87Articles
9Categories
2024-10-09Date
🚨 CISA KEV 2[−]
9 Oct KEVU.S. CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalogsubmitted by kid to cybersecurity 0 points | 0 comments https://securityaffairs.com/169557/security/u-s-cisa-adds-windows-and-qualcomm-bugs-known-exploited-vulnerabilities-catalog.htmlSH.ITJUST.WORKS
9 Oct KEVCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-23113  Fortinet Multiple Products Format String Vulnerability CVE-2024-9379  Ivanti Cloud Services Appliance (CSA) SQL Inje…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
9 Oct KEVCISA Warns of Microsoft Zero-Day Vulnerabilities Exploited in the WildThe Cybersecurity and Infrastructure Security Agency (CISA) has warned regarding two critical zero-day vulnerabilities affecting Microsoft Windows products. These vulnerabilities, identified as CVE-2024-43572 and CVE-2024-43573, pose significant security risks and have been repor…GBHACKERS.COM
9 Oct KEVMicrosoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)submitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2024/10/08/cve-2024-43573-cve-2024-43572/SH.ITJUST.WORKS
9 OctExploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)submitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2024/10/09/exploit-cve-2024-45409/SH.ITJUST.WORKS
9 Oct KEVMicrosoft October update patches two zero-day vulnerabilities it says are being actively exploitedThe drama of Patch Tuesday often revolves around zero days, which in October’s haul of 117 vulnerabilities brings patch managers a total of five that have been publicly disclosed. Of those, Microsoft said that two are being actively exploited. The first is CVE-2024-43573 , intrig…CSOONLINE.COM
9 OctPalo Alto Networks Issues Fix for Critical Vulnerabilities, Including CVE-2024-9463 (CVSS 9.9)submitted by kid to cybersecurity 1 points | 0 comments https://securityonline.info/palo-alto-networks-issues-fix-for-critical-vulnerabilities-including-cve-2024-9463-cvss-9-9/SH.ITJUST.WORKS
⚠️ VULNERABILITY DISCLOSURE 22[−]
9 OctDeutschland ist Vizemeister bei DDoS-AngriffenDas Angriffsvolumen der DDoS-Attacken liegt mittlerweile bei 1,7 Terabit/s. Alexander56891 – shutterstock.com Die Zahl der DDoS-Attacken auf Technologiefirmen hat sich im vergangenen Halbjahr mehr als verdoppelt. Ihr Anteil an den betroffenen Branchen stieg innerhalb von sechs Mo…CSOONLINE.COM
9 Oct KEVMicrosoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the WildMicrosoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. …THEHACKERNEWS.COM
9 OctAPT group GoldenJackal deploys backdoors to air-gapped systemsCyberespionage group GoldenJackal, known to target government and diplomatic entities, has updated its toolset to include malware engineered to infect and steal data from air-gapped systems. Researchers from security firm ESET discovered the updated toolset while investigating a …CSOONLINE.COM
9 OctFrom Perfctl to InfoStealer, (Wed, Oct 9th)A few days ago, a new stealthy malware targeting Linux hosts made a lot of noise: perfctl[ 1 ]. The malware has been pretty well analyzed and I won't repeat what has been already disclosed. I found a copy of the "httpd" binary (SHA256:22e4a57ac560ebe1eff8957906589f4…ISC.SANS.EDU
9 Oct KEVThe CISO’s guide to establishing quantum resiliencePundits evangelize the benefits and challenges enterprises will face in a post-quantum era, but much still needs to be accomplished before these profound transformations of the computing world will appear to impact the way companies do business. And yet there is one area where pr…CSOONLINE.COM
9 OctN. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform MalwareThreat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagi…THEHACKERNEWS.COM
9 OctDutch police arrest admin of 'Bohemia/Cannabia' dark web marketAn international law enforcement operation led to the arrest of one of the three administrators of the dual dark web market 'Bohemia/Cannabia,' known for hosting ads for drug sales and distributed denial of service (DDoS) attacks. [...]BLEEPINGCOMPUTER.COM
9 OctResearchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol LibrariesDetails have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to cra…THEHACKERNEWS.COM
9 OctHackers targeted Android users by exploiting zero-day bug in Qualcomm chipsEXC: Security researchers at Google and Amnesty International discovered hackers exploiting the bug in an active hacking campaign. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
9 OctHow open source SIEM and XDR tackle evolving threatsEvolving threats require security solutions that match the sophistication of modern threats. Learn more about how Wazuh, the open-source XDR and SIEM, tackles these threats. [...]BLEEPINGCOMPUTER.COM
9 Oct KEVMozilla fixes Firefox zero-day actively exploited in attacksMozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks. [...]BLEEPINGCOMPUTER.COM
