONLINE.INFO
27 SepVLC Media Player Update Needed: CVE-2024-46461 DiscoveredVLC Media Player users are urged to update their software due to the critical CVE-2024-46461 vulnerability, which could crash the program or lead to code execution by malicious actors.SECURITYONLINE.INFO
27 SepA critical Nvidia Container Toolkit bug can allow a complete host takeoverNvidia has patched a critical vulnerability affecting its container toolkit (formerly known as Nvidia docker). The vulnerability — tracked as CVE-2024-0132 — has been assigned a CVSS score of 9 out of 10 and can allow a rogue user or application to break out of their dedicated co…CSOONLINE.COM
27 SepMicrosoft privilege escalation issue forces the debate: ‘When is something a security hole?’Security vendor Fortra announced on Friday what it is describing as a Microsoft security hole that would allow an attacker who had stolen low-level access credentials to escalate them to high-level access. Privilege escalation is hardly a new issue , but it is a critical tool in …CSOONLINE.COM
27 SepCongress Advances Bill to Add AI to NVDsubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.darkreading.com/application-security/congress-advances-bill-add-ai-nvd The AI Incident Reporting and Security Enhancement Act would allow NIST to create a process for reporting and tracking vulnerabilities fou…SH.ITJUST.WORKS
27 SepProgress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch NowProgress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any det…THEHACKERNEWS.COM
27 SepRemote code execution exploit for CUPS printing service puts Linux desktops at riskA security researcher has developed an exploit that leverages several vulnerabilities in CUPS (common UNIX printing system), the default printing system on most Linux systems. The exploit chain allows attackers to remotely register a rogue printer device on the system and then ex…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 19[−]
27 SepHacking Kia Cars Remotely with a License PlateCybersecurity researchers have uncovered a significant vulnerability in Kia vehicles that allowed hackers to remotely control key functions using nothing more than a car’s license plate. This breach, discovered on June 11, 2024, exposed the potential for unauthorized access…GBHACKERS.COM
27 SepCarrier Global takes collaborative approach to cybersecurityFor enterprises that do business worldwide, cybersecurity can be a complex undertaking, as risks such as phishing attacks by threat actors continuously evolve across the globe to bypass traditional defenses wherever they may reside. Carrier Global, a provider of heating, ventilat…CSOONLINE.COM
27 SepKaspersky, Pango Respond to User Backlash as Transition to UltraAV Nearly CompleteUsers continue to flame Kaspersky and Pango Group as the automatic, forced transition to UltraAV gradually progresses. The post Kaspersky, Pango Respond to User Backlash as Transition to UltraAV Nearly Complete appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepHighly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than ExpectedA researcher has disclosed the details of an unpatched vulnerability that was expected to pose a serious threat to many Linux systems. The post Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepHackers Abusing Third-Party Email Infrastructure to Send Spam MailsHackers are increasingly exploiting third-party email infrastructures to send spam emails. This tactic complicates the detection and prevention of spam and threatens the integrity of legitimate email communications. By leveraging vulnerabilities in various online platforms, cyber…GBHACKERS.COM
27 SepMicrosoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware AttacksThe threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from …THEHACKERNEWS.COM
27 SepAccess control is going mobile — Is this the way forward?Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also dis…SECURITYINTELLIGENCE.COM
27 SepCritical Linux CUPS Printing System Flaws Could Allow Remote Command ExecutionA new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. "A remote unauthenticated attacker can silently replace existing printers' (or ins…THEHACKERNEWS.COM
27 SepCritical Flaw in HashiCorp Vault Enables Unrestricted SSH Access, Threatens System SecurityHashiCorp has released updated versions (1.17.6, 1.16.10, 1.15.15) to fix the flaw, along with a new configuration option to enhance security. Users are advised to upgrade or adjust their configurations to protect against exploitation.SECURITYONLINE.INFO
