113Articles
10Categories
2024-10-01Date
🚨 CISA KEV 1[−]
1 Oct KEVCISA Adds Four Actively Exploited Vulnerabilities to KEV CatalogThe CISA has alerted to four newly exploited vulnerabilities in its KEV catalog. The vulnerabilities include critical flaws in D-Link and DrayTek Vigor routers, Motion Spell GPAC, and SAP Commerce Cloud.SECURITYONLINE.INFO
🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
1 Oct KEVCISA Warns of Four Vulnerabilities that Exploited Actively in the WildThe Cybersecurity and Infrastructure Security Agency (CISA) has warned about four critical vulnerabilities currently being exploited in the wild. These vulnerabilities affect various products, from routers to software platforms, posing significant risks to users worldwide. The vu…GBHACKERS.COM
1 OctMultiple Vulnerabilities Discovered in PHP, Prompting Urgent Security UpdatesKey vulnerabilities include log manipulation in PHP-FPM (CVE-2024-9026), bypassing redirect configurations (CVE-2024-8927), CGI parameter injection vulnerability (CVE-2024-8926), and erroneous parsing of multipart form data (CVE-2024-8925).SECURITYONLINE.INFO
1 OctCritical XSS Flaw Discovered in Filament Necessitates Urgent Update for Laravel DevelopersA critical XSS flaw (CVE-2024-47186) has been found in Filament, a popular Laravel development tool. The vulnerability affects versions 3.0.0 to 3.2.114, putting applications at risk that render unvalidated ColorColumn or ColorEntry values.SECURITYONLINE.INFO
1 OctPoC Exploit Shows Local Privilege Escalation Risk in LinuxResearchers disclosed a critical privilege escalation vulnerability, CVE-2024-26808, in the Linux kernel affecting versions from v5.9 to v6.6. The flaw is in the Netfilter component, allowing root access by manipulating memory allocation.SECURITYONLINE.INFO
1 OctCritical GiveWP Flaw Puts 100k WordPress Sites at RiskThe flaw allows attackers to execute code remotely by injecting a malicious PHP object due to improper handling of input during deserialization. This flaw is similar to CVE-2024-5932 but bypasses certain checks, making it even more dangerous.SECURITYONLINE.INFO
1 OctResearcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI FirmwareA critical vulnerability, CVE-2024-36435, has been found in several Supermicro enterprise products, allowing unauthenticated attackers to exploit a buffer overflow in the Baseboard Management Controller (BMC) firmware, leading to RCE.SECURITYONLINE.INFO
1 OctKartLANPwn Flaw Exploits Mario Kart 8 Deluxe LAN Play Feature for RCEThe KartLANPwn vulnerability (CVE-2024-45200) targets Mario Kart 8 Deluxe's LAN Play feature, potentially allowing hackers to execute remote code on players' game consoles.SECURITYONLINE.INFO
⚠️ VULNERABILITY DISCLOSURE 32[−]
1 OctOne year until Windows 10 ends: Here’s the security impact of not upgradingIn about one year, Windows 10 machines will reach the end of their lifespan, at least as far as Microsoft is concerned. That’s a pretty big deal considering the older operating system far eclipses its Windows peers in terms of market share, with around two-thirds of the machines …CSOONLINE.COM
1 Oct150: mobman 2In Episode 20 of Darknet Diaries, we heard from Greg aka “mobman” who said he created the sub7 malware. Something didn’t sit right with a lot of people about that episode. It’s time to revisit that episode and get to the bottom of things. Sponsors This show is sponsored by Shopif…DARKNETDIARIES.COM
1 Oct9 types of phishing attacks and how to identify themEvery data breach and online attack seems to involve some kind of phishing attempt to steal password credentials, launch fraudulent transactions, or trick someone into downloading malware. Indeed, Verizon’s 2024 Data Breach Investigations Report finds phishing to remain among the…CSOONLINE.COM
1 OctDragonForce Ransomware Expands RaaS, Targets Firms WorldwideThe DragonForce group utilizes dual ransomware variants, including one based on LockBit 3.0 and another on ContiV3, to target industries like manufacturing, real estate, and transportation.HACKREAD.COM
1 OctOld Vulnerability Rated 9.9 Impacts All GNU/Linux Systems, Researcher ClaimsResearcher Simone Margaritelli has uncovered a critical vulnerability that has been present in GNU/Linux systems for over a decade, scoring a 9.9 out of 10 for severity. This flaw allows attackers to gain complete control of vulnerable devices.HACKREAD.COM
