224Articles
10Categories
2024-10-08Date
🚨 CISA KEV 1[−]
8 Oct KEVCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-43047 Qualcomm Multiple Chipsets Use-After-Free Vulnerability CVE-2024-43572 Microsoft Windows Management Console Remote Code Executi…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 125[−]
8 OctQualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active ExploitsQualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), has been de…THEHACKERNEWS.COM
8 OctOpen-Source Scanner Released to Detect CUPS VulnerabilityA new open-source scanner has been released to detect a critical vulnerability in the Common Unix Printing System (CUPS), explicitly targeting CVE-2024-47176. This vulnerability and others in the chain pose significant risks as it can allow remote code execution on UNIX and UNIX-…GBHACKERS.COM
8 OctPoC Exploit Releases for CVE-2024-44193: Local Privilege Escalation Vulnerability in iTunessubmitted by kid to cybersecurity 1 points | 0 comments https://securityonline.info/poc-exploit-releases-for-cve-2024-44193-local-privilege-escalation-vulnerability-in-itunes/SH.ITJUST.WORKS
8 OctCVE-2021-1683 Windows Bluetooth Security Feature Bypass VulnerabilityUpdated the executive summary with current information. This is an informational change only.MSRC.MICROSOFT.COM
8 OctCVE-2021-1684 Windows Bluetooth Security Feature Bypass VulnerabilityUpdated the executive summary with current information. This is an informational change only.MSRC.MICROSOFT.COM
8 OctCVE-2021-1638 Windows Bluetooth Security Feature Bypass VulnerabilityUpdated the executive summary with current information. This is an informational change only.MSRC.MICROSOFT.COM
8 OctCVE-2024-43481 Power BI Report Server Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43502 Windows Kernel Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43504 Microsoft Excel Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43506 BranchCache Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43513 BitLocker Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43527 Windows Kernel Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43573 Windows MSHTML Platform Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43576 Microsoft Office Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-6197 Open Source Curl Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43609 Microsoft Office Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43612 Power BI Report Server Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43616 Microsoft Office Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-37979 Windows Kernel Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-38149 BranchCache Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-30092 Windows Hyper-V Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43497 DeepSpeed Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43511 Windows Kernel Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43520 Windows Kernel Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43521 Windows Hyper-V Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43550 Windows Secure Channel Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43551 Windows Storage Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43552 Windows Shell Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43553 NT OS Kernel Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43567 Windows Hyper-V Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43570 Windows Kernel Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43571 Sudo for Windows Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43575 Windows Hyper-V Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43583 Winlogon Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
8 OctCVE-2024-43488 Visual Studio Code extension for Arduino Remote Code Execution VulnerabilityMissing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.MSRC.MICROSOFT.COM
8 OctNew scanner finds Linux, UNIX servers exposed to CUPS RCE attacksAn automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 29[−]
8 OctHow the increasing demand for cyber insurance is changing the role of the CISODemand for cyber insurance is up, and market observers expect the number of standalone cyber insurance policies will continue to rise. German multinational insurance company Munich Re has valued the global cyber insurance market at $14 billion in 2023 and estimated that it will h…CSOONLINE.COM
8 OctHackers Gained Unauthorized Network Access to Casio NetworksCasio Computer Co., Ltd. has confirmed that a third party illegally accessed its network on October 5th, leading to significant disruptions in its services. The company disclosed the breach after conducting an internal investigation. The investigation revealed that the unauthoriz…GBHACKERS.COM
