69Articles
7Categories
2024-11-01Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
1 NovWhat’s behind unchecked CVE proliferation, and what to do about itThe volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations’ cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already…SECURITYINTELLIGENCE.COM
⚠️ VULNERABILITY DISCLOSURE 19[−]
1 NovGreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI.submitted by Dot to cybersecurity 0 points | 0 comments https://www.greynoise.io/blog/greynoise-intelligence-discovers-zero-day-vulnerabilities-in-live-streaming-cameras-with-the-help-of-aiSH.ITJUST.WORKS
1 Nov9 Dinge, die CISOs den Job kostenSie können nicht sagen, wir hätten Sie nicht gewarnt… Foto: Anton Vierietin | shutterstock.com CISOs und andere Executives im Bereich IT-Sicherheit arbeiten im Regelfall hart daran , ihr Unternehmen – und ihre Karriere – abzusichern. Allerdings reicht eine kleine Unaufmerksamkeit…CSOONLINE.COM
1 NovStop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert WebinarDid you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It’s a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environme…THEHACKERNEWS.COM
1 NovNew Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake SitesCybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024. Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒ…THEHACKERNEWS.COM
1 NovNIS2 compliance eats up IT budgets despite doubtsThe EU’s NIS2 Directive for cybersecurity resilience entered full enforcement this month , and compliance with its requirements presents major challenges for many companies. A survey conducted by Veeam at the end of August found that while most IT leaders are confident of achievi…CSOONLINE.COM
1 NovDeceptive Delight - A New AI Exploit: Cyber Security Today for Friday, November 1, 2024Cyber Security Today: Deceptive Delight Jailbreak, API Vulnerabilities Surge, Hex Attack on GPT-4 In this episode of Cyber Security Today, host Jim Love discusses the new jailbreak technique 'Deceptive Delight' that highlights vulnerabilities in large language models, the 21% inc…CYBERSECURITYTODAY.LIBSYN.COM
1 NovLightSpy iOS Malware Enhanced with 28 New Destructive PluginsThe LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices. The malware’s core binaries were even signed with the same certificate used in jailbreak kits, indicating deep integration. The C2 servers, active until Octo…GBHACKERS.COM
1 NovNation state actors increasingly hide behind cybercriminal tactics and malwareState-sponsored threat actors are no strangers to false-flag operations, impersonating or relying on cybercriminal groups to hide their real objectives. But the lines between cybercrime and cyberespionage are becoming increasingly blurred, with the number of such occurrences on t…CSOONLINE.COM
1 NovMicrosoft Warns of Chinese Botnet Exploiting Router Flaws for Credential TheftMicrosoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to …THEHACKERNEWS.COM
1 NovMassive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos ClonedCybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE, is estimated to have collected ove…THEHACKERNEWS.COM
1 NovGreyNoise Credits AI for Spotting Exploit Attempts on IoT Livestream CamsGreyNoise Intelligence says an internal AI tool captured attempts to exploit critical vulnerabilities in commercial livestream IoT cameras. The post GreyNoise Credits AI for Spotting Exploit Attempts on IoT Livestream Cams appeared first on SecurityWeek .SECURITYWEEK.COM
1 NovThe Rise of Outsourced Cybersecurity: How CISOs are Adapting to New ChallengesChief Information Security Officers (CISOs) are facing unprecedented challenges. The combination of increasingly sophisticated cyber threats, persistent talent shortages, and complex regulatory requirements has led many organizations to rethink their approach to cybersecurity. As…KNOWBE4.COM
1 NovDDoS site Dstat.cc seized and two suspects arrested in GermanyThe Dstat.cc DDoS review platform has been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years. [...]BLEEPINGCOMPUTER.COM
1 NovGet details right to safely implement DANE in Exchange Online, warn expertsMicrosoft’s announcement this week that it is adding support for two new security standards in Exchange Online is seen by experts as encouraging news — as long as CISOs and email administrators get the complex implementation details right. The announcement should encourage all em…CSOONLINE.COM