1 OctCritical SolarWinds Flaw Exposes 827 Instances, PoC Exploit UnveiledSecurity researcher Zach Hanley from Horizon3. ai discovered hardcoded credentials in the software, allowing unauthenticated access to sensitive IT support data, like password resets and shared service account credentials.SECURITYONLINE.INFO
1 OctUMC Health System Diverts Patients Following Ransomware AttackUMC Health System has been forced to divert patients after a ransomware attack resulted in a network outage. The post UMC Health System Diverts Patients Following Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
1 OctRackspace internal monitoring web servers hit by zero-daysubmitted by irreticent to cybersecurity 1 points | 0 comments https://go.theregister.com/feed/www.theregister.com/2024/09/30/rackspace_zero_day_attack/ cross-posted from: infosec.pub/post/18289000 Intruders accessed machines via tool bundled with ScienceLogic, ‘limited’ info tak…SH.ITJUST.WORKS
1 OctHacking ChatGPT by Planting False Memories into Its DataThis vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant “false memories” into that…SCHNEIER.COM
1 OctDragos Boosts OT Defense with Network Perception AcquisitionNetwork Configuration Startup Adds Visualization Expertise to Dragos’ OT Platform Dragos' acquisition of Network Perception will enrich its real-time network monitoring with robust visualization and configuration analysis tools. This transaction aims to bolster the security of op…DATABREACHTODAY.CO.UK
1 OctCISA Warns of Four Vulnerabilities that Exploited Actively in the Wildsubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/cisa-warns-of-four-vulnerabilities/ The vulnerabilities have been identified in D-Link, DrayTek, Motion Spell, and SAP products.SH.ITJUST.WORKS
1 OctWill AI Middle Managers Be the Next Big Disruption?Autonomous AI Is Transforming the Workforce. Here's What Managers Can Expect With its advanced - and evolving - capabilities, AI is integrated into most business processes and tasks, becoming nearly indispensable across industries. Its impact on the workforce is, thus, unsurprisi…DATABREACHTODAY.CO.UK
1 Oct KEVOrganizations Warned of Exploited SAP, Gpac and D-Link VulnerabilitiesCISA warns that years-old vulnerabilities in SAP Commerce, Gpac framework, and D-Link DIR-820 routers are exploited in the wild. The post Organizations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
1 OctDragos Acquires Network Perception to Boost VisibilityOT security firm Dragos has acquired Network Perception to enhance its platform’s visibility, segmentation and compliance capabilities. The post Dragos Acquires Network Perception to Boost Visibility appeared first on SecurityWeek .SECURITYWEEK.COM
1 OctSpooky action: Phantom domains create hijackable hyperlinksAccording to a recent paper published at the 2024 Web Conference, so-called “phantom domains” make it possible for malicious actors to hijack hyperlinks and exploit users’ trust in familiar websites. The research defines phantom domains as active links to d…SECURITYINTELLIGENCE.COM
1 OctCISA Releases Two Industrial Control Systems AdvisoriesCISA released two Industrial Control Systems (ICS) advisories on October 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-275-01 Optigo Networks ONS-S8 Spectra Aggregation Switch ICSA-24-275…CISA.GOV
1 OctWhat are your pet peeves when it comes to tool selection? - Timothy Ball - CSP #194Hear from expert TimBall, CISO for NGO-ISAC, on his experiences in the industry and how he advises his members on finding the right tool. Especially when it comes to making sure the tool isn’t a ‘shiny object’ purchase but actually addressing your organizations underlying issues …YOUTUBE.COM
1 OctPolice arrest four suspects linked to LockBit ransomware gangLaw enforcement authorities from 12 countries arrested four suspects linked to the LockBit ransomware gang, including a developer, a bulletproof hosting service administrator, and two people connected to LockBit activity. [...]BLEEPINGCOMPUTER.COM