9 OctGoogle Joins Forces with GASA and DNS RF to Tackle Online Scams at ScaleGoogle on Wednesday announced a new partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams. The initiative, which has been codenamed the Global Signal Exchange (GSE), is designed to create real-time insights into scams, f…THEHACKERNEWS.COM
9 Oct KEVMozilla fixes Firefox zero-day actively exploited in attackssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-day-actively-exploited-in-attacks/SH.ITJUST.WORKS
9 OctHackers targeted Android users by exploiting zero-day bug in Qualcomm chipssubmitted by BrikoX to cybersecurity 2 points | 0 comments https://techcrunch.com/2024/10/09/hackers-were-targeting-android-users-with-qualcomm-zero-day/ Security researchers at Google and Amnesty International discovered hackers exploiting the bug in an active hacking campaign.SH.ITJUST.WORKS
9 OctPalo Alto Networks warns of firewall hijack bugs with public exploitPalo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls. [...]BLEEPINGCOMPUTER.COM
9 OctIvanti CSA Customers Targeted in New Zero Day AttacksAttackers Chain Three Security Flaws with Patched Admin Bypass Vulnerability Internet appliance maker Ivanti warned customers Tuesday that attackers are actively exploiting new vulnerabilities in Cloud Services Appliance instances by chaining three security flaws with a zero-day …DATABREACHTODAY.CO.UK
9 OctCareer Spotlight: The Growing Demand for OT Security ExpertsCritical Infrastructure Firms Are Hiring - and Paying Well As digital transformation continues to reshape industries, the convergence of operational technology and cybersecurity has emerged as a critical area of focus. But there's a noticeable gap in the workforce. Professionals …DATABREACHTODAY.CO.UK
9 OctUS DOJ Developing Guidelines for AI Use in Law EnforcementJustice Department Aiming to Emphasize Privacy and Security in AI Deployment The U.S. Department of Justice is drafting new guidelines for law enforcement on the use of artificial intelligence and facial recognition tools to enhance public safety while safeguarding civil rights a…DATABREACHTODAY.CO.UK
9 OctCISA says critical Fortinet RCE flaw now exploited in attacks​Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. [...]BLEEPINGCOMPUTER.COM
📋 SECURITY BULLETINS 2[−]
9 OctOctober Patch Tuesday harvest hauls in 117 CVEsBumper crop of Windows vulns leads the way; 15 product groups representedSOPHOS.COM
9 OctChrome Security Update, Patched for High-Severity VulnerabilitiesGoogle has rolled out a new update for its Chrome browser, addressing several high-severity security vulnerabilities. The Stable channel has been updated to version 129.0.6668.100/.101 for Windows and Mac and 129.0.6668.100 for Linux. Users will be able to access this update over…GBHACKERS.COM
📢 SECURITY ADVISORIES 8[−]
9 OctHalliburton räumt Datendiebstahl einNach dem Colonial-Pipeline-Desaster im Jahr 2021 rückt mit Halliburton nun erneut ein US-Unternehmen im Bereich kritischer Infrastrukturen ins “Cyberrampenlicht”. douglasmack | shutterstock.com Wie Reuters unter Berufung auf einen anonymen Insider berichtet , ist der texanische Ö…CSOONLINE.COM
9 OctCISA Alerted Users to Remain Vigil on Natural Disasters ScamAs hurricanes and other natural disasters feel their presence, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning urging individuals to be on high alert for potential malicious cyber activities. The agency highlights the increased risk of fraudulent …GBHACKERS.COM
9 OctStaff Stories Spotlight Series: Cybersecurity Awareness Month 2024This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interes…NIST.GOV
9 OctUK to Continue Disruptive Actions Targeting CybercrimeStephen Doughty Says Cybersecurity Vital to National And Economic Security The British government will continue disruptive actions against ransomware and malware operators, a top U.K. government official vowed Wednesday. Stephen Doughty, Minister of State, said the recently elect…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 22[−]
9 OctMoneyGram confirms breach involving SSNs and other customer dataAnyone who wants to transfer cash quickly and easily from country A to country B nowadays resorts to international payment providers. The largest in the world are Western Union and MoneyGram. Both companies offer the option of depositing and withdrawing cash within minutes, quick…CSOONLINE.COM
9 OctMicrochip Technology gehacktMicrochip Technology fertigt unter anderem Mikrocontroller und FPGAs für verschiedene Branchen, etwa Automotive sowie Rüstung, Luft- und Raumfahrt. Valeriya Zankovych | shutterstock.com Der in Chandler im US-Bundesstaat Arizona beheimatete Halbleiterproduzent Microchip Technology…CSOONLINE.COM
9 OctToyota erneut um Daten erleichtertKriminelle Hacker konnten ein weiteres Mal bei Toyota zuschlagen. Hrach Hovhannisyan – shutterstock.com Datenpannen und -Leaks haben beim japanischen Autoriesen fast schon “Tradition”: Im März 2019 wurde der Konzern und zahlreiche seiner Tochtergesellschaften zum Opfer eines groß…CSOONLINE.COM
