🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
25 OctIn Other News: CVE Turns 25, Henry Schein Data Breach, Reward for Shahid Hemmat HackersNoteworthy stories that might have slipped under the radar: CVE Program celebrates 25th anniversary, one year after ransomware attack Henry Schein says 160,000 are impacted, US offering rewards for Shahid Hemmat hackers. The post In Other News: CVE Turns 25, Henry Schein Data Bre…SECURITYWEEK.COM
25 OctResearchers Discover Command Injection Flaw in Wi-Fi Alliance's Test SuiteA security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges. The CERT Coordination Center (CERT/CC) said the vulnerability, tracked as CVE-2024-41992, said the susceptible code from the Wi-Fi Allia…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 16[−]
25 OctdigiDirect - 304,337 breached accountsIn September 2024, a data breach sourced from the Australian retailer digiDirect was published to a popular hacking forum . The breach exposed over 300k rows of data including email and physical address, name, phone number and date of birth. Approximately half the email addresses…HAVEIBEENPWNED.COM
25 OctQNAP NAS and Lexmark printers hacked on Pwn2Own Day 3The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now stands at $874,875. [...]BLEEPINGCOMPUTER.COM
25 OctQNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now stands at $874,875. [...]BLEEPINGCOMPUTER.COM
25 OctHow Interpol is adapting to the ever-evolving cybercrime landscapeWith 100 years of history, Interpol is the police organization par excellence, bringing together 196 countries in the fight against crime. But in this century, crime has undergone a transformation, with new technologies added to the mix, giving rise to cybercrime, one of Interop’…CSOONLINE.COM
25 OctOnePoint Patient Care Data Breach Impacts Nearly 800,000 PeopleOnePoint Patient Care has disclosed a data breach impacting the personal information of nearly 800,000 individuals. The post OnePoint Patient Care Data Breach Impacts Nearly 800,000 People appeared first on SecurityWeek .SECURITYWEEK.COM
25 OctLarge-scale brute-force activity targeting VPNs, SSH services with commonly used login credentialssubmitted by kid to cybersecurity 3 points | 0 comments https://blog.talosintelligence.com/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials/SH.ITJUST.WORKS
25 OctChange Healthcare data breach exposed ‘only’ 100 million US health recordsPersonal health information of 100 million individuals was stolen during the February ransomware attack on Change Healthcare, a unit of UnitedHealth, the US health department has revealed. The cyberattack caused widespread disruption across the US healthcare sector, marking one o…CSOONLINE.COM
25 OctRansomware Threat Escalates as Scattered Spider and RansomHub Combine Forcessubmitted by kid to cybersecurity 1 points | 0 comments https://securityonline.info/ransomware-threat-escalates-as-scattered-spider-and-ransomhub-combine-forces/SH.ITJUST.WORKS
25 OctNorth Korean Cyber Espionage Group Tenacious Pungsan Compromises Open-Source Repositories with Backdoored npm Packagessubmitted by kid to cybersecurity 1 points | 0 comments https://securityonline.info/north-korean-cyber-espionage-group-tenacious-pungsan-compromises-open-source-repositories-with-backdoored-npm-packages/SH.ITJUST.WORKS
25 OctNorth Korean Cyber Espionage Group Tenacious Pungsan Compromises Open-Source Repositories with Backdoored npm Packagessubmitted by kid to cybersecurity 1 points | 0 comments https://securityonline.info/north-korean-cyber-espionage-group-tenacious-pungsan-compromises-open-source-repositories-with-backdoored-npm-packages/SH.ITJUST.WORKS
25 OctAWS CDK Vulnerabilities Let Takeover S3 BucketA significant security vulnerability was uncovered in the AWS Cloud Development Kit (CDK), an open-source framework widely used by developers to define cloud infrastructure using familiar programming languages. This vulnerability could allow attackers to gain unauthorized access …GBHACKERS.COM
25 OctPredictable AWS cloud deployment resources allow full account takeoverAmazon Web Services (AWS) is urging its open-source Cloud Development Kit (CDK) users to apply fixes now available for a flaw that, under certain circumstances, can allow complete account takeover. The issue allows attackers to perform name-squatting on AWS S3 (simple storage ser…CSOONLINE.COM
25 OctOver $1 Million Paid Out at Pwn2Own Ireland 2024Pwn2Own Ireland 2024 participants have earned over $1 million for camera, printer, NAS device, smart speaker and smartphone exploits. The post Over $1 Million Paid Out at Pwn2Own Ireland 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
25 OctApple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI SecurityApple has publicly made available its Private Cloud Compute (PCC) Virtual Research Environment (VRE), allowing the research community to inspect and verify the privacy and security guarantees of its offering. PCC, which Apple unveiled earlier this June, has been marketed as the "…THEHACKERNEWS.COM