1 OctMore LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes ServersPreviously seized LockBit websites have been used to announce more arrests, charges and infrastructure disruptions. The post More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers appeared first on SecurityWeek .SECURITYWEEK.COM
1 OctRussia exploited Evil Corp relationship for NATO attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.theregister.com/2024/10/01/evil_corp_russia_relationship/SH.ITJUST.WORKS
1 OctLockBit and Evil Corp Targeted In Anti-Ransomware CrackdownUK Police Say Evil Corp 'Right-Hand Man' Was Also a LockBit Affiliate Law enforcement from the United States, United Kingdom, France and Spain made a coordinated announcement Tuesday of further arrests, indictments, sanctions and server takedowns targeting the Russian cybercrimin…DATABREACHTODAY.CO.UK
1 OctRansomware attack forces UMC Health System to divert some patientsTexas healthcare provider UMC Health System was forced to divert some patients to other locations after a ransomware attack impacted its operations. [...]BLEEPINGCOMPUTER.COM
1 OctNew Survey Shows 40% of Respondents Never Received Cybersecurity Training From Their EmployerYubico has published a survey of 20,000 people from 10 countries around the world, finding that 40% of respondents have never received cybersecurity training from their employer.KNOWBE4.COM
1 OctRackspace monitoring data stolen in ScienceLogic zero-day attackCloud hosting provider Rackspace suffered a data breach exposing "limited" customer monitoring data after threat actors exploited a zero-day vulnerability in a third-party tool used by the ScienceLogic SL1 platform. [...]BLEEPINGCOMPUTER.COM
1 OctEurope Begins Drafting AI Code of PracticeAI Act General Purpose AI Rules to be Enforced in 2025 The European Commission appointed a 13 member team to draft the general purpose artificial intelligence code of practice mandated by the AI Act. The commission on Monday announced four working groups that will oversee draftin…DATABREACHTODAY.CO.UK
1 OctThird Party Zero-Day Bug Exploited in Rackspace SystemsRackspace Scrambles to Patch Zero Day Dashboard Bug Rackspace confirmed that criminals exploited a zero day vulnerability in a ScienceLogic third-party application, forcing the cloud-hosting provider to take monitoring dashboards offline. ScienceLogic confirmed it issued a patch …DATABREACHTODAY.CO.UK
1 OctArc browser launches bug bounty program after fixing RCE bugThe Browser Company has introduced an Arc Bug Bounty Program to encourage security researchers to report vulnerabilities to the project and receive rewards. [...]BLEEPINGCOMPUTER.COM
1 OctASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure OrganizationsToday, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)—in partnership with CISA, U.S. government and international partners—released the guide Principles of Operational Technology Cybersecurity . This guidance provides critical information on ho…CISA.GOV
1 OctA Vulnerability in Zimbra Collaboration Could Allow for Remote Code ExecutionA vulnerability has been discovered in Zimbra Collaboration which could allow for remote code execution. Zimbra is a collaborative software suite that includes an email server and a web client. Successful exploitation of this vulnerability could allow for remote code execution in…CISECURITY.ORG
📋 SECURITY BULLETINS 1[−]
1 OctPLANET Technology Switches Face Multiple Vulnerabilities, Urgent Firmware Updates AdvisedThe Taiwan Computer Emergency Response Team (TWCERT/CC) has released a series of security advisories highlighting critical vulnerabilities affecting various PLANET Technology switch models.SECURITYONLINE.INFO
📢 SECURITY ADVISORIES 14[−]
1 OctGoogle Workspace Announced New Password Policies, What is ChangingGoogle Workspace has announced new password policies that will impact how users and third-party apps access Google services. The changes, aimed at eliminating less secure sign-in methods, will be implemented in stages throughout 2024. Here’s what you need to know about the upcomi…GBHACKERS.COM
1 OctData of 300k digiDirect customers leaked in alleged attackOne of Australia’s leading retailers of consumer electronics, digiDirect, is allegedly facing theft of data belonging to over 300k customers from a cybersecurity breach. On Sunday, a threat actor using the alias “Tanaka” posted on the dark web, saying the e-tailer had been breach…CSOONLINE.COM