9 OctMicrosoft Detects Growing Use of File Hosting Services in Business Email Compromise AttacksMicrosoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat ac…THEHACKERNEWS.COM
9 OctWhite House official says, insurance companies need to stop paying ransoms. Cyber Security Today for Wednesday, October 9, 2024Cybersecurity Alert: White House Urges Insurance Reform & Major Hacks Revealed In this episode of Cybersecurity Today, host Jim Love covers significant developments in cybersecurity policy and breaches. The White House, represented by U.S. Deputy National Security Advisor Ann Neu…CYBERSECURITYTODAY.LIBSYN.COM
9 OctDark Angels Ransomware Attacking Windows And Linux/ESXi SystemsThe sophisticated ransomware group Dark Angels, active since 2022, targets large companies for substantial ransom payments by employing third-party ransomware payloads like Babuk, RTM Locker, and RagnarLocker to encrypt files on Windows and Linux systems. It employs ransomware in…GBHACKERS.COM
9 OctHackers Breached Japan Aerospace Company’s President AccountHackers have infiltrated the Japan Aerospace Exploration Agency (JAXA), compromising the accounts of several high-ranking officials, including President Hiroshi Yamakawa. This alarming incident is part of a series of cyberattacks targeting JAXA since June 2023, raising concerns a…GBHACKERS.COM
9 OctSocial Media Accounts: The Weak Link in Organizational SaaS SecuritySocial media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social …THEHACKERNEWS.COM
9 OctMeow ransomware gang claims Superior Court of Californiasubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/cybercrime/california-superior-court-sonoma-ransomware-attack-meow/SH.ITJUST.WORKS
9 OctCybersecurity Awareness Month: Horror storiesWhen it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior. October is Cybersecurity Awareness Month, the time of year when we cele…SECURITYINTELLIGENCE.COM
9 OctDumpForums Claim 10TB Data Breach at Russian Cybersecurity Firm Dr.Websubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/dumpforums-russian-cybersecurity-firm-dr-web-data-breach/SH.ITJUST.WORKS
9 OctJAXA Cyberattack: Hackers Breach Accounts of Top Officials, Exposing Sensitive Space and Defense Datasubmitted by kid to cybersecurity 1 points | 0 comments https://securityonline.info/jaxa-cyberattack-hackers-breach-accounts-of-top-officials-exposing-sensitive-space-and-defense-data/SH.ITJUST.WORKS
9 OctCasio Hit By CyberattackPACKETSTORMSECURITY.COM
9 Oct31 New Ransomware Groups Join the Ecosystem in 12 Monthssubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/new-ransomware-groups-emerge-2024/SH.ITJUST.WORKS
9 OctRecent Dr.Web cyberattack claimed by pro-Ukrainian hacktivistsA group of pro-Ukrainian hacktivists has claimed responsibility for the September breach of Russian security company Doctor Web (Dr.Web). [...]BLEEPINGCOMPUTER.COM
9 OctIndia’s Star Health confirms data breach after cybercriminals post customers’ health data onlineThe insurance giant confirmed a data breach, weeks after cybercriminals posted alleged customer health and medical data online. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
9 OctCounty 911 Service Notifying 180,000 About Breach in JulyCompromised Patient Info Dates Back to 2011 at Muskogee City County 911 Service An Oklahoma county provider of medical, fire, police and other 911 emergency services is notifying 180,000 individuals that their health information may have been compromised in a recent ransomware at…DATABREACHTODAY.CO.UK
9 OctInternet Archive hacked, data breach impacts 31 million usersInternet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. [...]BLEEPINGCOMPUTER.COM
9 OctSmashing Security podcast #388: Vacuum cleaner voyeur, and pepperoni pact blocks payoutJoin us as we delve into the world of unexpected security breaches and legal loopholes, where your robot vacuum cleaner might be spying on you, and ordering a pizza could cost you your right to sue. All this and more is discussed in the latest edition of the "Smashing Security" p…GRAHAMCLULEY.COM
9 OctMarriott Pays $52M to Settle US States Data Breach LitigationHotel Chain Also Settles with Federal Trade Commission The world's largest hotel chain agreed Wednesday to pay $52 million and agree to two decades of third-party monitoring of its cybersecurity program to settle a rash of data breaches affecting millions of guests. The multi-mil…DATABREACHTODAY.CO.UK
9 OctInternet Archive - 31,081,179 breached accountsIn September 2024, the digital library of internet sites Internet Archive suffered a data breach that exposed 31M records . The breach exposed user records including email addresses, screen names and bcrypt password hashes.HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 12[−]
9 OctISC Stormcast For Wednesday, October 9th, 2024 https://isc.sans.edu/podcastdetail/9172, (Wed, Oct 9th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
9 OctHurricane Deepfakes Flood Social MediaAs the recent hurricane Helene caused major damage and as hurricane Milton is expected to make landfall in Florida soon, deepfakes are spreading misinformation on social media.KNOWBE4.COM
