🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
18 OctMicrosoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari BrowserMicrosoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data. The shortcoming, codenamed HM Surf by the t…THEHACKERNEWS.COM
18 OctSolarWinds Web Help Desk Vulnerability Allows Remote Code ExecutionA critical vulnerability in SolarWinds Web Help Desk has been identified. It could allow attackers to execute arbitrary code on affected systems. The vulnerability tracked as CVE-2024-28988 was discovered by the Trend Micro Zero Day Initiative (ZDI) team during their investigatio…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
18 OctGlobal Swift banking network readies AI platform to combat cyber threatsThe global Swift (Society for Worldwide Interbank Financial Telecommunication) messaging platform, fundamental to the movement of money around the globe by institutions, is about to deploy its first artificial intelligence (AI) system to detect fraud in the vast flow of transacti…CSOONLINE.COM
18 OctRisiko-Management für KMU: Die 8 wichtigsten Schritte zur Abwehr von RansomwareVerbessern Sie Ihre Selbstverteidigung, um große Schäden durch Ransomware zu vermeiden. Foto: Nomad_Soul – shutterstock.com Ransomware betrifft Unternehmen auf der ganzen Welt. Doch gerade kleine und mittelständische Unternehmen haben oft nur ein geringes Budget für die IT-Securi…CSOONLINE.COM
18 OctCisco ATA 190 Telephone Adapter Vulnerabilities Let Attackers Execute Remote CodeCisco has disclosed multiple vulnerabilities affecting its ATA 190 Series Analog Telephone Adapter firmware, posing significant user risks. These vulnerabilities could allow remote attackers to execute unauthorized actions, including remote code execution, configuration changes, …GBHACKERS.COM
18 OctEU’s NIS2 Directive for cybersecurity resilience enters full enforcementAfter years in development the European Union’s NIS2 Directive comes into full effect this week. NIS2 expands the scope of its predecessor to cover 15 sectors, including manufacturing, digital providers (online markets, social networks), and postal services, alongside the previou…CSOONLINE.COM
18 OctNIS2’s cybersecurity value spreads beyond its expanded scopeThe European Union’s NIS2 (Network and Information Security) Directive has come into force to update the first 2016 NIS regulation to better address an increasingly damaging cyber threat landscape. The latest version increases the scope of sectors and companies that must comply w…CSOONLINE.COM
18 OctOmni Family Health Data Breach Impacts 470,000 IndividualsOmni Family Health has disclosed a data breach impacting nearly 470,000 current and former patients and employees. The post Omni Family Health Data Breach Impacts 470,000 Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
18 Oct KEVMicrosoft fails to collect critical security logs, exposing customers to risksMicrosoft has admitted that it failed to collect crucial security logs for nearly a month due to a bug, leaving enterprise customers vulnerable to cyberattacks. The issue, which occurred between September 2 and October 3, disrupted the collection of vital log data used to monitor…CSOONLINE.COM
18 OctNorth Korean APT Exploited IE Zero-Day in Supply Chain AttackA Pyongyang-aligned APT was caught exploiting a recent zero-day in Internet Explorer in a supply chain attack. The post North Korean APT Exploited IE Zero-Day in Supply Chain Attack appeared first on SecurityWeek .SECURITYWEEK.COM
18 OctU.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long CampaignCybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks. "Since October 2023, Iranian actors have used brute …THEHACKERNEWS.COM
18 OctMicrosoft: macOS Vulnerability Potentially Exploited in Adware AttacksThe Adload macOS adware potentially exploits a privacy bypass vulnerability resolved in Sequoia 15 last month. The post Microsoft: macOS Vulnerability Potentially Exploited in Adware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
18 OctIntel, AMD CPUs on Linux impacted by newly disclosed Spectre bypassThe latest generations of Intel processors, including Xeon chips, and AMD's older Zen 1, Zen 1+, and Zen 2 microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing 'Spectre' mitigations. [...]BLEEPINGCOMPUTER.COM
18 Oct3 key considerations when evaluating GenAI solutions for cybersecurityAt the start of this year, I shared my view that 2024 would be when security practitioners bridge the cyber divide – the use of artificial intelligence (AI) for cybersecurity will be on the rise and technology providers will increasingly integrate generative AI (GenAI) into their…CSOONLINE.COM
18 OctLive Webinar | Strategies for Compliance, Vulnerability Management, and Third-Party Security under the CRADATABREACHTODAY.CO.UK
18 OctCybersecurity Success is Business Success - Theresa Lanowitz - ESW #380Secure by design is more than just AppSec - it addresses how the whole business designs systems and processes to be effective and resilient. The latest report from LevelBlue on Cyber Resilience reveals security programs that are reactive, ill-equipped, and disconnected from IT an…YOUTUBE.COM