8 OctOpen-Source Scanner Released to Detect CUPS Vulnerabilitysubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/open-source-scanner-released-to-detect-cups-vulnerability/SH.ITJUST.WORKS
8 OctSAP Patches Critical BusinessObjects Vulnerability with October Security Updatessubmitted by kid to cybersecurity 1 points | 0 comments https://securityonline.info/sap-patches-critical-businessobjects-vulnerability-with-october-security-updates/SH.ITJUST.WORKS
8 OctTokyo DriftSec: Who is going First? Who is going Smooth? - Lisa Landau - CSP #195Let’s talk to our favorite Tokyo security leader about how she has experienced tool selection across the world. To be risk adverse or not to be risk adverse. What a question! Segment Resources: https://www.youtube.com/watch?v=BdFzJxSemKo Show Notes: https://cisostoriespodcast.com…YOUTUBE.COM
8 OctAvoid Scams After Disaster StrikesAs hurricanes and other natural disasters occur, CISA urges individuals to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise cautio…CISA.GOV
8 OctAttackers Abuse URL Rewriting to Evade Security FiltersAttackers continue to exploit URL rewriting to hide their phishing links from email security filters, according to researchers at Abnormal Security.KNOWBE4.COM
8 OctCritical Automative 0-Day Flaws Let Attackers Gain Full Control Over CarsRecent discoveries in the automotive cybersecurity landscape have unveiled a series of critical zero-day vulnerabilities that could allow attackers to gain full control over vehicle systems. These vulnerabilities, highlighted in a presentation by security researcher Amit Geynis o…GBHACKERS.COM
8 OctLemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos ServersThe attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm, creating a hidden administrative share and executing a malicious batch file named p.bat. This batch file performed various malicious actions like creating and executing malicious…GBHACKERS.COM
8 OctExploiting Microsoft Teams on macOS during a Purple Team engagementThe following article explains how during a Purple Team engagement we were able to identify a vulnerability in Microsoft Teams on macOS allowing us to access a user's camera and microphone.QUARKSLAB.COM
8 Oct KEVIvanti warns of three more CSA zero-days exploited in attacksAmerican IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. [...]BLEEPINGCOMPUTER.COM
8 Oct KEVZero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively ExploitedIvanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-bas…THEHACKERNEWS.COM
8 OctLargest US Water Utility Hit by Cybersecurity IncidentCyber Incident Affecting American Water Utility Company Leads to Portal Shutdown The largest regulated water and wastewater company in the United States told customers it was investigating a cybersecurity incident that led the utility to shut down its customer service portal and …DATABREACHTODAY.CO.UK
8 OctCISA and FBI Release Fact Sheet on Protecting Against Iranian Targeting of Accounts Associated with National Political OrganizationsToday, CISA and the Federal Bureau of Investigation (FBI) released joint fact sheet, How to Protect Against Iranian Targeting of Accounts Associated with National Political Organizations . This fact sheet provides information about threat actors affiliated with the Iranian Govern…CISA.GOV
8 OctRCE from Iconv + PHP, Fuzzing a Codec, Fuzzing LLMs, Revisiting Recall - ASW #302The many lessons to take away from a 24-year old flaw in glibc and the mastery in crafting an exploit in PHP, changing a fuzzer's configuration to find more flaws, fuzzing LLMs for prompt injection and jailbreaks, security hardening of baseband code, revisiting the threat models …YOUTUBE.COM
8 OctThe Future of Zed Attack Proxy - Simon Bennetts, Ori Bendet - ASW #302Zed Attack Proxy has been a crucial web app testing tool for decades. It's also had a struggle throughout 2024 to obtain funding that would enable the tool to add more features while remaining true to its open source history. Simon Bennetts, founder of ZAP, and Ori Bendet from Ch…YOUTUBE.COM
8 OctRun Your Security Program Like an Election Campaign - Kush Sharma - BSW #367Does the CISO need to act like a politician? Negotiating budgets, communicating risks, and selling your strategy across the organization does sound a little like a politician. And if that's the case, are you hiring the right campaign staff? Kush Sharma, former CISO for CPR, City …YOUTUBE.COM