25 OctWindows 11 CLFS Driver Vulnerability Let Attackers Escalate Privileges – PoC Exploit ReleasedA critical security vulnerability has been identified in the Common Log File System (CLFS) driver of Windows 11, allowing local users to gain elevated privileges. The Common Log File System (CLFS) is a Windows service for efficient, reliable logging, used by apps and the system f…GBHACKERS.COM
25 OctEra of Bot Battlers & Security Focused Company Culture - ESW #381Customer Identity is everywhere. It's powering secure experiences for billions - enabling people to check their luggage at the airport, watch their favorite Major League Soccer games, or take their favorite Peloton class. Because it’s everywhere, threat actors now see customer id…YOUTUBE.COM
📋 SECURITY BULLETINS 1[−]
25 OctNVIDIA Patch Multiple GPU Display Driver for Windows & LinuxNVIDIA has issued essential security updates for its GPU Display Driver, addressing multiple vulnerabilities affecting Windows and Linux systems. Users are urged to download and install these updates promptly via the NVIDIA Driver Downloads page or the NVIDIA Licensing Portal for…GBHACKERS.COM
📢 SECURITY ADVISORIES 8[−]
25 OctLandmark Admin Discloses Data Breach Impacting 800,000 PeopleInsurance administrator Landmark Admin says personal information stolen in a ransomware attack earlier this year. The post Landmark Admin Discloses Data Breach Impacting 800,000 People appeared first on SecurityWeek .SECURITYWEEK.COM
25 OctUS, Australia Release New Security Guide for Software MakersCISA, FBI, and ACSC have published guidance to help software manufacturers establish secure deployment processes. The post US, Australia Release New Security Guide for Software Makers appeared first on SecurityWeek .SECURITYWEEK.COM
25 OctWhat's in Store for HIPAA RegulationsHow Might Election Outcome Affect HHS' Healthcare Cyber Work? Regardless of who wins the upcoming Presidential election, one thing is apparent: As the final months of the Biden administration wrap up, regulators at the agency charged with enforcing HIPAA are racing to complete un…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 13[−]
25 OctPositiv denken für Sicherheitsentscheider: 6 Mindsets, die Sie sofort ablegen solltenIn einem falschen Security-Mindset gefangen? Foto: Paul Craft – shutterstock.com Dass Jobs im Bereich Cybersecurity ein hohes Burnout-Potenzial aufweisen, ist längst kein Geheimnis mehr: Das Umfeld von Sicherheitsprofis ist vor allem geprägt von dem (gefühlten) Druck , täglich st…CSOONLINE.COM
25 OctSEC Charges 4 Companies Over Misleading SolarWinds Cyberattack DisclosuresThe U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies for making "materially misleading disclosures" related to the large-scale cyber attack that stemmed from the hack of SolarWinds in 2020. The SEC said the companies – Avaya, Chec…THEHACKERNEWS.COM
25 OctChange Healthcare Ransomware Attack Impacts 100 Million PeopleUnitedHealth told the US health department that hackers stole the information of 100 million people in a February ransomware attack. The post Change Healthcare Ransomware Attack Impacts 100 Million People appeared first on SecurityWeek .SECURITYWEEK.COM
25 OctUnitedHealth says Change Healthcare hack affects over 100 million, the largest-ever US healthcare data breachsubmitted by kid to cybersecurity 3 points | 0 comments https://techcrunch.com/2024/10/24/unitedhealth-change-healthcare-hacked-millions-health-records-ransomware/SH.ITJUST.WORKS
25 OctAddressing growing concerns about cybersecurity in manufacturingManufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded th…SECURITYINTELLIGENCE.COM
25 OctEuropol Details Pursuit of LockBit Ransomware AffiliatesOperation Cronos Prioritized Disrupting Criminal Trust in the Group, Official Says What does it take to disrupt a major ransomware operation? The effort against LockBit initially prioritized disrupting criminals' trust in the ransomware group, and has since shifted to unmasking a…DATABREACHTODAY.CO.UK
25 OctRussia sentences REvil ransomware members to over 4 years in prisonRussia has sentenced four members of the REvil ransomware operation to over 4 years in prison for distributing malware and illegal circulation of means of payment. [...]BLEEPINGCOMPUTER.COM
25 OctFrom Banks to Factories: Hackers Don't Care Anymore!Cybercriminals are no longer just targeting banks and big corporations—they’re coming for everyone! 🚨 Over the last few years, hackers have broadened their scope, hitting factories, mines, and small businesses with ransomware attacks. In this short, we dive into why no industry i…YOUTUBE.COM
25 OctUpdated Qilin Ransomware Escalates Encryption and EvasionRust-Based Ransomware Employs Aggressive Anti-Detection Tactics Operators of a Russian-speaking ransomware group launched a new encryptor with enhanced measures for defeating cyber defenders including wiping logs, disrupting backup systems and stopping decryption without insiders…DATABREACHTODAY.CO.UK