18 OctPhishing Attacks Are Abusing Legitimate Services to Avoid DetectionMicrosoft warns that threat actors are abusing legitimate file-hosting services to launch phishing attacks. These attacks are more likely to bypass security filters and appear more convincing to employees who frequently use these services.KNOWBE4.COM
18 OctBlackBerry Cuts Cylance Spend to Focus on Profitable AreasCompany Shifts Cyber Focus to QNX and Secure Communications as Key Growth Drivers As Cylance continues to incur significant losses, BlackBerry is reallocating resources toward its more promising QNX and secure communications teams. The company expects its cybersecurity unit to st…DATABREACHTODAY.CO.UK
18 OctGet an Untrusted Security Advisor! Have Fun, Reduce Fail!Many organizations are looking for trusted advisors , and this applies to our beloved domain of cyber/information security. If you look at LinkedIn, many consultants present themselves as trusted advisors to CISOs or their teams. Untrusted Advisor by Dall-E via Copilot This perha…MEDIUM.COM
18 OctMultiple Vulnerabilities in Microsoft Edge (Chromium-based) Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Microsoft Edge (Chromium-based), the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the …CISECURITY.ORG
18 OctThreat actors exploiting zero-days faster than ever – Week in security with Tony AnscombeThe average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last yearWELIVESECURITY.COM
📢 SECURITY ADVISORIES 4[−]
🔥 INCIDENT REPORTING 19[−]
18 OctFast alle Cyberangriffe auf GenAI führen zum ErfolgLLMs wie Chatbots werden immer häufiger genutzt, aber selten ausreichend vor Cyberattacken geschützt. Shutterstock – GrandeDuc Pillar Security, ein israelisches Unternehmen für GenAI-Sicherheitslösungen, hat eine Studie zum „State of Attacks on GenAI“ veröffentlicht. Hohe Geschwi…CSOONLINE.COM
18 OctOrganizations Faster at Detecting OT Incidents, but Response Still Lacking: ReportSANS has published its 2024 State of ICS/OT Cybersecurity report, based on a survey of over 530 critical infrastructure sector professionals. The post Organizations Faster at Detecting OT Incidents, but Response Still Lacking: Report appeared first on SecurityWeek .SECURITYWEEK.COM
18 OctMicrosoft said it lost weeks of security logs for its customers' cloud productssubmitted by BrikoX to cybersecurity 1 points | 0 comments https://techcrunch.com/2024/10/17/microsoft-said-it-lost-weeks-of-security-logs-for-its-customers-cloud-products/ Missing logs could make it more difficult to identify unauthorized access to the customers’ networks during…SH.ITJUST.WORKS
18 OctCyberangriff auf Johannesstift DiakonieAufgrund einer Cyberattacke auf die Johannesstift Diakonie kämpfen mehrere Krankhäuser in Berlin mit technischen Problemen. yod370 – Shutterstock.com Die Johannesstift Diakonie ist das größte konfessionelle Gesundheits- und Sozialunternehmen in der Region Berlin und Nordostdeutsc…CSOONLINE.COM
18 OctCicada3301 Ransomware Targets Critical Sectors in US and UKsubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/cicada-ransomware-critical-sectors/SH.ITJUST.WORKS
18 OctBrazil's Federal Police arrest alleged National Public Data hackersubmitted by kid to cybersecurity 1 points | 0 comments https://cyberscoop.com/national-public-data-usdod-data-breach-arrested/SH.ITJUST.WORKS
18 OctRansomHub Overtakes LockBit as Most Prolific Ransomware Groupsubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/ransomhub-overtakes-lockbit/SH.ITJUST.WORKS
18 OctBianLian ransomware claims attack on Boston Children's Health Physicianssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/bianlian-ransomware-claims-attack-on-boston-childrens-health-physicians/SH.ITJUST.WORKS
18 OctThe Google Meet error you last saw could be someone trying to hack your systemWindows and Mac users are being targeted by a new social engineering campaign, ClickFix, that uses fake Google Meet landings for planting info-stealing malware onto victim systems. According to a research by the French cybersecurity company Sekoia, the campaign is a ClearFake var…CSOONLINE.COM
18 OctBrazil Arrests ‘USDoD,’ Hacker in FBI Infragard BreachBrazilian authorities reportedly have arrested a 33-year-old man on suspicion of being "USDoD," a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI's InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a…KREBSONSECURITY.COM
18 OctWhat’s behind the 51% drop in ransomware attacks?In a world where cyber threats feel omnipresent, a recent report has revealed some unexpected good news: ransomware attacks on state and local governments have dropped by 51% in 2024. Still, this decline does not signal the end of the ransomware threat, nor should it lead to comp…SECURITYINTELLIGENCE.COM
18 OctCicada3301 Ransomware Affiliate Program Infiltrated By Security ResearchersPACKETSTORMSECURITY.COM
