🚨 CISA KEV 1[−]
21 Oct KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-9537 ScienceLogic SL1 Unspecified Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
21 OctThreatDown (Malwarebytes) misses important vulnerabilitysubmitted by angelmountain to cybersecurity 2 points | 0 comments https://feddit.nl/pictrs/image/924d4d05-11ef-4f08-b801-b3c6302c0225.png So my company is investigating whether it’s worth it to use ThreatDown (the corporate version of Malwarebytes) for endpoint-protection. Howeve…SH.ITJUST.WORKS
⚠️ VULNERABILITY DISCLOSURE 18[−]
21 OctSchutz vor Business E-Mail Compromise: 8 wichtige Punkte für Ihre BEC-RichtlinieLesen Sie, welche Punkte in einer Richtlinie zum Schutz vor Business E-Mail Compromise (BEC) enthalten sein sollten. Foto: MMD Creative – shutterstock.com Laut Verizon machten BEC-Angriffe (Business E-Mail Compromise) im Jahr 2023 mehr als 50 Prozent der Vorfälle im Bereich Socia…CSOONLINE.COM
21 OctFBI Arrests Alabama Man in Connection to SEC Social Media Hack: Cyber Security Today for Monday, October 21st, 2024In today's episode of Cyber Security Today, sponsored by CDW Canada Tech Talks, host Jim Love dives into the latest tech news and cybersecurity updates. Key stories include the FBI arrest of Eric Council Jr. for hacking the SEC's social media, the release of VulnHuntr, an AI tool…CYBERSECURITYTODAY.LIBSYN.COM
21 OctFair Vote Canada Data Leak: 34k Email Addresses LeakedFair Vote Canada has disclosed a data leak affecting approximately 34,000 email addresses. While the organization assures that no financial information was compromised, the incident has raised concerns about data security practices. Fair Vote Canada revealed that the breach invol…GBHACKERS.COM
21 OctResearchers Discover Severe Security Flaws in Major E2EE Cloud Storage ProvidersCybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data. "The vulnerabilities range in severity: in many cases a malicious server can inject files, tamper w…THEHACKERNEWS.COM
21 OctFBI’s Most Wanted Hacker Arrested in MalpensaA 43-year-old Italian-Australian man, one of the FBI’s most wanted hackers, was apprehended at Milan’s Malpensa Airport after evading capture for over three years. The arrest, carried out by Milan State Police officers, marks a significant victory in the global fight …GBHACKERS.COM
21 OctMeet Latrodectus: Initial access brokers’ new favorite malware loaderThis year law enforcement agencies have disrupted some of the biggest botnets that were used as payload distribution platforms by ransomware gangs. But when big players disappear from the cybercriminal ecosystem others quickly step in to fill the void. Enter Latrodectus, a malwar…CSOONLINE.COM
21 OctRoundcube Webmail Vulnerability Exploited in Government AttackAn XSS vulnerability in Roundcube Webmail has been targeted for code execution against a governmental organization in a CIS country. The post Roundcube Webmail Vulnerability Exploited in Government Attack appeared first on SecurityWeek .SECURITYWEEK.COM
21 OctRussian group’s hack of Texas water system underscores critical OT cyber threatsCybersecurity threats to water utilities have accelerated in 2024 as Iranian, Chinese, and Russian threat actors increasingly target these critical systems. A spate of apparent joy-riding intrusions of rural water systems by could-be Russian state-linked hacktivists has continued…CSOONLINE.COM
21 OctSpectre flaw still haunts Intel and AMD chips, putting security at riskResearchers from ETH Zurich have discovered new vulnerabilities in Intel and AMD processors, six years after the Spectre security flaws were first identified. The new Spectre variant, named “Post-Barrier Spectre,” allows attackers to bypass critical security barriers and access s…CSOONLINE.COM
21 OctSophos to Acquire Secureworks to Accelerate Cybersecurity Services and Technology for Organizations WorldwideWe have exciting news! Two global cybersecurity leaders are joining forces to accelerate the delivery of advanced cybersecurity services and technology for organizations of all sizes around the world. Sophos today has announced a definitive agreement to acquire Secureworks®, the …SOPHOS.COM
21 OctCisco bestätigt DatenklauHacker haben Daten von Cisco gestohlen. JRdes – Shutterstock.com In der vergangenen Woche sorgte ein Darknet-Post mit angeblich gestohlenen Cisco-Daten für Aufregung. Hacker behaupteten unter anderem an API Tokens, Geschäftsdokumente und private Schlüssel von Entwickler-Kunden ge…CSOONLINE.COM
21 OctA Network Nerd's Take on Emergency Preparedness, (Tue, Oct 15th)Over the last month, two hurricanes barely missed me. Luckily, neither caused me any significant inconvenience. Sadly, others were not as lucky, and I think this is a good time to do a little "Lessons Learned" exercise. It made meÂ; ;reconsider some of my emerge…ISC.SANS.EDU
