π COMMON VULNERABILITIES AND EXPOSURES 1[β]
28 SepCritical RCE Vulnerability Found in OpenPLCThe most severe issue is a stack-based buffer overflow vulnerability (CVE-2024-34026) that allows an attacker to execute remote code. Users are advised to update to the latest version of OpenPLC to protect against these security risks.SECURITYAFFAIRS.COM
β οΈ VULNERABILITY DISCLOSURE 4[β]
28 SepCloudflare Warns of India-Linked Hackers Targeting South and East Asian EntitiesSloppyLemming has been active since at least July 2021 and has targeted the government, law enforcement, energy, education, telecommunications, and technology sectors in countries such as Pakistan, Sri Lanka, Bangladesh, China, Nepal, and Indonesia.THEHACKERNEWS.COM
28 SepKia Dealer Portal Flaw Could Let Attackers Hack Millions of CarsThe vulnerabilities could be exploited to remotely control Kia vehicles equipped with remote hardware in under 30 seconds, exposing the sensitive personal information of car owners.BLEEPINGCOMPUTER.COM
28 SepCrypto Scam App Disguised as WalletConnect Steals $70K in Five-Month CampaignCybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masquerβ¦THEHACKERNEWS.COM
28 SepNovel Exploit Chain Enables Windows UAC Bypasssubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/vulnerabilities-threats/exploit-chain-windows-uac-bypassSH.ITJUST.WORKS
π’ SECURITY ADVISORIES 1[β]
28 SepWeekly Update 419Presently sponsored by: Lithnet Access Manager. Level up your lateral movement defence with RapidLAPS, the passwordless LAPS experience. It's not a green screen! It's just a weird a weird hotel room in Pittsburgh, but it did make for a cool backdrop for this week'sβ¦TROYHUNT.COM
π₯ INCIDENT REPORTING 3[β]
28 SepChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory FunctionA security flaw in OpenAI's ChatGPT app for macOS, now patched, could have allowed attackers to implant persistent spyware into the AI tool's memory. This could lead to continuous data exfiltration of user information across chat sessions.THEHACKERNEWS.COM
28 SepChina-linked APT group Salt Typhoon compromised some US ISPsExperts are investigating whether the hackers gained access to Cisco Systems routers, a key component of ISP infrastructures, but Cisco has not found any indication of router involvement.SECURITYAFFAIRS.COM
28 SepCyber Security Today - Week in Review for September 28th, 2024Cyber Security Week in Review: Data Breaches, MFA Bypassing, and Surveillance Insights Join host Jim Love along with an expert panel featuring Terry Cutler, David Shipley, and Laura Payne to discuss this week in cybersecurity. Topics include the latest methods of bypassing MFA, dβ¦CYBERSECURITYTODAY.LIBSYN.COM
π΅οΈ THREAT INTELLIGENCE 1[β]
28 SepAn HTTP flood tool for Androidsubmitted by Super_gamer46861 to cybersecurity 3 points | 0 comments https://lemmy.world/pictrs/image/695f1f8d-fb59-4ded-9a36-e9915096ecb8.png github.com/umutcamliyurt/DoSDroidSH.ITJUST.WORKS
π CYBER THREAT LANDSCAPE 2[β]
28 SepHackers Deploy AI-Written Malware in Targeted AttacksHackers are now using AI-generated malware in targeted attacks. In a recent email campaign in France, researchers found malicious code crafted with the help of generative AI to distribute the AsyncRAT malware.BLEEPINGCOMPUTER.COM
28 SepBBTok Targeting Brazil Using the AppDomain Manager Injection TechniqueThe Brazilian-targeted threat BBTok has a complex infection chain that starts with an email containing an ISO image. The malware compiles C# code directly on the infected machine and uses the AppDomain Manager Injection technique.GDATASOFTWARE.COM
π‘ INFOSEC NEWS 3[β]
28 SepU.S. Charges Three Iranian Nationals for Election Interference and CybercrimesU.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data. The Department of Justice (DoJ) aβ¦THEHACKERNEWS.COM
28 SepHPE Patches Three Critical Security Holes in Aruba PAPIHPE has released patches for three critical security vulnerabilities in Aruba's networking access points, which could allow attackers to run code on the systems by sending specially crafted packets to UDP port 8211.THEREGISTER.COM
28 SepIreland fines Meta β¬91 million for storing passwords in plaintextThe Data Protection Commission (DPC) in Ireland has fined Meta Platforms Ireland Limited (MPIL) β¬91 million ($100 million) for storing in plaintext passwords of hundreds of millions of users. [...]BLEEPINGCOMPUTER.COM