1 OctJPCERT Shares Windows Event Log Tips to Detect Ransomware AttacksThe investigation strategy shared by JPCERT/CC covers Application, Security, System, and Setup logs, which can reveal traces left by ransomware attacks and help identify the attack vectorBLEEPINGCOMPUTER.COM
1 OctStaff Stories Spotlight Series: Cybersecurity Awareness Month 2024This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interes…NIST.GOV
1 OctExperts Warn CISA’s Threat Sharing is in a 'Death Spiral'US Cyber Defense Agency’s Flagship Threat Sharing Initiative Facing Major Hurdles Experts told Information Security Media Group the Cybersecurity and Infrastructure Security Agency’s flagship threat sharing initiative faces major logistical hurdles and may need to be replaced wit…DATABREACHTODAY.CO.UK
1 OctCybersecurity Awareness Month needs a radical overhaul – it needs legislationDespite their benefits, awareness campaigns alone are not enough to encourage widespread adoption of cybersecurity best practicesWELIVESECURITY.COM
🔥 INCIDENT REPORTING 18[−]
1 OctU.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive EmailsThe U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook of London was arrested last week and is expected to be extradited to the U.S. to fa…THEHACKERNEWS.COM
1 OctFree Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User CredentialsMore than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft. "For prospective phishers, Sniper Dz offers …THEHACKERNEWS.COM
1 OctLogpoint Strengthens SIEM by Acquiring Muninn AI-Powered NDRPurchase Adds Advanced AI Network Detection to Logpoint's Threat Response Toolbox Logpoint acquires Muninn to integrate its AI-based NDR technology, enhancing threat detection and response capabilities in its SIEM platform. This move supports Logpoint's mission to defend OT and I…DATABREACHTODAY.CO.UK
1 OctMalicious Actors Use Infected PyPI Packages to Target Roblox Da Hood Game CheatersPlatforms like Github, Discord, and YouTube are used to distribute compromised game cheats, which contain malware such as Skuld Stealer and Blank Grabber, known for stealing sensitive information.IMPERVA.COM
1 OctJPCERT shares Windows Event Log tips to detect ransomware attackssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/jpcert-shares-windows-event-log-tips-to-detect-ransomware-attacks/SH.ITJUST.WORKS
1 OctNorth Korea Hackers Linked to Breach of German Missile Manufacturersubmitted by kid to cybersecurity 3 points | 0 comments https://www.securityweek.com/north-korea-hackers-linked-to-breach-of-german-missile-manufacturer/SH.ITJUST.WORKS
1 OctUS reaches $31.5 million settlement with T-Mobile over data breachessubmitted by kid to cybersecurity 5 points | 0 comments https://www.reuters.com/business/media-telecom/us-reaches-315-million-settlement-with-t-mobile-over-data-breaches-2024-09-30/SH.ITJUST.WORKS
1 Oct[Cybersecurity Awareness Month] Responding to Cyber Incidents the ‘Inside Man’ Way: Fiona's ApproachIn a world where cybersecurity incidents are no longer a matter of if they will happen, but when, having a solid incident response plan is a critical component of cyber resilience and business continuity.KNOWBE4.COM
1 OctUK unmasks LockBit ransomware affiliate as high-ranking hacker in Russia state-backed cybercrime gangEvil Corp maintains a "privileged" relationship with the Kremlin, and was often tasked with launching cyberattacks on behalf of Russia. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
1 OctBudTrader - 2,721,185 breached accountsIn July 2024, a data breach of the now defunct cannabis social platform BudTrader was posted for sale on a hacking forum . Dating back to the previous month, the breach of the website exposed 2.7M email addresses, usernames and WordPress password hashes.HAVEIBEENPWNED.COM
1 OctHow the FBI and Mandiant caught a ‘serial hacker’ who tried to fake his own deathJesse Kipf was a prolific hacker who sold access to systems he hacked, had contacts with a notorious cybercrime gang, and tried to use his hacking skills to get off the grid for good. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