8 Oct KEVMicrosoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flawsToday is Microsoft's October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited. [...]BLEEPINGCOMPUTER.COM
8 OctMicrosoft Releases October 2024 Security UpdatesMicrosoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary update…CISA.GOV
8 Oct6 Risk-Assessment-Frameworks im VergleichMit dem richtigen Framework lassen sich Risiken besser ergründen. FOTOGRIN – shutterstock.com Für viele Geschäftsprozesse ist Technologie inzwischen unverzichtbar. Deshalb zählt diese auch zu den wertvollsten Assets eines Unternehmens. Leider stellt sie gleichzeitig jedoch auch e…CSOONLINE.COM
8 OctAdobe Releases Security Updates for Multiple ProductsAdobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to review the following Adobe Security Bu…CISA.GOV
8 Oct“Einzigartig und zerstörerisch”Häufig ist der Microsoft Authenticator die schnellste Wahl. Aber ist es auch die richtige? Ascannio – shutterstock.com Microsofts Authenticator-App hat ein Alleinstellungsmerkmal: Das Tool löscht alte Konten, wenn neue Konten per QR-Code hinzugefügt werden. Und das hat sich trotz…CSOONLINE.COM
8 OctNHS: Most Patient Services Online Following Synnovis AttackUK Blood Supply Shortage Still Lingers 4 Months After Attack on Pathology Lab The United Kingdom's National Health Service said nearly all services disrupted by a June ransomware attack on pathology laboratory services provider Synnovis are finally back online. The incident trigg…DATABREACHTODAY.CO.UK
8 OctGroßangelegte Cyberattacke auf AWSForscher decken Sicherheitslücken in Webanwendungen auf. Zugangsschlüssel u.ä. wurden gestohlen. Photo For Everything – shutterstock.com Amazon Web Services (AWS) wurde Ziel einer Cyberattacke. Im Zuge der Attacke sammelten die Aggressoren AWS-Schlüssel und Zugriffstoken für vers…CSOONLINE.COM
8 OctWeg vom Hype, hin zur Realität!Sales Pitch oder Event mit echtem Mehrwert? Die Grenzen verschwimmen zusehends. Matej Kastelic | shutterstock.com Als Chief Information Security Officer ( CISO ) habe ich den Wandel der Cybersicherheit von einer IT-Nischenfunktion zu einer Priorität auf Vorstandsebene direkt mite…CSOONLINE.COM
8 OctOT geht auch den CISO an!IT-Systeme sicher – OT egal? Gorodenkoff – shutterstock.com Einige Sicherheitsentscheider sind davon überzeugt, Risiken im Bereich Operational Technology (OT) nicht bewerten oder standardisieren zu müssen, weil sie sie nicht betreiben. Ich wage zu behaupten, dass das häufig zu bl…CSOONLINE.COM
8 OctUN Says Asian Cybercrime Cartels Are Rising Global ThreatCrime Syndicates Too Powerful for Regional Governments to Police, UN Report Warns Cybercrime syndicates across Southeast Asia have teamed up with human traffickers, money launderers and cryptocurrency services to build an increasingly effective cybercrime ecosystem that can survi…DATABREACHTODAY.CO.UK
8 OctMuah.AI - 1,910,261 breached accountsIn September 2024, the "AI girlfriend" website Muah.AI suffered a data breach . The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenario…HAVEIBEENPWNED.COM
8 OctCritical Patches Issued for Microsoft Products, October 8, 2024Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, o…CISECURITY.ORG
📋 SECURITY BULLETINS 4[−]
8 OctWindows 10 KB5044273 update released with 9 fixes, security updatesMicrosoft has released the KB5044273 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes nine changes and fixes, including a new Windows Update opt-in notification shown when you log in to the operating system. [...]BLEEPINGCOMPUTER.COM
8 OctMicrosoft fixes Remote Desktop issues caused by Windows Server update​Microsoft says this month's Patch Tuesday cumulative updates fix a known issue that causes Windows servers to disrupt Remote Desktop connections in enterprise networks after installing the July Windows Server security updates. [...]BLEEPINGCOMPUTER.COM
8 OctMicrosoft Patch Tuesday - October 2024, (Tue, Oct 8th)Microsoft today released patches for 117 vulnerabilities. Three additional vulnerabilities apply to Chromium/Edge. Another three vulnerabilities are rated critical. ISC.SANS.EDU
8 OctPatch Tuesday, October 2024 EditionMicrosoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a …KREBSONSECURITY.COM
📢 SECURITY ADVISORIES 11[−]
8 OctScalability Challenges in Privacy-Preserving Federated LearningThis post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government’s Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts …NIST.GOV
8 OctCISA Issues Guidance to Counter Iran’s Election InterferenceCISA and FBI Warn of Iranian Hackers Targeting US Political Campaigns and Officials The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation have issued new guidance to help U.S. political campaigns defend against increasing cyber threats from …DATABREACHTODAY.CO.UK
