🚨 CISA KEV 2[−]
22 Oct KEVCISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day AttackThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracke…THEHACKERNEWS.COM
22 Oct KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber a…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
22 OctVMware Releases vCenter Server Update to Fix Critical RCE VulnerabilityVMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the implementati…THEHACKERNEWS.COM
22 OctVMware fixes bad patch for critical vCenter Server RCE flawVMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 34[−]
22 OctHackers exploit Roundcube webmail flaw to steal email, credentialssubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/hackers-exploit-roundcube-webmail-flaw-to-steal-email-credentials/ Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government org…SH.ITJUST.WORKS
22 OctUsing gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional ApproachIn this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts.TRENDMICRO.COM
22 OctPharma Giant Johnson & Johnson Discloses Data BreachJohnson & Johnson has disclosed a data breach impacting the personal information of thousands of people. The post Pharma Giant Johnson & Johnson Discloses Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
22 Oct7 risk management mistakes CISOs still makeCISOs know risk management is essential for building and maintaining a resilient enterprise security posture. Yet despite their best efforts and good intentions, many security leaders continue to fall into common traps that undermine their best efforts. Regardless of your enterpr…CSOONLINE.COM
22 OctLow turnover leaves job-seeking CISOs with nowhere to goCISO job turnover is continuing to drop, placing security leaders looking to gain a salary increase or leave an unfulfilling role in a difficult position. Turnover in top security roles decreased from 21% in 2022 to 12% in 2023, and further to an annualized 11% in H1 2024, limiti…CSOONLINE.COM
22 OctBumblebee Malware Loader Resurfaces Following Law Enforcement TakedownNew malicious campaign suggests the Bumblebee malware loader might be resurfacing following the May 2024 law enforcement takedown. The post Bumblebee Malware Loader Resurfaces Following Law Enforcement Takedown appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctBumblebee and Latrodectus Malware Return with Sophisticated Phishing StrategiesTwo malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Bumblebee and Latrodectus, which are both malware loaders, are designed to steal personal data, along with dow…THEHACKERNEWS.COM
22 OctIcePeony Hackers Exploiting Public Web Servers To Inject WebshellsIcePeony, a China-nexus APT group, has been active since 2023, targeting India, Mauritius, and Vietnam by exploiting SQL injection vulnerabilities to compromise systems using webshells and backdoors, leveraging a custom IIS malware called IceCache. The attackers accidentally expo…GBHACKERS.COM
22 OctCritical Chrome Vulnerabilities Let Malicious Apps Run Shell Command on Your PCResearchers discovered vulnerabilities in the Chromium web browser that allowed malicious extensions to escape the sandbox and execute arbitrary code on the user’s system. These vulnerabilities exploited the privileged nature of WebUI pages, which provide the user interface…GBHACKERS.COM
22 OctNew AI Tool To Discover 0-Days At Large Scale With A Click Of A ButtonVulnhuntr, a static code analyzer using large language models (LLMs), discovered over a dozen zero-day vulnerabilities in popular open-source AI projects on Github (over 10,000 stars) within hours. These vulnerabilities include Local File Inclusion (LFI), Cross-Site Scripti…GBHACKERS.COM
22 OctBumblebee malware returns after recent law enforcement disruptionsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/bumblebee-malware-returns-after-recent-law-enforcement-disruption/SH.ITJUST.WORKS
22 OctFortinet releases patches for undisclosed critical FortiManager vulnerabilitysubmitted by kid to cybersecurity 2 points | 0 comments https://www.helpnetsecurity.com/2024/10/21/fortimanager-critical-vulnerability/SH.ITJUST.WORKS
22 OctSocket lands a fresh $40M to scan software for security flawsThe software supply chain, which comprises the components and processes used to develop software, has become precarious. According to one recent survey, 88% of companies believe poor software supply chain security presents an “enterprise-wide risk” to their organizations. Open so…TECHCRUNCH.COM