21 OctBumblebee malware returns after recent law enforcement disruptionThe Bumblebee malware loader has been spotted in new attacks recently, more than four months after Europol disrupted it during 'Operation Endgame' in May. [...]BLEEPINGCOMPUTER.COM
21 OctInsiders Confuse Microsoft 365 Copilot ResponsesAttack Method Exploits RAG-based Tech to Manipulate AI System's Output Researchers found an easy way to manipulate the responses of an artificial intelligence system that makes up the backend of tools such as Microsoft 365 Copilot, potentially compromising confidential informatio…DATABREACHTODAY.CO.UK
21 OctVMware Struggles to Fix Flaw Exploited at Chinese Hacking ContestFor the second time in as many months, VMware patches a remote code execution vulnerability first exploited at a Chinese hacking contest in June. The post VMware Struggles to Fix Flaw Exploited at Chinese Hacking Contest appeared first on SecurityWeek .SECURITYWEEK.COM
21 OctHackers exploit Roundcube webmail flaw to steal email, credentialsThreat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union. [...]BLEEPINGCOMPUTER.COM
21 OctResearchers Debut AI Tool That Helps Detect Zero-DaysVulnerability Tool Detected Flaws in OpenAI and Nvidia APIs Used in GitHub Projects Security researchers have developed an AI tool that can detect remote code flaws and arbitrary zero-day code in software. Protect AI applied the tool to nearly 10,000 GitHub projects and on CVSS d…DATABREACHTODAY.CO.UK
📋 SECURITY BULLETINS 1[−]
21 OctOver 6,000 WordPress hacked to install plugins pushing infostealersWordPress sites are being hacked to install malicious plugins that display fake software updates and errors to push information-stealing malware. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 7[−]
21 OctWhat makes a great CISOThe CISO’s role has evolved from managing technical controls to also supporting the business strategy. Becoming a great CISO requires more than technical expertise. To be highly effective, CISOs must balance business risks, protect against threats, and ensure organizational resil…CSOONLINE.COM
21 OctCISA Ramping Up Election Security Warnings As Voting BeginsUS Cyber Defense Agency Says Election is Secure Despite Intensifying Threats The Cybersecurity and Infrastructure Security Agency is ramping up its warnings of potential election interference and influence campaigns in the lead up to the November vote. But voters can be assured t…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 13[−]
21 OctWeekly Update 422Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Apparently, Stefan and I trying to work stuff out in real time about how to build more efficient features in HIBP is entertaining watch…TROYHUNT.COM
21 OctFair Vote Canada - 134,336 breached accountsIn March 2024, the Canadian national citizens' campaign for proportional representation Fair Vote Canada suffered a data breach . The incident was attributed to "a well-meaning volunteer" who inadvertently exposed data from 2020 which included 134k unique email addresse…HAVEIBEENPWNED.COM
21 OctInternet Archive Hacked Again During Service Restoration EffortsThe Internet Archive has suffered an email hack while working to restore services impacted by the recent cyberattacks. The post Internet Archive Hacked Again During Service Restoration Efforts appeared first on SecurityWeek .SECURITYWEEK.COM
21 OctFBI Arrested Hacker Behind the Takeover of the U.S. SEC X accountThe Federal Bureau of Investigation (FBI) has apprehended Eric Council Jr., a 25-year-old resident of Athens, Alabama, for his alleged involvement in the unauthorized takeover of the U.S. Securities and Exchange Commission’s (SEC) X account in January 2024. The incident cau…GBHACKERS.COM
21 OctElectric Motor Giant Nidec Confirms Data Stolen in Ransomware AttackElectric motor manufacturer Nidec confirms business and internal documents were stolen in a ransomware attack. The post Electric Motor Giant Nidec Confirms Data Stolen in Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
21 OctCisco Confirms Security Incident After Hacker Offers to Sell DataCisco has confirmed that some files have been stolen from its DevHub environment after a hacker offered to sell information. The post Cisco Confirms Security Incident After Hacker Offers to Sell Data appeared first on SecurityWeek .SECURITYWEEK.COM
21 OctInternet Archive breached twice within daysInternet Archive continues to be in trouble as, according to unnamed claims made on Sunday, it suffered a secondary breach days after falling prey to a security incident that exposed 31 million unique user authentication records. The second breach came to light as a bunch of user…CSOONLINE.COM
21 OctInternet Archive breached again through stolen access tokenssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/internet-archive-breached-again-through-stolen-access-tokens/SH.ITJUST.WORKS