8 OctCloudflare Acquires Kivera to Fuel Preventive Cloud SecurityKivera Integrates Controls Into Cloudflare One to Prevent Cloud Misconfigurations With the acquisition of New York-based startup Kivera, Cloudflare will enhance its Cloudflare One platform, adding proactive controls that secure cloud environments, prevent misconfigurations and im…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 20[−]
8 OctPro-Ukrainian Hackers Strike Russian State TV on Putin's BirthdayUkraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters. The incident took place on the night of October 7, VGTRK confirmed, describing it as an "unprecedent…THEHACKERNEWS.COM
8 OctAmerican Water Works Cyber Attack Impacts IT SystemsAmerican Water Works Company, Inc., a leading provider of water and wastewater services, announced that it had detected unauthorized activity within its computer networks. The company confirmed that this activity was the result of a cybersecurity incident. Upon discovery, America…GBHACKERS.COM
8 OctComcast Cyber Attack Impacts 237,000+ Users Personal DataComcast Cable Communications LLC has reported that over 237,000 users’ data has been compromised. The breach, which occurred on February 14, 2024, was discovered on July 17, 2024, and has raised concerns about the company’s cybersecurity measures. Details of the Breac…GBHACKERS.COM
8 Octfetchmail logs showing a Tor exit node is compromisedsubmitted by evenwicht to cybersecurity 2 points | 0 comments This is what my fetchmail log looks like today (UIDs and domains obfuscated): fetchmail: starting fetchmail 6.4.37 daemon fetchmail: Server certificate verification error: self-signed certificate in certificate chain f…INFOSEC.PUB
8 OctStudy: 92% of Healthcare Firms Hit by Cyberattacks This YearHealthcare organizations should rethink some of their approach to security, enhancing focus on insider threats, improving cyber awareness training and securing mobile applications and devices, said Ryan Witt, vice president of industry solutions at Proofpoint, discussing findings…DATABREACHTODAY.CO.UK
8 OctGoldenJackal Target Embassies and Air-Gapped Systems Using Malware ToolsetsA little-known threat actor tracked as GoldenJackal has been linked to a series of cyber attacks targeting embassies and governmental organizations with an aim to infiltrate air-gapped systems using two disparate bespoke toolsets. Victims included a South Asian embassy in Belarus…THEHACKERNEWS.COM
8 OctChina Possibly Hacking US “Lawful Access” BackdoorThe Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by l…SCHNEIER.COM
8 OctCyberattack Group 'Awaken Likho' Targets Russian Government with Advanced ToolsRussian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. "The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote a…THEHACKERNEWS.COM
8 OctLEGO's website hacked to push cryptocurrency scamsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/legos-website-hacked-to-push-cryptocurrency-scam/SH.ITJUST.WORKS
8 OctMoneyGram confirms hackers stole customer data in cyberattacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/moneygram-confirms-hackers-stole-customer-data-in-cyberattack/SH.ITJUST.WORKS
8 OctADT discloses second breach in 2 months, hacked via stolen credentialssubmitted by kid to cybersecurity 4 points | 0 comments https://www.bleepingcomputer.com/news/security/adt-discloses-second-breach-in-2-months-hacked-via-stolen-credentials/SH.ITJUST.WORKS
8 OctPalo Alto Networks and Tata Comms partner for AI-powered managed securityTata Communications has announced a partnership with Palo Alto Networks to develop integrated and managed security services. The collaboration will focus on security consolidation for global networks, cloud, and IoT security, integrated cybersecurity and connectivity, threat inte…CSOONLINE.COM
8 OctCasio reports IT systems failure after weekend network breachJapanese tech giant Casio has suffered a cyberattack after an unauthorized actor accessed its networks on October 5, causing system disruption that impacted some of its services. [...]BLEEPINGCOMPUTER.COM
8 OctHealthcare Organizations Warned of Trinity Ransomware Attackssubmitted by kid to cybersecurity 2 points | 0 comments https://www.securityweek.com/healthcare-organizations-warned-of-trinity-ransomware-attacks/SH.ITJUST.WORKS
8 OctEuropean govt air-gapped systems breached using custom malwareAn APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents. [...]BLEEPINGCOMPUTER.COM