27 SepMalicious App On Google Play Steals Cryptocurrency From Android UsersCybercriminals have shifted their focus to mobile devices, targeting users with a malicious crypto drainer app disguised as the legitimate WalletConnect protocol, which remained undetected for over five months and was downloaded 10,000 times, exploited the name of the well-known …GBHACKERS.COM
27 SepDelivering Proactive Protection Against Critical Threats to NVIDIA-powered AI SystemsOn Wednesday, NVIDA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, which, if exploited, could put a wide range of AI infrastructure and underlying data/secrets at risk.TRENDMICRO.COM
27 SepMillions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bugsubmitted by BrikoX to cybersecurity 2 points | 0 comments https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/ Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of we…SH.ITJUST.WORKS
27 SepOh the Places You'll Go (in Cybersecurity) - Jason Shockey - ESW #377We've been hearing a lot lately about how the talent gap in cybersecurity is much more complex than some folks have been making it out to be. While making six figures after going through a six week boot camp might be overselling the cybersecurity job market a bit, it is definitel…YOUTUBE.COM
27 SepThat doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devicessubmitted by floofloof to cybersecurity 1 points | 0 comments https://www.theregister.com/2024/09/26/cups_linux_rce_disclosed/SH.ITJUST.WORKS
27 SepAnton’s Security Blog Quarterly Q3 2024Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before , this covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast ( subscribe ). Dall-E via Copilot, prompt “security blog quarterly, steampunk” T…MEDIUM.COM
27 SepPasswords, CUPS, KIA, Gilbert Gottfried, Salt Typhoon, Rob Allen from ThreatLocker... - SWN #417Passwords, CUPS, KIA, Gilbert Gottfried, Salt Typhoon, Rob Allen from ThreatLocker, and More on the Security Weekly News. Segment Resources: https://www.bleepingcomputer.com/news/security/hackers-deploy-ai-written-malware-in-targeted-attacks/ This segment is sponsored by ThreatLo…YOUTUBE.COM
27 SepHealthcare Cyber Bill Calls for 'Corporate Accountability'Senate Bill Would Mean Cyber Funding for Hospitals, Prison Time for Lying CEOs Two U.S. senators are proposing stricter cyber mandates for the healthcare sector. The bill provides funding to help hospitals adopt enhanced requirements, but lifts HIPAA enforcement fine caps and thr…DATABREACHTODAY.CO.UK
27 SepLinux Distros Patching Printer Hijacking FlawExploitation Requires Victim to Print On Rogue Printer Attackers can exploit a series of vulnerabilities in the OpenPrinting Common Unix Printing System utility to remotely execute arbitrary code on certain machines. Major Linux distributions reacted Friday by releasing patches. …DATABREACHTODAY.CO.UK
27 SepMultiple Vulnerabilities in Foxit PDF Reader and Editor Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Foxit PDF Reader and Editor, the most severe of which could result in arbitrary code execution. Foxit PDF Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files. Successful explo…CISECURITY.ORG
📢 SECURITY ADVISORIES 11[−]
27 SepNIST Recommends Some Common-Sense Password RulesNIST’s second draft of its “ SP 800-63-4 “—its digital identify guidelines—finally contains some really good rules about passwords: The following requirements apply to passwords: lVerifiers and CSPs SHALL require passwords to be a minimum of eight ch…SCHNEIER.COM
27 Sep[Deleted]submitted by ptz to cybersecurity 1 points | 0 comments https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules/ [Deleted - Didn’t see it had already been posted]SH.ITJUST.WORKS
27 SepUS Announces Charges, Sanctions Against Russian Administrator of Carding WebsiteUS offers up to $10 million for information on Timur Shakhmametov, charging him with running the carding website Joker’s Stash. The post US Announces Charges, Sanctions Against Russian Administrator of Carding Website appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepCISA Warns of Hackers Targeting Industrial Systems Using “Unsophisticated Methods”The CISA has issued a warning about hackers using basic techniques to target industrial systems, particularly OT and ICS devices in critical infrastructure, water, and wastewater systems.BLEEPINGCOMPUTER.COM