22 OctSocket Accelerates Open-Source Security With $40M Series BSocket Plans to Triple Headcount After Big Growth, Deliver Open-Source Tools Faster A $40 million Series B investment will support Socket in rapidly scaling its team and product development. Following a 400% revenue increase, the company plans to build on its success by expanding…DATABREACHTODAY.CO.UK
22 OctIBM adds quantum-resistant controls within new security suiteIn an effort to arm organizations against emerging AI and quantum-computing driven threats, IBM has announced Guardian Data Security Center, an offering it claims can integrate and streamline targeted security workflows under unified controls. “IBM Guardium Data Security Center i…CSOONLINE.COM
22 Oct KEVGoogle Warns of Samsung Zero-Day Exploited in the WildA zero-day vulnerability in Samsung mobile processors has been abused as part of an exploit chain for arbitrary code execution. The post Google Warns of Samsung Zero-Day Exploited in the Wild appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctSecurity Flaw in Styra's OPA Exposes NTLM Hashes to Remote AttackersDetails have emerged about a now-patched security flaw in Styra's Open Policy Agent (OPA) that, if successfully exploited, could have led to leakage of New Technology LAN Manager (NTLM) hashes. "The vulnerability could have allowed an attacker to leak the NTLM credentials of the …THEHACKERNEWS.COM
22 OctCybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining AttacksBad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. "In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute th…THEHACKERNEWS.COM
22 OctCISA Releases One Industrial Control Systems AdvisoryCISA released one Industrial Control Systems (ICS) advisory on October 22, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-296-01 ICONICS and Mitsubishi Electric Products CISA encourages users…CISA.GOV
22 OctAligning Tech Execs on Cyber Resilience - Theresa Lanowitz - BSW #369Getting C-Suite execs aligned on cyber resilience and cybersecurity can be a challenge. LevelBlue's recent Futures™️ report sought to uncover the barriers that prevent companies from achieving cyber resilience in the enterprise today. The report not only surveyed C-Suite execs (C…YOUTUBE.COM
22 OctBeyond ChatGPT: The rise of agentic AI and its implications for securityThe emergence of generative artificial intelligence (genAI) large language models (LLMs) — such as ChatGPT — has created an earthquake of change that has rippled through every industry and every business. We have all felt the shocks. But these shocks have introduced new capabilit…CSOONLINE.COM
22 OctThe Complexities, Configurations, and Challenges in Cloud Security - Scott Piper - ASW #304Building cloud native apps doesn't mean you're immune to dealing with legacy systems. Cloud services have changed significantly over the last decade, both in the security controls available to them and the sheer volume of services that CSPs provide. Scott Piper shares some histor…YOUTUBE.COM
22 OctExploit released for new Windows Server "WinReg" NTLM Relay attackProof-of-concept exploit code is now public for a vulnerability in Microsoft's Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the authentication process. [...]BLEEPINGCOMPUTER.COM
22 Oct5 new protections on Google Messages to help keep you safePosted by Jan Jedrzejowicz, Director of Product, Android and Business Communications; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Stephan Somogyi, Product Lead, User Protection; Branden Archer, Software Engineer Every day, over a billion peop…SECURITY.GOOGLEBLOG.COM
22 OctGophish Framework Used in Phishing Campaigns to Deploy Remote Access TrojansRussian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT. "The campaign involves modular infecti…THEHACKERNEWS.COM
22 OctNearly Two-Thirds of IT Leaders Have Fallen For Phishing AttacksSixty-four percent of IT leaders have clicked on phishing links, a new survey by Arctic Wolf has found. Despite this, 80% of these same professionals are confident their organization won’t fall victim to a phishing attack.KNOWBE4.COM
22 OctExploit released for new Windows Server "WinReg" NTLM Relay attacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/exploit-released-for-new-windows-server-winreg-ntlm-relay-attack/SH.ITJUST.WORKS
22 OctICS Detection Improves, Response Still LackingSANS Survey Finds Incident Detection Improving More incidents, vulnerability remediation timelines that can stretch into a year and mismatched budget priorities - such is the state of operational technology cybersecurity in 2024, according to participants in an annual SANS survey…DATABREACHTODAY.CO.UK