1 OctT-Mobile to Pay Millions to Settle With FCC Over Data BreachesT-Mobile has agreed to invest $15.75 million in cybersecurity and pay $15.75 million to settle an FCC investigation into four data breaches. The post T-Mobile to Pay Millions to Settle With FCC Over Data Breaches appeared first on SecurityWeek .SECURITYWEEK.COM
1 OctEvil Corp hit with new sanctions, BitPaymer ransomware chargesThe Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia, with the US also indicting one of its members for conducting BitPaymer ransomware attacks. [...]BLEEPINGCOMPUTER.COM
1 OctT-Mobile promises to try not to get hacked againsubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.theverge.com/2024/9/30/24258763/t-mobile-fcc-settlement-cybersecurity-investment A $15.75 million promise.SH.ITJUST.WORKS
1 OctThe Rise of Deepfake Scams: A Wake-Up Call After US Senator Becomes Latest VictimIn an era where technology continues to blur the lines between reality and fiction, a recent incident involving U.S. Senator Ben Cardin serves as a stark reminder of the growing threat posed by deepfake scams.KNOWBE4.COM
1 OctEvil Corp Protected by High-Ranking FSB Official, Police SayUK National Crime Agency Details Kremlin-Cybercrime Connection Russian intelligence agencies tasked the notorious Russian-speaking cybercrime syndicate Evil Corp with conducting cyberattacks and cyberespionage operations on behalf of the Russian government, British police said Tu…DATABREACHTODAY.CO.UK
1 OctEvil Corp Protected by Ex-Senior FSB Official, Police SayUK National Crime Agency Details Kremlin-Cybercrime Connection Russian intelligence agencies tasked the notorious Russian-speaking cybercrime syndicate Evil Corp with conducting cyberattacks and cyberespionage operations on behalf of the Russian government, British police said Tu…DATABREACHTODAY.CO.UK
1 Oct2 Calif. Medical Groups Split Citing Cyberattack DisputeBreakup Spotlights How Some Relationships Can Crumble After Attack, Investigation California-based Graybill Medical Group physicians' practice says it's splitting up with its affiliate practice, Palomar Medical Group, which handles a variety of management services, because the fi…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 18[−]
1 OctISC Stormcast For Tuesday, October 1st, 2024 https://isc.sans.edu/podcastdetail/9160, (Tue, Oct 1st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
1 OctNew Cryptojacking Attack Targets Docker API to Create Malicious Swarm BotnetCybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's orchestration features…THEHACKERNEWS.COM
1 OctPatchwork APT Group Unleashes Nexe Backdoor for Cyber EspionageThe group’s persistence is ensured by creating scheduled tasks and employing encryption methods like SHA256 hashing and the Salsa20 algorithm to transmit sensitive data to a command and control server named iceandfire[.]xyz.THECYBEREXPRESS.COM
1 OctApono Raises $15.5 Million for Cloud Access PlatformCloud access provider Apono has raised $15.5 million in a Series A funding round led by New Era Capital Partners. The post Apono Raises $15.5 Million for Cloud Access Platform appeared first on SecurityWeek .SECURITYWEEK.COM
1 OctThe Playstation Network is down in a global outagesubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/gaming/the-playstation-network-is-down-in-a-global-outage/SH.ITJUST.WORKS
1 OctWestern Digital My Cloud Devices Flaw Let Attackers Execute Arbitrary Codesubmitted by kid to cybersecurity 4 points | 1 comments https://cybersecuritynews.com/western-digital-my-cloud-flaw/SH.ITJUST.WORKS
1 OctNew Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnetsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2024/10/new-cryptojacking-attack-targets-docker.htmlSH.ITJUST.WORKS
1 OctCracking the Cloud: The Persistent Threat of Credential-Based AttacksCredentials are still the most common entry point for bad actors, even as businesses deploy multi-factor authentication (MFA) to strengthen defenses. The post Cracking the Cloud: The Persistent Threat of Credential-Based Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
1 OctMicrosoft Unveils Copilot Vision AI Tool, but Highlights Security After Recall DebacleMicrosoft has unveiled a new AI-based web content analysis tool, underscoring safety and security to address potential concerns. The post Microsoft Unveils Copilot Vision AI Tool, but Highlights Security After Recall Debacle appeared first on SecurityWeek .SECURITYWEEK.COM