27 SepAvangrid partners with state fusion cell to fight cyber threats via data sharingAvangrid’s award-winning cybersecurity initiative uses real-time data sharing to protect the energy grid. Avangrid, a sustainable energy company based in Orange, CT, supplies gas and electricity to millions of people. However, as a provider of critical infrastructure, Avangrid mu…CSOONLINE.COM
27 SepTech Orgs Urge Targeted AI Regulations to Foster InnovationCoalition of Leading Institutions Push for Policymakers to Develop Focused AI Rules A group of leading organizations across industries and technology giants is calling on lawmakers in the United States to develop focused regulations around artificial intelligence that limit the r…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 14[−]
27 SepPublic Wi-Fi Compromised in UK Train Stationssubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/public-wi-fi-compromised-uk-train-stationsSH.ITJUST.WORKS
27 SepNew HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking UsersRussian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling. The development marks the first time the malware has been deployed using this method, a departur…THEHACKERNEWS.COM
27 SepTransportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport MalwareCompromised email accounts from transportation and shipping companies are used to insert malicious content into email conversations. The attacks, occurring from May to July 2024, primarily delivered Lumma Stealer, StealC, or NetSupport.THEHACKERNEWS.COM
27 SepHow to Plan and Prepare for Penetration TestingAs security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH)…THEHACKERNEWS.COM
27 SepUK data watchdog confirms it’s investigating MoneyGram data breachThe world’s second-largest money transfer provider, which filed a data breach notice with U.K. authorities, serves over 50 million people. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
27 SepCritical WhatsUp Gold Vulnerabilities Demand Immediate ActionThe six vulnerabilities, with high severity scores, could lead to unauthorized access and control over network infrastructure. Progress Software advises all WhatsUp Gold users to upgrade to version 24.0.1 to mitigate these vulnerabilities.SECURITYONLINE.INFO
27 SepIn Other News: Salt Typhoon Hacks US ISPs, China Doxes Hackers, New Tool for AI AttacksNoteworthy stories that might have slipped under the radar: China’s Salt Typhoon has hacked US ISPs, China has doxed Taiwanese hackers, and Bishop Fox has a new tool for AI attacks. The post In Other News: Salt Typhoon Hacks US ISPs, China Doxes Hackers, New Tool for AI Attacks a…SECURITYWEEK.COM
27 SepEmbargo ransomware escalates attacks to cloud environmentsMicrosoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets. [...]BLEEPINGCOMPUTER.COM
27 SepBeyond Phishing: AI's New Tricks for CyberattacksParamount's Surinder Lall on AI Impersonation, Deepfakes, AI Governance Frameworks While AI transforms business operations, it helps cybercriminals develop sophisticated impersonation techniques such as deepfakes and voice synthesis, posing new challenges for corporate security, …DATABREACHTODAY.CO.UK
27 SepU.S. charges Joker's Stash and Rescator money launderersThe U.S. Department of Justice (DoJ) has announced charges against two Russian nationals for operating billion-dollar money laundering services for cybercriminals, including ransomware groups. [...]BLEEPINGCOMPUTER.COM
27 SepThe Data Breach Disclosure ConundrumPresently sponsored by: Lithnet Access Manager. Level up your lateral movement defence with RapidLAPS, the passwordless LAPS experience. The conundrum I refer to in the title of this post is the one faced by a breached organisation: disclose or suppress? And let me be even more s…TROYHUNT.COM
27 SepISMG Editors: Can Microsoft Regain Trust in Its Security?Also: CrowdStrike Grilled by Congress; Coalition Against Spyware Abuse Is Growing In the latest weekly update, ISMG editors discussed Microsoft's major cybersecurity overhaul in the wake of some high-profile breaches, the latest developments from CrowdStrike's global outage heari…DATABREACHTODAY.CO.UK