8 OctMoneyGram Money Transfer Firm Reports Customer Data BreachStolen Data Includes Social Security Numbers and Details of Criminal Investigations MoneyGram Payment Systems, a Dallas-based money transfer system, said hackers who hit its infrastructure last month stole customer data, including contact details, Social Security numbers and info…DATABREACHTODAY.CO.UK
8 OctEuropean govt air-gapped systems breached using custom malwaresubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/european-govt-air-gapped-systems-breached-using-custom-malware/SH.ITJUST.WORKS
8 OctEU Strengthens Sanctions Against Russian HackersRussian Nationals, Agencies Engaged in Cyberattacks, Misinformation to be Targeted The European Council on Tuesday introduced a new sanctions framework to target Russian nationals and organizations engaged in malicious cyber activities such as election misinformation and disrupti…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 18[−]
8 OctISC Stormcast For Tuesday, October 8th, 2024 https://isc.sans.edu/podcastdetail/9170, (Tue, Oct 8th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
8 OctGoogle Blocked Malicious Sideloading Apps for Indian UsersGoogle has launched a pilot program to block malicious sideloading apps. This initiative is part of Google’s ongoing efforts to protect users from financial fraud and cybercrime, which have risen globally, particularly in India. Cybercrime continues to be a significant conc…GBHACKERS.COM
8 OctMalicious Chrome Add-ons Evade Google's Updated Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cyber-risk/malicious-chrome-extensions-past-google-updated-securitySH.ITJUST.WORKS
8 OctHackers Gained Unauthorized Network Access to Casio Networkssubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/hackers-gained-unauthorized-network/SH.ITJUST.WORKS
8 OctMicrosoft: Word deletes some documents instead of saving themsubmitted by kid to cybersecurity 5 points | 1 comments https://www.bleepingcomputer.com/news/microsoft/microsoft-word-for-microsoft-365-deletes-some-documents-instead-of-saving-them/ As the company explains, this bug only impacts users of Word for Microsoft 365 version 2409, bui…SH.ITJUST.WORKS
8 OctIs AI saving jobs… or taking them?Artificial intelligence (AI) is coming to take your cybersecurity job. Or, AI will save your job. Well, which is it? As with all things security-related, AI-related and employment-related, it’s complicated. How AI creates jobs A major reason it’s complicated is that A…SECURITYINTELLIGENCE.COM
8 OctPalo Alto Networks Joins EU AI Pact for a Secure Digital FuturePalo Alto Networks proudly stands among the first signatories of the EU Artificial Intelligence Pact, launched on September 25, 2024. The post Palo Alto Networks Joins EU AI Pact for a Secure Digital Future appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
8 Oct[Cybersecurity Awareness Month] Keeping Your Mobile Devices Secure from the ‘Inside’ OutAs remote work and connecting while traveling has become the norm, mobile device security responsibilities have also increased.KNOWBE4.COM
8 OctCybersecurity best practices are the worst, AI indegestion, real time doxxing - ESW #378This week in the enterprise security news, we've got: 1. Torq, Tamnoon, and Defect Dojo raise funding 2. Checkmarx acquires ZAP 3. Commvault acquires Clumio 4. Would you believe San Francisco is NOT the most funded metro area for cybersecurity? 5. Auto-doxxing Smart glasses are n…YOUTUBE.COM
8 OctLikho Hackers Using MeshCentral For Remotely Managing Victim SystemsThe Awaken Likho APT group launched a new campaign in June of 2024 with the intention of targeting Russian government agencies and businesses by targeting them. The group has abandoned its previous use of the UltraVNC module for remote access and adopted the MeshCentral agent ins…GBHACKERS.COM
8 OctBadge and CyberArk Announce Partnership to Redefine Privacy in PAM and Secrets ManagementPartnership aims to help businesses eliminate vulnerable attack surfaces and provide a more streamlined user experience. Badge Inc., the award-winning privacy company enabling Identity without Secrets™, today announced a partnership with CyberArk and the public release of its int…GBHACKERS.COM
8 OctGive CISOs a Seat at the Table as CISO Salaries Surge - BSW #367In the leadership and communications segment, PwC Urges Boards to Give CISOs a Seat at the Table, CISO Salary Surge: Fewer Job Changes, Bigger Paychecks for Experienced Cybersecurity Leaders, Fostering a cybersecurity-first culture: Key leadership insights for building resilient …YOUTUBE.COM