25 OctConcentric AI Secures $45M Series B to Expand Data SecurityTop Tier Capital, HarbourVest Support Concentric's Path to Autonomous Data Security Supported by Top Tier Capital Partners and HarbourVest Partners, Concentric AI’s $45 million Series B funding round will drive product innovation in identity governance, risk monitoring and data b…DATABREACHTODAY.CO.UK
25 OctBlack Basta poses as IT support on Microsoft Teams to breach networksThe BlackBasta ransomware operation has moved its social engineering attacks to Microsoft Teams, posing as corporate help desks contacting employees to assist them with an ongoing spam attack. [...]BLEEPINGCOMPUTER.COM
25 OctBlack Basta ransomware poses as IT support on Microsoft Teams to breach networksThe BlackBasta ransomware operation has moved its social engineering attacks to Microsoft Teams, posing as corporate help desks contacting employees to assist them with an ongoing spam attack. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 21[−]
25 OctI've never gotten an SMS scan like this onesubmitted by tapdattl to cybersecurity 2 points | 0 comments https://lemmy.world/pictrs/image/100a9aa4-7781-44ad-bd92-c1e6dfff6232.png I’m assuming they’re mass sending these to people in a specific area code and hoping to steal credit card info. Obviously don’t go to the URL in …SH.ITJUST.WORKS
25 OctISC Stormcast For Friday, October 25th, 2024 https://isc.sans.edu/podcastdetail/9196, (Fri, Oct 25th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
25 OctSAINTCON 2024 - 3 days of livestreamssubmitted by ashar to security_cpe 2 points | 0 comments https://saintcon.org/wp-content/uploads/2024/04/SC2024.svg Utah’s Premiere Cyber Security Conference October 22-25, 2024 Utah Valley Convention Center — Provo, Utah SAINTCON 2024 Schedule SAINTCON 2024 LivestreamsINFOSEC.PUB
25 OctNew Rules for US National Security Agencies Balance AI’s Promise With Need to Protect Against RisksNew rules from the White House on AI use by US national security and spy agencies aim to balance the technology’s promise with the need to protect against risks. The post New Rules for US National Security Agencies Balance AI’s Promise With Need to Protect Against Risks app…SECURITYWEEK.COM
25 OctAWS Seizes Domains Used by Russia’s APT29AWS announced the seizure of domains used by Russian hacker group APT29 in phishing attacks targeting Ukraine and other countries. The post AWS Seizes Domains Used by Russia’s APT29 appeared first on SecurityWeek .SECURITYWEEK.COM
25 OctAWS CDK flaw exposed accounts to full takeoversubmitted by kid to cybersecurity 1 points | 0 comments https://www.theregister.com/2024/10/24/aws_cloud_development_kit_flaw/SH.ITJUST.WORKS
25 OctRund 15 Millionen gehackte Konten in Deutschlandsrcset="https://b2b-contenthub.com/wp-content/uploads/2024/10/shutterstock_2440464973.jpg?quality=50&strip=all 6000w, https://b2b-contenthub.com/wp-content/uploads/2024/10/shutterstock_2440464973.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
25 OctLinkedIn Hit With 310 Million Euro Fine for Data Privacy Violations From Irish WatchdogLinkedIn has received a 310 million euro fine from Ireland’s Data Protection Commission for data privacy violations. The post LinkedIn Hit With 310 Million Euro Fine for Data Privacy Violations From Irish Watchdog appeared first on SecurityWeek .SECURITYWEEK.COM
25 OctWatermark for LLM-Generated TextResearchers at Google have developed a watermark for LLM-generated text. The basics are pretty obvious: the LLM chooses between tokens partly based on a cryptographic key, and someone with knowledge of the key can detect those choices. What makes this hard is (1) how much text is…SCHNEIER.COM
25 OctOff-Topic Fridaysubmitted by shellsharks to cybersecurity 2 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
25 OctISMG Editors: 2024 Election Security, Tackling Global ThreatsExamining Cyberthreats, Foreign Tactics Aimed at 2024 U.S. Election In the latest weekly update, election security expert Annie Fixler joined ISMG editors to discuss the urgent challenges of safeguarding U.S. election infrastructure, countering cyberthreats and preventing foreign…DATABREACHTODAY.CO.UK
25 OctConcentric AI Secures $45M Series B Funding to Expand DSPM TechConcentric AI banks capital to compete in the data security governance market that includes DSPM and Data Access Governance technologies. The post Concentric AI Secures $45M Series B Funding to Expand DSPM Tech appeared first on SecurityWeek .SECURITYWEEK.COM
25 OctAmazon seizes domains used in rogue Remote Desktop campaign to steal dataAmazon has seized domains used by the Russian APT29 hacking group in targeted attacks against government and military organizations to steal Windows credentials and data using malicious Remote Desktop Protocol connection files. [...]BLEEPINGCOMPUTER.COM