27 SepIranian Hackers Indicted for Cyberattacks on Trump CampaignFeds: 3 Defendants Acted on Behalf of Iran’s Military to Interfere With US Election The United States indicted three Iranian hackers, alleging they stole sensitive data from government officials and the campaign of President Donald Trump. The hackers reportedly worked with the Ir…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 31[−]
27 SepTails OS merges with Tor Project for better privacy, securitysubmitted by kid to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/software/tails-os-merges-with-tor-project-for-better-privacy-security/SH.ITJUST.WORKS
27 SepNew RomCom malware variant 'SnipBot' spotted in data theft attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/new-romcom-malware-variant-snipbot-spotted-in-data-theft-attacks/SH.ITJUST.WORKS
27 SepISC Stormcast For Friday, September 27th, 2024 https://isc.sans.edu/podcastdetail/9156, (Fri, Sep 27th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
27 SepMillions of Kia Cars Were Vulnerable to Remote Hacking: ResearchersSecurity researchers detail vulnerabilities in Kia owners’ portal that allowed them to control vehicles remotely. The post Millions of Kia Cars Were Vulnerable to Remote Hacking: Researchers appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepSophistication of AI-Backed Operation Targeting Senator Points to Future of Deepfake SchemesExperts believe schemes like this will become more common now that the technical barriers that once existed around generative artificial intelligence have decreased. The post Sophistication of AI-Backed Operation Targeting Senator Points to Future of Deepfake Schemes appeared fir…SECURITYWEEK.COM
27 SepTor Merges With Security-Focused OS TailsThe Tor Project announced that it has merged operations with the security-focused operating system Tails. The post Tor Merges With Security-Focused OS Tails appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepYour KnowBe4 Fresh Content Updates from September 2024Check out the 40 new pieces of training content added in September, alongside the always fresh content update highlights, events and new features.KNOWBE4.COM
27 SepOff-Topic Fridaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
27 SepG2 Names INE 2024 Enterprise and Small Business LeaderINE, a global leader in networking and cybersecurity training and certifications, is proud to announce they have earned 14 awards in G2’s Fall 2024 Report, including “Fastest Implementation” and “Most Implementable,” which highlight INE’s superior performance relative to com…GBHACKERS.COM
27 SepFive Eyes Agencies Release Guidance on Detecting Active Directory IntrusionsFive Eyes cybersecurity agencies have released joint guidance on identifying Active Directory compromises. The post Five Eyes Agencies Release Guidance on Detecting Active Directory Intrusions appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepVisa to Acquire Fraud Protection Firm FeaturespaceIncubated at Cambridge University’s engineering department, Featurespace's algorithmic-based solutions analyze transaction data to detect fraud cases. The post Visa to Acquire Fraud Protection Firm Featurespace appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepMeta Hit With $102 Million Privacy Fine From European Union Over 2019 Password Security LapseMeta fined more than $100 million by a European Union privacy regulator over a security lapse involving Facebook passwords. The post Meta Hit With $102 Million Privacy Fine From European Union Over 2019 Password Security Lapse appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepHackers Attacking AI Agents To Hijacking Customer SessionsConversational AI platforms, powered by chatbots, are witnessing a surge in malicious attacks, which leverage NLP and ML are increasingly being used by businesses to enhance productivity and revenue. While they offer personalized experiences and valuable data insights, they also …GBHACKERS.COM
27 SepHackers Abuse HTML Smuggling Technique To Deliver Sophisticated Phishing PagePhishing attackers employed an HTML smuggling technique to deliver a malicious payload, as the attack chain started with a phishing email mimicking an American Express notification, leading to a series of redirects.  The final redirect pointed to a Cloudflare R2 public bucke…GBHACKERS.COM