22 OctAWS, Azure auth keys found in Android and iOS apps used by millionsMultiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. [...]BLEEPINGCOMPUTER.COM
22 OctRetaining EU Adequacy Crucial to UK Economy: LawmakerEurope Will Renew or Deny Data Sharing Agreement in June The U.K. government should work ahead of a June deadline to retain its status as a trusted host of European commercial and law enforcement data, urged the head of a parliamentary committee. The economic value of an EU "adeq…DATABREACHTODAY.CO.UK
22 OctCritical OPA Vulnerability Exposes Windows CredentialsAttackers Could Exploit Flaw to Relay Credentials, Compromise Systems A critical vulnerability in Open Policy Agent could expose NTLM credentials from Windows systems, potentially affecting millions of users. Researchers at Tenable warn that attackers could exploit the flaw throu…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 7[−]
22 OctFBI & CISA Warns of Tactics Used by Hackers Targeting 2024 U.S. General ElectionThe Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint public service announcement (PSA) warning of sophisticated tactics foreign actors are employing to spread disinformation ahead of the 2024 U.S. general el…GBHACKERS.COM
22 OctSingapore unveils AI system guidelines, emphasizing secure-by-designSingapore has rolled out new cybersecurity measures to safeguard AI systems against traditional threats like supply chain attacks and emerging risks such as adversarial machine learning, including data poisoning and evasion attacks. In its Guidelines and Companion Guide for Secur…CSOONLINE.COM
22 OctNo, The Chinese Have Not Broken Modern Encryption Systems with a Quantum ComputerThe headline is pretty scary: “ China’s Quantum Computer Scientists Crack Military-Grade Encryption .” No, it’s not true. This debunking saved me the trouble of writing one. It all seems to have come from this news article , which wasn’t bad but was …SCHNEIER.COM
22 OctIoT Assignment Completed! Report on Barriers to U.S. IoT AdoptionThe 16 members of the NIST-managed Internet of Things (IoT) Advisory Board have completed their report on barriers to the U.S. receiving the benefits of IoT adoption, along with their recommendations for overcoming those barriers. As Benson Chan (Chair) and Dan Caprio (Vice Chair…NIST.GOV
22 OctWhat NIST’s post-quantum cryptography standards mean for data securityData security is the cornerstone of every business operation. Today, the security of sensitive data and communication depends on traditional cryptography methods, such as the RSA algorithm. While such algorithms secure against today’s threats, organizations must continue to…SECURITYINTELLIGENCE.COM
22 OctJSON Parsing, Email Parsing, CISA's Bad Practices Guide, Abusing Disclosure Policies - ASW #304Flaws that arise from inconsistent parsing of JSON and email addresses, CISA's guide to bad software practices, abusing a security disclosure process to take over a WordPress plugin, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https…YOUTUBE.COM
22 OctCISA proposes new security requirements to protect govt, personal dataThe U.S. Cybersecurity & Infrastructure Security Agency (CISA) is proposing security requirements to prevent adversary states from accessing American's personal data as well as government-related information. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 10[−]
22 OctWinnebago Public Schools Suffers Cyber Attack, Services Shut DownWinnebago Public Schools (WPS) in Nebraska was the victim of a cyberattack on October 21, 2024, which caused significant disruptions to its operations. The school district has been scrambling to restore its systems and maintain essential services. Superintendent Kamau Turner anno…GBHACKERS.COM
22 OctRansomware-Attacke auf Autozulieferer YorozuDie Server des Autoteilezulieferes Yorozu wurden verschlüsselt. mayam_studio – Shutterstock.com Der japanische Autoteilezulieferer Yorozu stellte kürzlich fest, dass seine Server verschlüsselt wurden. Das Unternehmen hat daraufhin alle betroffenen Systeme sowohl vom Internet als …CSOONLINE.COM
22 OctBlackCat Ransomware Successor Cicada3301 EmergesThe Cicada3301 ransomware shows multiple similarities with BlackCat and is believed to mark the reemergence of the threat. The post BlackCat Ransomware Successor Cicada3301 Emerges appeared first on SecurityWeek .SECURITYWEEK.COM
22 Oct50,000 Files Exposed in Nidec Ransomware Attacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/nidec-ransomware-attack-expose/SH.ITJUST.WORKS