25 OctTransforming the Defender's Dilemma into the Defender's Advantage - Lenny Zeltser - ESW #381Ever heard someone say, "the attacker only has to be right once, but the defender has to get it right every time"? On this episode, we'll dispel that myth. There is some truth to the saying, but only with regards to initial access to the target's environment. Once on the inside, …YOUTUBE.COM
25 OctSingapore Requires Banks, Telecoms to Prevent ScamsSMS Impersonation Scam Victims Must Be Made Whole Singapore regulators gave banks six months to institute real-time detection tools for blocking impersonation scams or else assume liability for stolen funds. A finalized framework published Thursday also shifts liability onto isla…DATABREACHTODAY.CO.UK
25 OctCyber Security Awareness for Election and Poll Workers - Kirsten Davies - ESW #381The vast majority of the folks working polls and elections are volunteers. This creates a significant training challenge. Not only do they have to learn how to perform a complex and potentially stressful job in a short amount of time (most training is one day or less), cybersecur…YOUTUBE.COM
25 OctTourists, Fortis, apps, TLP, AWS, Google, Chatbots, Aaran Leyland, and More... - SWN #425Tourist Abuse, Fortis, apps, TLP, AWS, Google, Chatbots, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-425YOUTUBE.COM
25 OctCybersecurity Budgets Are Increasing, but Security Leaders Don’t Think It’s EnoughDespite the belief that today’s SOC should be doing the lion’s share of protecting an organization, new data shows reliance on more than just security teams is needed.KNOWBE4.COM
25 OctFriday Squid Blogging: Giant Squid Found on Spanish BeachA giant squid has washed up on a beach in Northern Spain. Blog moderation policy.SCHNEIER.COM
25 OctChinese Hackers Reportedly Targeted Trump, Vance PhonesThe FBI said Friday afternoon it is investigating Chinese nation-state hacking into to commercial telecommunications infrastructure following a news report that Beijing actors targeted data from phones used by Republican presidential nominee Donald Trump and running mate, Ohio Se…DATABREACHTODAY.CO.UK
25 OctNorth Korean Hackers Spreading Malware Via Fake InterviewsHackers Backdoor Software Libraries to Deliver Malware Security researchers found backdoored software packages in the NPM software library, apparent evidence of an ongoing campaign by North Korean hackers to social engineer coders into installing infostealers. Pyongyang hackers h…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 1[−]
25 Oct1,050 Leaders, 7 Industries – Here’s the Big TakeawayLevelBlue surveyed 1,050 business leaders across 18 countries, spanning 7 major industries—healthcare, retail, finance, manufacturing, transportation, energy, and education. 🎯 This report isn’t just numbers; it’s actionable insights directly from top decision-makers. Curious abou…YOUTUBE.COM
📡 INFOSEC NEWS 11[−]
25 OctIrish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR ViolationsThe Irish data protection watchdog on Thursday fined LinkedIn €310 million ($335 million) for violating the privacy of its users by conducting behavioral analyses of personal data for targeted advertising. "The inquiry examined LinkedIn's processing of personal data for the purpo…THEHACKERNEWS.COM
25 OctEliminating AI Deepfake Threats: Is Your Identity Security AI-Proof?Artificial Intelligence (AI) has rapidly evolved from a futuristic concept to a potent weapon in the hands of bad actors. Today, AI-based attacks are not just theoretical threats—they're happening across industries and outpacing traditional defense mechanisms. The solution,…THEHACKERNEWS.COM
25 OctBluetooth Low Energy GATT FuzzingThis blog post presents our fuzzer for the Bluetooth Low Energy GATT layer and the related vulnerabilities found with it.QUARKSLAB.COM
25 OctElon Musk reportedly chats often with PutinTesla and SpaceX CEO Elon Musk has been in regular contact with Russian president Vladimir Putin since late 2022. That’s according to The Wall Street Journal, which reports that the conversations have raised national security concerns among some intelligence officials. At o…TECHCRUNCH.COM
25 OctUS offers $10 million bounty for members of Iranian hacking gangA US $10 million reward is being offered to anyone who has information about four members of an Iranian hacking group. The US government's Rewards for Justice initiative is making the reward available for information about four men believed to be members of Shahid Hemmat, a hacki…BITDEFENDER.COM
25 OctProminent crypto critic says someone offered bribes to take down a blog postCrypto critic Molly White received emails from a purported lawyer and someone working for a “reputation management company” offering bribes in exchange for the takedown of a blog post about the arrest of an alleged crypto fraudster. © 2024 TechCrunch. All rights reserved. For per…TECHCRUNCH.COM