18 OctNorth Korean IT Workers in Western Firms Now Demanding Ransom for Stolen DataNorth Korean information technology (IT) workers who obtain employment under false identities in Western companies are not only stealing intellectual property, but are also stepping up by demanding ransoms in order to not leak it, marking a new twist to their financially motivate…THEHACKERNEWS.COM
18 OctAlternative CISO career paths, budget planning, and one easy trick to bypass EDR! - ESW #380Finally, in the enterprise security news, 1. HUMAN, Relyance AI, and watchTowr raise funding this week 2. Alternative paths to becoming a CISO 3. Vendor booths don’t have to suck (for vendors or conference attendees!) 4. Budget planning guidance for 2025 5. CISOs might not be tha…YOUTUBE.COM
18 OctTech giant Nidec confirms data breach following ransomware attackNidec Corporation is informing that hackers behind a ransomware attack is suffered earlier this year stole data and leaked it on the dark web. [...]BLEEPINGCOMPUTER.COM
18 OctESET partner breached to send data wipers to Israeli orgsHackers breached ESET's exclusive partner in Israel to send phishing emails to Israeli businesses that pushed data wipers disguised as antivirus software for destructive attacks. [...]BLEEPINGCOMPUTER.COM
18 OctUK Company Hacked After Accidentally Hiring North Korean CybercriminalIn a shocking turn of events, an unnamed company based in the UK has fallen victim to a sophisticated cyber attack after inadvertently hiring a North Korean hacker as a remote IT worker.KNOWBE4.COM
18 OctBianLian Ransomware Gang Claims Heist of Pediatric DataBoston Children's Health Physicians Says Incident Involved Unnamed IT Vendor Ransomware gang BianLian has listed Boston Children's Health Physicians - a pediatric group that practices in New York and Connecticut - on its dark web site, threatening to release stolen patient and em…DATABREACHTODAY.CO.UK
18 OctCisco takes DevHub portal offline after hacker publishes stolen dataCisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it continues to state that there is no evidence that its systems were breached. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 23[−]
18 OctISC Stormcast For Friday, October 18th, 2024 https://isc.sans.edu/podcastdetail/9186, (Fri, Oct 18th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
18 OctHacker Arrested for Invading Computers & Selling Police DataThe Federal Police arrested a 33-year-old Brazilian hacker in Belo Horizonte, Minas Gerais. The suspect is accused of infiltrating the systems of the Federal Police (PF) and other international institutions to sell sensitive data. This arrest marks a critical step in addressing c…GBHACKERS.COM
18 OctCyera Acquires Data Loss Prevention Firm Trail Security for $162 MillionData security company Cyera has acquired stealth mode startup Trail Security for its data loss prevention (DLP) technology. The post Cyera Acquires Data Loss Prevention Firm Trail Security for $162 Million appeared first on SecurityWeek .SECURITYWEEK.COM
18 OctAlabama Man Arrested in SEC Social Media Account Hack That Led the Price of Bitcoin to SpikeAn Alabama man has been arrested over his role in the hacking of the SEC's X account, which led to a Bitcoin price spike. The post Alabama Man Arrested in SEC Social Media Account Hack That Led the Price of Bitcoin to Spike appeared first on SecurityWeek .SECURITYWEEK.COM
18 OctNorth Korean Fake IT Workers Extort Employers After Stealing DataNorth Korean nationals posing as IT workers have been extorting their employers after gaining insider access. The post North Korean Fake IT Workers Extort Employers After Stealing Data appeared first on SecurityWeek .SECURITYWEEK.COM
18 OctBeware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix CampaignThreat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems. "This tactic involves displaying fake error messages in web browsers to deceive users into copying and execu…THEHACKERNEWS.COM
18 OctRising Tides: Christien “DilDog” Rioux on Building Privacy and What Makes Hackers UniqueVeracode and Veilid Foundation co-founder discusses the "human rights issue" of accessible privacy and what makes hackers unique. The post Rising Tides: Christien “DilDog” Rioux on Building Privacy and What Makes Hackers Unique appeared first on SecurityWeek .SECURITYWEEK.COM
18 OctRussian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variantsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2024/10/russian-romcom-attacks-target-ukrainian.htmlSH.ITJUST.WORKS
18 OctClickFix Attack: Fake Google Meet Alerts Install Malware on Windows, macOSsubmitted by kid to cybersecurity 2 points | 0 comments https://hackread.com/clickfix-fake-google-meet-alerts-windows-macos-malware/SH.ITJUST.WORKS
18 OctIn Other News: China Making Big Claims, ConfusedPilot AI Attack, Microsoft Security Log IssuesNoteworthy stories that might have slipped under the radar: China making claims about encryption cracking and Intel backdoors, ConfusedPilot AI attack, Microsoft loses security logs. The post In Other News: China Making Big Claims, ConfusedPilot AI Attack, Microsoft Security Log …SECURITYWEEK.COM