1 OctAI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image RecognitionThe threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys …THEHACKERNEWS.COM
1 OctSystems used by courts and governments across the US riddled with vulnerabilitiessubmitted by BrikoX to cybersecurity 2 points | 0 comments https://arstechnica.com/security/2024/09/systems-used-by-courts-and-govs-across-the-us-riddled-with-vulnerabilities With hundreds of courts and agencies affected, chances are one near you is, too.SH.ITJUST.WORKS
1 OctThreat Actors Behind MFA Bypass Service ‘OTP Agency’ Plead Guilty to FraudThe criminal prosecution of the threat actors behind the "OTP Agency" has highlighted an ingenious new tactic that cybercriminals can use to bypass multi-factor authentication .KNOWBE4.COM
1 OctNews alert: Introducing Mayhem Security — ForAllSecure unveils name change, fresh focusPittsburgh, PA, Oct. 1, 2024 — ForAllSecure , the world’s most advanced application security testing company, today announced it is changing its corporate name to Mayhem Security (“Mayhem”), signaling a new era of growth and opportunity aligned with its aw…LASTWATCHDOG.COM
1 OctCybersecurity Awareness Month: Securing our world—togetherTo help our global cyberdefenders, Microsoft has put together the Be Cybersmart Kit, designed to educate everyone, on best practices for going passwordless, not falling for sophisticated phishing or fraud, device protection, AI safety, and more. The post Cybersecurity Awareness M…MICROSOFT.COM
1 OctNew PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keyssubmitted by kid to cybersecurity 2 points | 0 comments https://hackread.com/pypi-malware-crypto-wallet-tools-steal-private-keys/SH.ITJUST.WORKS
1 OctDeath Stars, Recall, Microsoft, Brocade, AI, Josh Marpet, and more... - SWN #418Death Stars are not real or are they?, Recall, Microsoft, Brocade, AI and More and More AI, Josh Marpet, and more on the Cyber Security News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-418YOUTUBE.COM
1 OctJana Partners Increases Stake in Rapid7, Eyes Potential SaleActivist Investor Pressures Cybersecurity Firm to Pursue Operational Changes, Sale Jana Partners has raised its stake in cybersecurity vendor Rapid7 to 13% and is pushing for the company to consider selling itself. The activist investor teamed up with Cannae Holdings and is engag…DATABREACHTODAY.CO.UK
1 OctPalo Alto Networks Prevents Data Loss at Enterprise Scale with NVIDIAThe integration of NVIDIA Triton Inference Server and GPU technology into Palo Alto Networks Data Security advances handling data security challenges. The post Palo Alto Networks Prevents Data Loss at Enterprise Scale with NVIDIA appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
1 OctSophisticated RAT Hides Behind P. Diddy Scandal LuresThis malware, known as "PdiddySploit," poses serious security threats to individuals and organizations. The attackers are luring the public with promises of revealing deleted X posts related to Combs on social media platforms.DARKREADING.COM
1 OctFake League of Legends Download Ads Spread Lumma StealerFake ads are spreading Lumma Stealer malware, targeting fans of the League of Legends World Championship. Cybercriminals are capitalizing on the event hype to trick unsuspecting gamers into downloading a malicious game version.HACKREAD.COM
1 OctNew Octo Android Malware Version Impersonates NordVPN, Google ChromeWith enhancements like reduced data transmissions, dynamic code loading, and push notification blocking, Octo2 poses a significant threat to Android users and underscores the continued development of malicious mobile malware.BLEEPINGCOMPUTER.COM
🎙️ PODCASTS 1[−]
1 OctThe AI Fix #18: ChatGPT’s false memories, and would an inner critic stop AI hallucinations?In episode 18 of "The AI Fix" our hosts discover that OpenAI's Advanced Voice mode is too emotional for Europeans, a listener writes a Viking saga about LinkedIn, ChatGPT is a terrible doctor, and the voice of Meta AI takes to Meta's platforms to complain about Meta AI reading th…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 18[−]