9 OctAuto-Identification Smart GlassesTwo students have created a demo of a smart-glasses app that performs automatic facial recognition and then information lookups. Kind of obvious, but the sort of creepy demo that gets attention. News article .SCHNEIER.COM
9 OctMicrosoft Warns of Sophisticated Identity Phishing Campaigns Misusing File Hosting Servicessubmitted by kid to cybersecurity 2 points | 0 comments https://securityonline.info/microsoft-warns-of-sophisticated-identity-phishing-campaigns-misusing-file-hosting-services/SH.ITJUST.WORKS
9 OctHow Network Security Platformization Paid Off with 174% ROICybersecurity platformization can pay off for your organization in numerous ways, getting a 174% return on investment and realizing a NPV of $26.2 million. The post How Network Security Platformization Paid Off with 174% ROI appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
9 OctLarge scale Google Ads campaign targets utility softwaresubmitted by kid to cybersecurity 1 points | 0 comments https://www.malwarebytes.com/blog/news/2024/10/large-scale-google-ads-campaign-targets-utility-softwareSH.ITJUST.WORKS
9 OctNew Mamba 2FA bypass service targets Microsoft 365 accountssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/new-mamba-2fa-bypass-service-targets-microsoft-365-accounts/SH.ITJUST.WORKS
9 OctWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
9 OctMalicious Pixels: Criminals Revamp QR Code Phishing AttacksAttackers Use ASCII Characters to Create Tough-to-Spot QR Codes, Barracuda Warns Attackers are moving beyond using QR code images added to phishing emails to trick victims into visiting malicious sites, and using ASCII "full block" characters to build working QR codes designed to…DATABREACHTODAY.CO.UK
9 OctAI, American Water, Broadband, Claroty, Okta, Meta, Phishing, Robocop, Josh Marpet... - SWN #420AI Fest, American Water, Broadband, Claroty, Okta, Meta, Phishing, Robocop, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-420YOUTUBE.COM
9 OctAustralia May Require Businesses to Report Ransom PaymentsCyber Bill Says the Government Can't Use Information to Prosecute Victims Ransom payments are typically tightly held secrets between cybercriminals and their victims, but the Australian government has introduced a cybersecurity bill in Parliament that would require require larger…DATABREACHTODAY.CO.UK
9 OctHuman Security Raises $50M+ to Take on Click-Fraud DefenseWestCap-Led Funding to Drive Click-Fraud Protection, Ad Integrity Expansion Human Security's recent $50 million growth funding, led by WestCap, will drive the development of click-fraud defense and enhance advertising integrity solutions. CEO Stu Solomon aims to leverage the fund…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 4[−]
9 OctHow Hackers Use Legit Programs to Smuggle Malware!Hackers are getting smarter every day. They can smuggle malware by abusing legitimate, trusted programs to sneak their payloads past security. But it doesn’t stop there – John Hammond explains how they often encrypt the real malware, making it nearly impossible to detect! Learn h…YOUTUBE.COM
9 OctCrypto-stealing malware campaign infects 28,000 peopleOver 28,000 people from Russia, Turkey, Ukraine, and other countries in the Eurasian region were impacted by a large-scale cryptocurrency-stealing malware campaign. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 10[−]
9 OctAuthentication codes from a service you don't have an account with | Kaspersky official blogWe explain what to do if you receive text messages with one-time authentication codes from a service you don't have an account with (and what this might mean).KASPERSKY.COM
9 OctAmazon revamps Ring subscriptions with AI video searchAmazon is introducing new Ring subscription plans, including a tier that'll bring 24/7 recording and AI-powered video search. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
9 OctDiscord blocked in Russia and Turkey for spreading illegal contentDiscord has been suddenly blocked in Russia and Turkey since yesterday due to illegal activity residing on the platform, leaving legitimate users in those countries unable to visit the website or connect to the service. [...]BLEEPINGCOMPUTER.COM
9 OctThe Disappearance Of An Internet DomainPACKETSTORMSECURITY.COM
9 OctMicrosoft fixes Word bug that deleted users’ saved documentsMicrosoft has fixed a known issue that was causing Word to delete some Windows users' documents instead of saving them. [...]BLEEPINGCOMPUTER.COM
9 OctMicrosoft fixes Word bug that deleted documents when savingMicrosoft has fixed a known issue that was causing Word to delete some Windows users' documents instead of saving them. [...]BLEEPINGCOMPUTER.COM
9 OctLamborghini Carjackers Lured by $243M CyberheistThe parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later, while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six youn…KREBSONSECURITY.COM