22 OctOver 6,000 WordPress hacked to install plugins pushing infostealerssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/over-6-000-wordpress-hacked-to-install-plugins-pushing-infostealers/SH.ITJUST.WORKS
22 OctRussia-Linked Hacktivists Attack Japan's Govt, Portssubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/russia-linked-hackers-attack-japan-govt-portsSH.ITJUST.WORKS
22 OctData Storage In Spotlight Of Italian Security Committee After Intesa BreachPACKETSTORMSECURITY.COM
22 OctSEC charges tech companies for downplaying SolarWinds breachesThe SEC has charged four companies—Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast—for allegedly misleading investors about the impact of their breaches during the massive 2020 SolarWinds Orion hack. [...]BLEEPINGCOMPUTER.COM
22 OctMore Than 33,000 People in the UK Have Been Hacked Over the Past YearAction Fraud, the UK’s national fraud and cyber crime reporting service, warns that more than 33,000 people have reported that their online accounts have been hacked over the past year.KNOWBE4.COM
22 OctMicrosoft Threat Intelligence healthcare ransomware report highlights need for collective industry actionHealthcare organizations are an attractive target for ransomware attacks. Read our latest blog post to learn why and get strategies to protect yourself from cyberthreats. The post Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry …MICROSOFT.COM
🕵️ THREAT INTELLIGENCE 29[−]
22 OctISC Stormcast For Tuesday, October 22nd, 2024 https://isc.sans.edu/podcastdetail/9190, (Tue, Oct 22nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
22 OctWeChat modified TLS encryption protocol exposes users to security riskssubmitted by BrikoX to cybersecurity 2 points | 0 comments https://www.techspot.com/news/105208-wechat-modified-tls-encryption-protocol-exposes-users-security.html A recent investigation by the University of Toronto’s Citizen Lab has uncovered potential security weaknesses in WeC…SH.ITJUST.WORKS
22 OctBest practices on securing your AI deploymentAs organizations embrace generative AI, there are a host of benefits that they are expecting from these projects—from efficiency and productivity gains to improved speed of business to more innovation in products and services. However, one factor that forms a critical part …SECURITYINTELLIGENCE.COM
22 OctPalo Alto Networks Adds New Capabilities to OT Security SolutionPalo Alto Networks has added new remote access, virtual patching and firewall capabilities to its OT Security solution. The post Palo Alto Networks Adds New Capabilities to OT Security Solution appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctLatrodectus Malware Increasingly Used by CybercriminalsLatrodectus malware has been increasingly used by cybercriminals, with recent campaigns targeting the financial, automotive and healthcare sectors. The post Latrodectus Malware Increasingly Used by Cybercriminals appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctRussia-Linked Hackers Attacking Governmental And Political OrganizationsTwo pro-Russian threat actors launched a distributed denial-of-service (DDoS) attack campaign against Japanese organizations on October 14, 2024. The campaign targeted logistics, manufacturing, government, and political entities. An attack leveraged various non-spoofed direct-pat…GBHACKERS.COM
22 OctGHOSTPULSE Hides Within PNG File Pixel Structure To Evade DetectionsRecent campaigns targeting victims through social engineering tactics utilize LUMMA STEALER with GHOSTPULSE as its loader. By tricking victims into executing a series of Windows keyboard shortcuts, malicious JavaScript is executed, leading to the execution of a PowerShell script.…GBHACKERS.COM
22 OctSevere flaws in E2EE cloud storage platforms used by millionssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/severe-flaws-in-e2ee-cloud-storage-platforms-used-by-millions/SH.ITJUST.WORKS
22 OctAnti-Bot Services Help Cybercrooks Bypass Google 'Red Page'submitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/threat-intelligence/anti-bot-services-cybercrooks-bypass-google-red-pageSH.ITJUST.WORKS
22 OctCritical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to AttacksCritical and high-severity vulnerabilities that can lead to full device compromise have been found in mbNET.mini and Helmholz industrial routers. The post Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctBeware Of Callback Phishing Attacks Google Groups That Steal Login DetailsCallback phishing is a two-step attack involving phishing emails and phone calls. Victims are lured into calling a bogus number in the email, where attackers impersonate legitimate entities and trick victims into divulging sensitive information or downloading malware. The BazarCa…GBHACKERS.COM