21 OctChinese Nation-State Hackers APT41 Hit Gambling Sector for Financial GainThe prolific Chinese nation-state actor known as APT41 (aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti) has been attributed to a sophisticated cyber attack targeting the gambling and gaming industry. "Over a period of at least six months, the attackers stealthily gathered…THEHACKERNEWS.COM
21 OctCyber Attackers are Adopting a “Mobile First” Attack StrategyWith 16+ billion mobile devices in use worldwide, new data sheds light on how cyber attackers are shifting focus and tactics to put attacks into the victim’s hands.KNOWBE4.COM
21 OctDental Center Chain Settles Data Breach Lawsuit for $2.7M2023 Hacking Incident Affected 1.9 Million Patients, Employees A Michigan-based dental practice with 250 centers across nine states has agreed to pay $2.7 million under a preliminary settlement of a proposed consolidated class action lawsuit centered on a 2023 hacking incident re…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 24[−]
21 OctISC Stormcast For Monday, October 21st, 2024 https://isc.sans.edu/podcastdetail/9188, (Mon, Oct 21st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
21 OctCyprus thwarted a digital attack against the government's main online portalsubmitted by AmbiguousProps to cybersecurity 1 points | 0 comments https://apnews.com/article/cyprus-cyber-digital-attack-a5971b2387269a8c154a09998e3697f5SH.ITJUST.WORKS
21 OctHackers Mimic as ESET to Deliver Wiper MalwareHackers impersonated the cybersecurity firm ESET to distribute destructive wiper malware. The campaign, which began on October 8, 2024, utilized phishing emails that appeared to originate from ESET’s legitimate domain. The malicious emails, purportedly from “ESET̵…GBHACKERS.COM
21 OctAI and Hardware Hacking on the RiseBugcrowd’s Inside the Mind of a Hacker report surveys the thoughts of one of the world’s largest hacker communities. The post AI and Hardware Hacking on the Rise appeared first on SecurityWeek .SECURITYWEEK.COM
21 OctHackers Use Bumblebee Malware to Gain Access to Corporate NetworksA sophisticated malware loader known as Bumblebee has resurfaced, posing a significant threat to corporate networks worldwide. Cybersecurity researchers at Netskope Threat Labs have uncovered a new infection chain linked to Bumblebee. This marks its first appearance since Operati…GBHACKERS.COM
21 OctAI and the SEC Whistleblower ProgramTax farming is the practice of licensing tax collection to private contractors. Used heavily in ancient Rome, it’s largely fallen out of practice because of the obvious conflict of interest between the state and the contractor. Because tax farmers are primarily interested in shor…SCHNEIER.COM
21 OctAtlassian Patches Vulnerabilities in Bitbucket, Confluence, JiraAtlassian has released patches for high-severity vulnerabilities in Bitbucket, Confluence, and Jira Service Management. The post Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira appeared first on SecurityWeek .SECURITYWEEK.COM
21 OctSafeguard OT Environments with the Power of Precision AINew capabilities safeguard OT remote operations, mitigate risks for hard-to-patch assets, and extend protection into industrial environments. The post Safeguard OT Environments with the Power of Precision AI appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
21 OctBig Rewards Offered in Dedicated Google Cloud Bug Bounty ProgramMore than 460 products and services are covered under Google Cloud’s new VRP, with 140 eligible for top tier bug bounty rewards. The post Big Rewards Offered in Dedicated Google Cloud Bug Bounty Program appeared first on SecurityWeek .SECURITYWEEK.COM
21 OctBSides Orlando 2024 - bad livestreamsubmitted by ashar to security_cpe 1 points | 0 comments https://bsidesorlando.org/assets/images/logo-b.png Schedule The audio is difficult to understand and the video shows the presentation very badly. Live Stream Track 2INFOSEC.PUB
21 OctESET Distributor’s Systems Abused to Deliver Wiper MalwareESET has launched an investigation after a product distributor in Israel sent out emails delivering wiper malware. The post ESET Distributor’s Systems Abused to Deliver Wiper Malware appeared first on SecurityWeek .SECURITYWEEK.COM
21 OctMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 2 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
21 OctAttackers Target Exposed Docker Remote API Servers With perfctl MalwareWe observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware.TRENDMICRO.COM
21 OctMicrosoft geht jetzt unter die Phish-FängerMicrosoft geht zwar nicht unter die Imker, jagt aber Kriminelle mit süßen Daten. Shuttertstock – inspiring.team Die Anzahl, Arten und Qualität von Cyberangriffen nehmen beständig zu – soweit ein alter Hut. Neu ist aber, dass immer mehr gesetzestreue Cyberakteure in die IT-Offensi…CSOONLINE.COM