27 SepLummaC2 Stealer Leverages Customized Control Flow Indirection For ExecutionThe LummaC2 obfuscator employs a novel control flow protection scheme designed specifically for its stealer component, which is part of a broader set of transformations, making it difficult for analysts to reverse engineer the binary. It introduces obfuscated code that is mixed w…GBHACKERS.COM
27 SepA critical Nvidia Container Toolkit bug can allow a complete host takeoversubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.csoonline.com/article/3541912/a-critical-nvidia-container-toolkit-bug-can-allow-a-complete-host-takeover.html cross-posted from: lemmy.zip/post/23512381 The flaw allows a rogue user to escape their container a…SH.ITJUST.WORKS
27 SepProgress urges admins to patch critical WhatsUp Gold bugs ASAPsubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/progress-urges-admins-to-patch-critical-whatsup-gold-bugs-asap/ Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp…SH.ITJUST.WORKS
27 SepScammers Use QR Code Stickers to Target UK MotoristsNetcraft warns that scammers are posting QR code stickers on parking meters in the UK and other European countries.KNOWBE4.COM
27 SepFrom Tetris to Minecraft: The Evolution of Security Awareness into Human Risk ManagementOnce upon a time, security awareness training resembled a never-ending game of Tetris. Threats cascaded down, demanding swift action and strategy, only to speed up until we inevitably faltered.KNOWBE4.COM
27 SepSIEM: Shakeup in Event Management - What's Happening in the SIEM market today? - Seth ... - ESW #377The SIEM market has undergone some significant changes this summer. This is a great opportunity to talk about the current state of SIEM! In this conversation, we'll discuss: - market changes and terminology: security analytics, data lakes, SIEM - what is SOAR's role in the curren…YOUTUBE.COM
27 SepFlaw in Kia’s web portal let researchers track, hack carssubmitted by return2ozma to cybersecurity 1 points | 0 comments https://arstechnica.com/cars/2024/09/flaw-in-kia-web-portal-let-researchers-track-hack-cars/SH.ITJUST.WORKS
27 SepTorq Secures $70M Series C for HyperSOCThe New York late-stage startup banks $70 million in a new funding round led by Evolution Equity Partners. The post Torq Secures $70M Series C for HyperSOC appeared first on SecurityWeek .SECURITYWEEK.COM
27 SepControversial Windows Recall AI Search Tool Returns With Proof-of-Presence Encryption, Data IsolationMicrosoft reboots controversial Windows Recall with proof-of-presence encryption, anti-tampering checks, and secure enclave data management. The post Controversial Windows Recall AI Search Tool Returns With Proof-of-Presence Encryption, Data Isolation appeared first on SecurityWe…SECURITYWEEK.COM
27 SepU.S. government charges three Iranian hackers with Trump campaign hackThree Iranian hackers working for the Islamic Revolutionary Guard Corps (IRGC) targeted the Trump campaign in an attempted hack-and-leak operation, according to the Department of Justice. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
27 SepQuantum threats, SOC automation, funding trends - ESW #377In the Enterprise News, the hosts discuss various trends and challenges in the cybersecurity landscape, including the evolution of terminology, funding trends, the emergence of new startups, and the impact of AI on security practices. They also explore the challenges faced by CIS…YOUTUBE.COM
27 SepAlleged Russian Cybercrime Money Launderer Indicted in USSergey Ivanov, aka 'Taleon,' Accused of Money Laundering Over Two-Decade Span The United States on Thursday criminally charged an alleged key money laundering figure in the Russian cybercriminal underground on the same day Western authorities shut down virtual currency exchanges …DATABREACHTODAY.CO.UK
27 SepMicrosoft: Windows Recall now can be removed, is more securesubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-recall-now-can-be-removed-is-more-secure/SH.ITJUST.WORKS
27 SepIranian hackers charged for ‘hack-and-leak’ plot to influence electionThe U.S. Department of Justice unsealed an indictment charging three Iranian hackers with a "hack-and-leak" campaign that aimed to influence the 2024 U.S. presidential election. [...]BLEEPINGCOMPUTER.COM
27 SepSquid Fishing in JapanFishermen are catching more squid as other fish are depleted. Blog moderation policy.SCHNEIER.COM