22 OctStream.Security Secures $30 Million Series BStream.Security (formerly Lightlytics) has raised a total of $55 million since launching in 2020 with a cloud data security product. The post Stream.Security Secures $30 Million Series B appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctSecurityWeek’s 2024 ICS Cybersecurity Conference Kicks Off in AtlantaPremier Industrial Cybersecurity Conference offers 80+ sessions and hands-on training to tackle critical infrastructure cyber threats. The post SecurityWeek’s 2024 ICS Cybersecurity Conference Kicks Off in Atlanta appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctCloud Security — Maturing Past the Awkward Teenage YearsExplore cloud security's maturation, common misconceptions, and best practices for robust cloud defenses. The post Cloud Security — Maturing Past the Awkward Teenage Years appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
22 OctCyberheistNews Vol 14 #43 North Korean IT Worker Threat: 10 Critical Updates to Your Hiring ProcessKNOWBE4.COM
22 OctWhat level of tool rationalization does your company do and why? - LaLisha Hurt - CSP #197Let's talk to cybersecurity expert, Lalisha Hurt, about her approach to selecting the right tools for your organization by using proven methods such as referencing the Gartner Magic Quadrant, thinking about the entire IT portfolio as part of your selection process, and what a suc…YOUTUBE.COM
22 OctThreat actors increasingly using malicious virtual hard drives in phishing attacksThreat actors are increasingly creating malicious virtual hard drives to distribute malware, in the hopes of getting around email gateways that have become good at detecting infected documents, spreadsheets, and PDFs, says a new report . “While virtual hard drive files like .vhd …CSOONLINE.COM
22 OctUS Police Detective Charged With Purchasing Stolen CredentialsTerrance Michael Ciszek is charged with buying stolen account credentials from the Genesis Market dark web marketplace. The post US Police Detective Charged With Purchasing Stolen Credentials appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctCEO Accountability as CISOs Concerned Over Demands and Measured by Profit/Cost - BSW #369In the leadership and communications section, Joe Sullivan: CEOs must be held accountable for security too, More tech chiefs have success measured by profitability, cost management, Is Your Career Heading in the Right Direction?, and more. Visit https://www.securityweekly.com/bsw…YOUTUBE.COM
22 OctSEC Charges Four Companies Over Misleading Disclosures on SolarWinds HackThe SEC announces penalties against Unisys, Avaya, Check Point and Mimecast for downplaying the impact of the SolarWinds Orion hack. The post SEC Charges Four Companies Over Misleading Disclosures on SolarWinds Hack appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctINE Security Launches New Training Solutions to Enhance Cyber Hygiene for SMBsINE Security offers essential advice to protect digital assets and enhance security. As small businesses increasingly depend on digital technologies to operate and grow, the risks associated with cyber threats also escalate. INE Security, a leading provider of cybersecurity train…GBHACKERS.COM
22 OctHow much HTTP (not HTTPS) Traffic is Traversing Your Perimeter?, (Tue, Oct 22nd)Back in June of 2010, The Electronic Frontier Foundation (EFF) released the first beta release of the "HTTPS Everywhere" plugin [1]. Even then, most websites offered HTTPS. But unlike today, HTTP was often still the default, and HTTPS was not always implemented across t…ISC.SANS.EDU
22 OctDoom Brain, E2EE, OT, Adload, Cisco, VMware, internet archive, Josh Marpet ... - SWN #424Doom on a Human Brain, E2EE, OT, Adload, Cisco, VMware, Internet Archive, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-424YOUTUBE.COM
22 OctWill the Real Satoshi Nakamoto Please Stand Up?Why Peter Todd May Be Another Conspiracy Theory on the Bitcoin Creator Is Peter Todd truly Satoshi Nakamoto, or just the next name in a long list of conspiracy theories that are eventually debunked? The HBO documentary's claim is far from conclusive, despite an eyebrow-raising mo…DATABREACHTODAY.CO.UK