21 OctOrangeCon 2024 - 11 videossubmitted by ashar to security_cpe 1 points | 0 comments https://orangecon.nl/assets/img/logo_orange.png Schedule from the OrangeCon website OrangeCon Playlist Track 1 OrangeCon Playlist Track 2INFOSEC.PUB
21 OctSophos to Acquire SecureWorks in $859 Million All-Cash DealSophos plans to integrate Secureworks Taegis XDR platform into its MDR services across small, mid-sized, and enterprise segments. The post Sophos to Acquire SecureWorks in $859 Million All-Cash Deal appeared first on SecurityWeek .SECURITYWEEK.COM
21 OctKnowBe4's Cybersecurity Experts Shine at Barnes & Noble in New York CityNew York City's iconic Barnes & Noble on 5th Avenue recently featured the newly released books of two of KnowBe4's leading cybersecurity experts: Chief Human Risk Management Officer Perry Carpenter and Data-Driven Defense Evangelist Roger A. Grimes.KNOWBE4.COM
21 OctSophos Fortifies XDR Muscle With $859M Secureworks PurchaseDeal Enhances Sophos’ Managed Security Portfolio, Adds AI-Powered Taegis XDR Tool Sophos is acquiring Secureworks in a deal valued at $859 million, aiming to integrate its managed security services with Secureworks' Taegis XDR platform. This merger is expected to deliver advanced…DATABREACHTODAY.CO.UK
21 OctBsides Exeter 2024submitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/48831a2e-533c-4278-97d2-3ae507c0c1b4.png Keynotes Purple Track Blue Track Red Track Misc TalksINFOSEC.PUB
21 OctNew York Detective Indicted for Darknet Card Data BuysFBI Tracking Alleged Fraudsters Using Evidence Seized From Shuttered Genesis Market An FBI probe into shuttered cybercrime site Genesis Market has led to the indictment of Terrance Ciszek, a now-suspended police detective in Buffalo, New York, who's been accused of buying stolen …DATABREACHTODAY.CO.UK
21 OctCertain ASUS laptops get BSOD when upgrading to Windows 11 24H2Microsoft is warning of Windows crashing with the blue screen of death on some ASUS laptop models when trying to upgrade to the latest version of the operating system, Windows 11 version 24H2. [...]BLEEPINGCOMPUTER.COM
21 OctMicrosoft blocks Windows 11 24H2 on two ASUS models due to crashesMicrosoft is warning of Windows crashing with the blue screen of death on some ASUS laptop models when trying to upgrade to the latest version of the operating system, Windows 11 version 24H2. [...]BLEEPINGCOMPUTER.COM
21 OctApple Offering Hackable iPhones to UniversitiesApple expands its Security Research Device Program to put hackable iPhones in the hands of select educators at the university level. The post Apple Offering Hackable iPhones to Universities appeared first on SecurityWeek .SECURITYWEEK.COM
21 OctWhere Do I Point the Camera?It's October 10th, 2024, and I've just stepped out of KB4-CON EMEA, my head buzzing with insights and my notebook filled with scribbles. I walk down the familiar streets around Liverpool Street station, I can't help but feel a sense of nostalgia - this is where my career in cyber…KNOWBE4.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
21 OctGuide: The Ultimate Pentest Checklist for Full-Stack SecurityPentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organization’s attack…THEHACKERNEWS.COM
21 OctContinued Intense Scanning From One IP in LithuaniaPlus a few interesting changes in the CVEs we track, and some notes on just what kinds of malware stagers we see.F5.COM
21 OctContinued Intense Scanning From One IP in LithuaniaPlus a few interesting changes in the CVEs we track, and some notes on just what kinds of malware stagers we see.F5.COM
📡 INFOSEC NEWS 6[−]
21 OctIndustry Moves for the week of October 21, 2024 - SecurityWeekExplore industry moves and significant changes in the industry for the week of October 21, 2024. Stay updated with the latest industry trends and shifts.SECURITYWEEK.COM
21 OctSecurity and privacy settings in MapMyRun | Kaspersky official blogHow to configure privacy in the MapMyRun app so that your personal data isn't exposed to just anyone.KASPERSKY.COM
21 OctTHN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)Hi there! Here’s your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Som…THEHACKERNEWS.COM
21 OctMeta tests facial recognition for spotting ‘celeb-bait’ ads scams and easier account recoveryMeta is expanding tests of facial recognition as an anti-scam measure to combat celebrity scam ads and more broadly, the Facebook owner announced Monday. Monika Bickert, Meta’s VP of content policy, wrote in a blog post that some of the tests aim to bolster its existing ant…TECHCRUNCH.COM
21 OctGoogle Voice scams: What are they and how do I avoid them?Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbersWELIVESECURITY.COM