8 OctAryaka brings CASB into unified SASE foldAryaka continues to build out its SASE platform, adding new capabilities aimed at enhancing security and simplifying the adoption process for enterprises that want to consolidate their network and security deployments . At the heart of this update is Aryaka’s new cloud access sec…NETWORKWORLD.COM
8 OctAI, American Water, Broadband, Claroty, Okta, Meta, Phishing, Robocop, Josh Marpet... - SWN #420AI Fest, American Water, Broadband, Claroty, Okta, Meta, Phishing, Robocop, Josh Marpet, and more on the Security Weekly News. Show notes: https://www.securityweekly.com/swn420YOUTUBE.COM
8 OctMI5 Chief Warns of Cyberthreats to the UKRussia, Iran and China Investing in Cyber Ops, Warns MI5 Director Ken McCallum Nation-state actors are investing aggressively in advanced cyber operations to target government information and technology in a bid to sow "mayhem on British and European streets," warned a top Britis…DATABREACHTODAY.CO.UK
8 OctUniklinik Frankfurt nach 10 Monaten wieder online erreichbarUniversitätsklinikum Frankfurt Zehn Monate nach einem Hackerangriff sind die Stationen und Mitarbeiter der Uniklinik Frankfurt nun wieder vollständig digital über Website und E-Mail-Adressen erreichbar. Anstelle der bisherigen Adresse kgu.de läuft die Homepage nach einem technisc…CSOONLINE.COM
8 OctFile hosting services misused for identity phishingSince mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise …MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
8 OctGamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script EnginesUsers searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. "These attacks capitalize on the popularity of Lua gaming engine supplements within the stude…THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
8 OctThe AI Fix #19: AI spy specs, robot dogs with ladders, and is it AI or the climate?In episode 19 of "The AI Fix" podcast, Graham and Mark discover some AI podcast hosts having an existential crisis, a robot dog climbs another step towards world domination, Mark makes a gift for anyone working in tech support, and William Shatner chews through Lucy in the Sky wi…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 13[−]
8 OctMicrosoft Edge begins testing Copilot VisionMicrosoft Edge Canary has been updated with an interesting feature called Copilot Vision, but it's still in testing. [...]BLEEPINGCOMPUTER.COM
8 OctSophos Firewall: New XGS Series Desktop Firewalls and SFOS v21Best-in-class price-performance, excellent power efficiency, bolstered threat protection.SOPHOS.COM
8 OctTrust and trustworthiness in the internet of things | Kaspersky official blogThe difference between trust and trustworthiness, and why Kaspersky is involved in developing ISO/IEC TS 30149:2024KASPERSKY.COM
8 OctNew Case Study: The Evil Twin Checkout PageIs your store at risk? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life case study here. The Invisible Threat in Online Shopping When is a checkout page, not a ch…THEHACKERNEWS.COM
8 OctThe Value of AI-Powered IdentityIntroduction Artificial intelligence (AI) deepfakes and misinformation may cause worry in the world of technology and investment, but this powerful, foundational technology has the potential to benefit organizations of all kinds when harnessed appropriately. In the world of cyber…THEHACKERNEWS.COM
8 OctKasperksy says it’s closing down its UK office and laying off dozensRussian cybersecurity giant Kaspersky is shutting down its office in the United Kingdom and laying off its staff, just three months after the company started closing down its U.S. operations and laying off dozens of workers, TechCrunch has learned.  Kaspersky spokesperson Fr…TECHCRUNCH.COM
8 OctWindows 11 KB5044284 and KB5044285 cumulative updates releasedMicrosoft has released the KB5044284 and KB5044285 Windows 11 cumulative updates for versions 24H2 and 22H2/23H2 to fix security vulnerabilities and resolve 27 bugs and performance issues. [...]BLEEPINGCOMPUTER.COM
8 OctHarnessing AI for Enhanced SecurityA deep-dive into how AI-driven solutions from Trend Micro leveraging the NVIDIA AI Enterprise software platform are elevating security across critical industriesTRENDMICRO.COM
8 OctNew Mamba 2FA bypass service targets Microsoft 365 accountsAn emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. [...]BLEEPINGCOMPUTER.COM
8 OctMicrosoft: Windows 11 22H2 Home and Pro reached end of servicingMicrosoft reminded customers today that multiple editions of Windows 11 22H2 and 21H2 have reached their end of servicing. [...]BLEEPINGCOMPUTER.COM
8 OctCyber insurance, human risk, and the potential for cyber-ratingsCould human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people’s financial responsibility?WELIVESECURITY.COM