22 OctHelping Medical Device Makers Meet Latest Cyber ExpectationsMedcrypt's Axel Wirth and Velentium's Christopher Gates on Top Security Challenges Medical device makers have become more proactive in trying to meet higher cybersecurity expectations of regulators, but many still need to better understand the importance of life cycle security ri…DATABREACHTODAY.CO.UK
22 OctRegulator Urges UK Banks to 'Help Foot the Bill' for FraudPSR's Kate Fitzgerald on Steps for Reducing APP Fraud, Complying With New Mandates While the U.K. Payment Systems Regulator is taking steps to ensure customers receive consistent treatment from banks, fraud protection still has inconsistencies. Several policies have been introduc…DATABREACHTODAY.CO.UK
22 OctCEOs Levy, Thomas on Perks of $859M Sophos-Secureworks Deal$859M Purchase Targets Secureworks’ XDR Platform to Enhance Sophos' MDR Offerings Sophos aims to strengthen its cybersecurity portfolio by acquiring Secureworks for $859 million, said CEOs Joe Levy and Wendy Thomas. The deal focuses on bringing together Secureworks' Taegis XDR pl…DATABREACHTODAY.CO.UK
22 OctCheck Point, Mimecast Settle SEC Case From SolarWinds HackSEC: Check Point, Mimecast Disclosures Didn't Capture Severity of SolarWinds Hack Check Point and Mimecast will each pay regulators nearly $1 million to settle charges of making materially misleading disclosures related to the SolarWinds Orion hack. The SEC alleged public disclos…DATABREACHTODAY.CO.UK
22 OctExploring the Latest Security Innovations at Hardwear.ioAnnual Conference and Hackathon Showcases Solutions for Protecting IoT Devices Showcasing the latest innovations in hardware security, experts from more than 100 companies worldwide have gathered this week at Hardwear.io in Amsterdam. The annual event and hardware hackathon exami…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 4[−]
22 OctMalicious npm Packages Target Developers' Ethereum Wallets with SSH BackdoorCybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell (SSH) protocol. The packages attempt to "gain SSH access to the vi…THEHACKERNEWS.COM
22 OctResearchers link Polyfill supply chain attack to huge network of copycat gambling sitesA supply chain hack targeting 100,000 websites was launched to redirect internet users to a massive online gambling network. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
22 OctSEC fines four companies $7 million for ‘misleading cyber disclosures’ regarding SolarWinds hackThe SEC concluded that four tech companies misled investors and minimized the damage they suffered from the SolarWinds supply chain hack. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
🎙️ PODCASTS 1[−]
22 OctThe AI Fix #21: Virtual Trump, barking mad AI, and a robot dog with a flamethrowerIn episode 21 of "The AI Fix"", Mark and Graham comfort themselves with a limbless AI pet as they learn about a terrifying robot dog with a flamethrower, fission-powered data centres, AI suicide pods, and a multi-limbed robot with a passion for classical music. Graham finds out w…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 9[−]
22 OctA Comprehensive Guide to Finding Service Accounts in Active DirectoryService accounts are vital in any enterprise, running automated processes like managing applications or scripts. However, without proper monitoring, they can pose a significant security risk due to their elevated privileges. This guide will walk you through how to locate and secu…THEHACKERNEWS.COM
22 OctNVIDIA Computer Finds Largest Known Prime, Blows Past Record By 16 Million DigitsPACKETSTORMSECURITY.COM
22 OctAI chatbots can be tricked by hackers into helping them steal your private dataSecurity researchers have uncovered a new flaw in some AI chatbots that could have allowed hackers to steal personal information from users. The flaw, which has been named "Imprompter", which uses a clever trick to hide malicious instructions within seemingly-random text. Read mo…BITDEFENDER.COM
22 OctEffective AI adoption for optimizing SOC analysts’ workPractical application of AI to enhance SOC efficiency and filter false positives.KASPERSKY.COM
22 OctAnnouncing the BlueHat 2024 Sessions34 sessions from 54 presenters representing 20 organizations! We are thrilled to reveal the lineup of speakers and presentations for the 23rd BlueHat Security Conference, in Redmond WA from Oct 29-30. This year’s conference continues the BlueHat ethos and Secure Future Init…MSRC.MICROSOFT.COM
22 OctWindows 10 KB5045594 update fixes multi-function printer bugsMicrosoft has released the optional KB5045594 preview cumulative update for Windows 10 22H2 with fixes for problems printing to multi-function printers and other issues. [...]BLEEPINGCOMPUTER.COM