18 OctRoosh Ventures Invests in French Freelance Platform JumpRoosh Ventures, a Ukrainian investment firm, has announced its investment in the French freelance platform Jump. This move was revealed by Serhiy Tokarev, co-founder of Roosh Ventures, on his LinkedIn page, highlighting the platform’s innovative approach to supporting freel…GBHACKERS.COM
18 OctOff-Topic Fridaysubmitted by shellsharks to cybersecurity 3 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
18 OctAdvice needed: dmarc setup and mail.rusubmitted by Seigest to cybersecurity 1 points | 0 comments https://lemmy.ca/pictrs/image/cd0de71e-e20f-4927-9463-b7c403ff68ce.png I’m not in the security field so sorry if I seem like a newbie. Not sure where else to ask. I setup my own email domain thing with the help of some k…SH.ITJUST.WORKS
18 OctJustice Department Indicts Tech CEO for Falsifying Security CertificationsThe Wall Street Journal is reporting that the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business.SCHNEIER.COM
18 OctISMG Editors: DSPM, DLP Converge to Reshape Data SecurityAlso: Impact of NIS2 Directive in Europe, Cloud Governance Challenges In the latest weekly update, ISMG editors discussed the strategic convergence of data security posture management and data loss prevention technologies, evolving priorities of security leaders and the urgent re…DATABREACHTODAY.CO.UK
18 OctExploring Unified SASE as a Service - Renuka Nadkarni - ESW #380Implementing SASE can be tricky and onerous, but it doesn't have to be. Today, we discuss Unified SASE as a Service with Renuka Nadkarni, Chief Product Officer at Aryaka. Particularly, how can Unified SASE make both networking and security more flexible and agile? IT and security…YOUTUBE.COM
18 OctMilitary Exercises Trigger Russian DDoS Attacks on JapanRussian Actors Disrupt Websites of Political Party, Business and Government Groups Plans by Japan and U.S. to conduct military exercises near the coast of eastern Russia prompted Russia-linked threat actors to unleash a series of denial-of-service attacks this week against a doze…DATABREACHTODAY.CO.UK
18 OctStealing, Kubernetes, Passkeys, SolarWinds, Intel, Sextortion, and... - SWN #423Stealing Pencils, Kubernetes, Passkeys, SolarWinds, Intel, North Koreans, Sextortion, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-423YOUTUBE.COM
18 OctCyberArk CEO on Why Venafi's Machine Identity Chops MatterMatt Cohen on How CyberArk Plans to Unify Machine, Human Identity Security by 2026 CyberArk's $1.54 billion acquisition of Venafi strengthens its leadership in identity security, integrating machine identity management with its current human identity platform, according to CEO Ma…DATABREACHTODAY.CO.UK
18 OctFBI Warns Scammers Are Targeting Law Firms For Phony Debt CollectionsThe U.S. FBI warns that scammers are attempting to trick law firms into transferring money as part of a phony debt collection scheme.KNOWBE4.COM
18 OctNorth Korean IT Scam Workers Shift to Extortion TacticsReport Reveals North Korean Workers Expanding into Intellectual Property Theft North Korean threat actors posing as remote information technology workers are increasingly extorting ransom from Western companies after securing jobs under false pretenses, according to a new report …DATABREACHTODAY.CO.UK
18 OctHacker Poses as Israeli Security Vendor to Deliver WiperPhishing Emails Impersonating Eset Target Cybersecurity Professionals With Malware Cybercriminals posing as a top security firm in Israel have launched wiper attacks on local cybersecurity professionals after bypassing significant security measures, according to recent reports. C…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 2[−]
18 OctInternship Offers for the 2024-2025 SeasonThe internship season is back at Quarkslab! Our internship topics cover a wide range of our expertise and aim at tackling new challenges, namely:QUARKSLAB.COM
📡 INFOSEC NEWS 6[−]
18 OctThe Ultimate DSPM Guide: Webinar on Building a Strong Data Security PosturePicture your company's data as a vast, complex jigsaw puzzle—scattered across clouds, devices, and networks. Some pieces are hidden, some misplaced, and others might even be missing entirely. Keeping your data secure in today’s fast-evolving landscape can feel like an impossible …THEHACKERNEWS.COM
18 OctHow to leverage $200 million FCC program boosting K-12 cybersecurityIn 2024, the Federal Communications Commission (FCC) launched the K-12 Cybersecurity Pilot Program, a groundbreaking initiative backed by $200 million in funding. Learn more from Cynet about how schools and libraries can apply to this program. [...]BLEEPINGCOMPUTER.COM
18 OctGartner 2024 CNAPP Market Guide Insights for LeadersAs businesses increasingly pivot to cloud-native applications, the landscape of cybersecurity becomes ever more challenging.TRENDMICRO.COM