27 SepUK CMA Clears Amazon, Anthropic PartnershipThe U.K. antitrust regulator called off an investigation into the March $4 billion deal between Amazon and artificial intelligence firm Anthropic. "Amazon’s partnership with Anthropic does not qualify for investigation under the merger provisions of the Enterprise Act 2002," the …DATABREACHTODAY.CO.UK
27 SepMeta Fined 91 Million Euros By The Irish DPCFine Is For 2019 Disclosure That Meta Stored User Passwords In Plaintext The Irish data regulator fined social media giant Meta 91 million euros after an investigation found the company insecurely stored passwords of millions of European Facebook and Instagram users. A Meta spoke…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 2[−]
27 SepVulnerabilities in OT systems pose real environmental and safety issues in fuel storage. Cyber Security Today for Friday, September 27, 2024Canadian SMBs Face Rising Fraud Threats & New AI-Powered Gmail Security In this episode of Cyber Security Today, host Jim Love discusses the increasing fraud threats faced by Canadian small and medium-sized businesses, revealing that half have experienced attempted or successful …CYBERSECURITYTODAY.LIBSYN.COM
27 SepCybersecurity Certifications: The Gateway to Career AdvancementIn today's fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher. Whether you're a seasoned cyber professiona…THEHACKERNEWS.COM
📡 INFOSEC NEWS 17[−]
27 SepU.S. Sanctions Two Crypto Exchanges for Facilitating Cybercrime and Money LaunderingThe U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals. The virtual currency exchanges, Cry…THEHACKERNEWS.COM
27 SepCritical CUPS Vulnerabilities Expose Linux and Other Systems to Remote AttacksMultiple critical vulnerabilities in CUPS (Common Unix Printing System) have been uncovered, affecting Linux systems, BSDs, Oracle Solaris, and Google Chrome OS. These flaws can enable attackers to execute arbitrary commands through IPP URLs.SECURITYONLINE.INFO
27 SepWindows 11 KB5043145 update released with 13 changes and fixes​​Microsoft released the September 2024 preview update (KB5043145) for Windows 11 23H2 and 22H2, with 13 improvements and fixes for multiple issues, including Edge and task manager freezes. [...]BLEEPINGCOMPUTER.COM
27 SepCritical Flaws Discovered in Jupiter X Core WordPress Plugin Affecting Over 90,000 SitesSecurity researchers have found critical flaws in the Jupiter X Core WordPress plugin, affecting over 90,000 websites. The vulnerabilities could allow attackers to take control of websites or hijack user accounts, including admin accounts.SECURITYONLINE.INFO
27 SepProgress urges admins to patch critical WhatsUp Gold bugs ASAPProgress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible. [...]BLEEPINGCOMPUTER.COM
27 SepPhishing-as-a-Service Platform Sniper Dz Used to Create 140,000 Phishing Sites in One YearCybersecurity researchers at Palo Alto Networks' Unit 42 have discovered a prolific Phishing-as-a-Service platform called Sniper Dz, responsible for creating over 140,000 phishing websites in just one year.UNIT42.PALOALTONETWORKS.COM
27 SepCritical Vulnerabilities Discovered in Automated Tank Gauge Systems From Multiple VendorsSecurity researchers at Bitsight discovered critical vulnerabilities in Automated Tank Gauge (ATG) systems, including Maglink LX, Maglink LX4, OPW SiteSentinel, Proteus OEL8000, Alisonic Sibylla, and Franklin TS-550.BITSIGHT.COM
27 SepDeepfake Ukrainian diplomat targeted US senator on Zoom callThe chair of the United States Foreign Relations Committee was targeted by a sophisticated deepfake operation which impersonated a top Ukrainian official, in what was an apparent attempt at election interference. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
27 SepMicrosoft: Windows Recall now can be removed, is more secure​Microsoft has announced security and privacy upgrades to its AI-powered Windows Recall feature, which now can be removed and has stronger default protection for user data and tighter access controls. [...]BLEEPINGCOMPUTER.COM
27 SepHow to solve the cybersecurity talent shortage | Kaspersky official blogThe main reasons for the cybercriminal talent shortage, how to address the problem going forward, and what to do about it in the here and now.KASPERSKY.COM
27 SepGamaredon's operations under the microscope – Week in security with Tony AnscombeESET research examines the group's malicious wares as used to spy on targets in Ukraine in the past two yearsWELIVESECURITY.COM