1 OctPhishing Attacks on Australia Disguised as AtlassianMimecast highlighted a noticeable increase in the use of Atlassian to evade detection. The attackers utilized postmark URLs to gather data intelligence, including location and browser details.TECHREPUBLIC.COM
1 OctRhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0Rhadamanthys, an advanced information stealer, has introduced innovative AI capabilities in version 0.7.0, allowing it to extract cryptocurrency seed phrases from images using optical character recognition (OCR).RECORDEDFUTURE.COM
1 OctSophos announced as inaugural sponsor of The Hacking GamesInvesting in the cybersecurity experts of tomorrow.SOPHOS.COM
1 Oct5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI UsageSince its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particula…THEHACKERNEWS.COM
1 OctEon emerges from stealth with $127M to bring a fresh approach to back up cloud infrastructureA team of founders who sold their last company to Amazon to build a new business within AWS is setting out to reinvent the tricky business of backing up an organization’s cloud infrastructure. Today, Eon — as their new startup is called — is coming out of stealth with a product, …TECHCRUNCH.COM
1 OctLogpoint Strengthens SIEM by Acquiring Muninn AI-Powered NDRLogpoint, a SIEM company based in Copenhagen, acquired Muninn, an AI-powered NDR startup, to enhance threat detection capabilities. Muninn's AI technology is designed to detect complex attacks in environments where traditional methods fall short.HEALTHCAREINFOSECURITY.COM
1 OctAuthorities Warn of Growing Iranian Spear Phishing Threat Against Journalists and DiplomatsThe UK and US issued a joint warning about the increasing Iranian spear phishing threat, attributing it to Iran's Islamic Revolutionary Guard Corps targeting individuals in Iranian and Middle Eastern affairs, as well as US political campaigns.INFOSECURITY-MAGAZINE.COM
1 OctCloud Security Firm Apono Raises $15.5 Million to Expand AI-Powered Access ManagementThis latest investment, led by New Era Capital Partners, brings Apono's total funding to $20. 5 million, positioning the company to lead the identity security market with its innovative AI-driven product.SILICONANGLE.COM
1 OctHurricane Helene Aftermath - Cyber Security Awareness Month, (Tue, Oct 1st)For a few years now, October has been "National Cyber Security Awareness Month". This year, it is a good opportunity for a refresher on some scams that tend to happen around disasters like Hurricane Helene. The bigger the disaster, the more attractive it is to scammers. ISC.SANS.EDU
1 OctMicrosoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issuesMicrosoft fixes a known issue in the Windows KB5043145 preview update that causes reboot loops, freezes systems, and breaks USB and Bluetooth devices. [...]BLEEPINGCOMPUTER.COM
1 OctWindows 11 24H2 now rolling out, here are the new featuresToday, Microsoft announced the release of Windows 11, version 24H2, the next feature update for its operating system (also known as the Windows 11 2024 Update). [...]BLEEPINGCOMPUTER.COM
1 OctDownload the Emerging Cybersecurity Issues Enterprise SpotlightDownload the October 2024 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World.US.RESOURCES.CSOONLINE.COM
1 OctThe complete agenda for the Disrupt Stage at TechCrunch Disrupt 2024Get ready for TechCrunch Disrupt 2024, our signature event for startups of all stages, taking place at Moscone West in San Francisco from October 28-30. This year, we’re expecting a massive turnout of 10,000+ leaders from the startup, VC, and broader tech community. As part…TECHCRUNCH.COM
1 OctSophosAI at Virus Bulletin ’24: Using multimodal AI as a “sixth sense” for cyber defenseSophos' Younghoo Lee will present his research on the use of AI to analyze both text and image data to classify spam, phishing, and unsafe web content in Dublin.SOPHOS.COM
1 OctMicrosoft fixes Outlook email sending issue for users with many folders​Microsoft has fixed a known issue affecting Outlook for Microsoft 365 users that caused problems sending emails for those with too many nested folders. [...]BLEEPINGCOMPUTER.COM
1 OctWhy system resilience should mainly be the job of the OS, not just third-party applicationsBuilding efficient recovery options will drive ecosystem resilienceWELIVESECURITY.COM