1 Novriverside the danger of storing emails for too long paul's security weeDid you know that storing emails forever could be your biggest cybersecurity mistake? 📧 Think about it: if hackers gain access, they have YEARS of sensitive contracts, private information, and old communications to exploit. In secure environments, data is usually kept for just 30…YOUTUBE.COM
1 NovSynology hurries out patches for zero-days exploited at Pwn2OwnSynology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week's Pwn2Own hacking competition within days. [...]BLEEPINGCOMPUTER.COM
1 NovDDoS site Dstat.cc seized and two suspects arrested in Germanysubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/ddos-site-dstatcc-seized-and-two-suspects-arrested-in-germany/ The Dstat.cc DDoS review platform has been seized by law enforcement, and two suspects have been arrested after…SH.ITJUST.WORKS
1 NovHow to make open source software more secureEarlier this year, a Microsoft developer realized that someone had inserted a backdoor into the code of open source utility XZ Utils, which is used in virtually all Linux operating systems. The operation had started two years earlier when that someone, a person nicknamed JiaT75, …TECHCRUNCH.COM
1 NovGerman Pharma Wholesaler AEP Targeted in Ransomware AttackFirm Supplies More Than 6,000 Pharmacies A ransomware attack on German pharmaceutical distributor AEP detected Monday has not led to medication shortages so far, report local media. AEP disclosed Wednesday that hackers successfully encrypted some of its IT systems. Pharmacies usu…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 6[−]
1 NovUS, Israel Describe Iranian Hackers’ Targeting of Olympics, Surveillance CamerasThe US and Israel have published an advisory describing the latest activities of Iranian cyber firm Emennet Pasargad, now called Aria Sepehr Ayandehsazan. The post US, Israel Describe Iranian Hackers’ Targeting of Olympics, Surveillance Cameras appeared first on SecurityWee…SECURITYWEEK.COM
1 NovNCSC Details ‘Pygmy Goat’ Backdoor Planted on Hacked Sophos Firewall DevicesA stealthy network backdoor found on hacked Sophos XG firewall devices is programmed to work on a broader range of Linux-based devices. The post NCSC Details ‘Pygmy Goat’ Backdoor Planted on Hacked Sophos Firewall Devices appeared first on SecurityWeek .SECURITYWEEK.COM
1 NovInside Iran’s Cyber Playbook: AI, Fake Hosting, and Psychological WarfareU.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israel's participation in the sporting event. T…THEHACKERNEWS.COM
1 NovHow Far Does Medical Confidentiality REALLY Go? #PrivacyMattersMedical confidentiality, patient privacy, and HIPAA compliance—how much do we really understand about who sees our private medical information? In this video, we explore what actually happens with sensitive data between doctors, nurses, and other healthcare providers, and clarify…YOUTUBE.COM
🔥 INCIDENT REPORTING 16[−]
1 NovLottie-Player Supply Chain Attack Targets Cryptocurrency WalletsLottieFiles has confirmed that Lottie-Player has been compromised in a supply chain attack whose goal is cryptocurrency theft. The post Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets appeared first on SecurityWeek .SECURITYWEEK.COM
1 NovFired Disney worker accused of hacking into restaurant menus, replacing them with Windings and false peanut allergy informationA disgruntled former Disney employee is facing charges that he hacked into the company's restaurant menu systems and wreaked havoc on its digital displays that could have potentially put lives at risk. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
1 Nov5 SaaS Misconfigurations Leading to Major Fu*%@ UpsWith so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider thr…THEHACKERNEWS.COM
1 NovEx-Disney Worker Accused of Hacking Computer Menus to Add Profanities, ErrorsA former worker hacked servers at Walt Disney World in order to manipulate menus by changing prices, adding profanities and altering notifications. The post Ex-Disney Worker Accused of Hacking Computer Menus to Add Profanities, Errors appeared first on SecurityWeek .SECURITYWEEK.COM
1 NovNorth Korea's Andariel Pivots to 'Play' Ransomwaresubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/endpoint-security/north-korea-andariel-play-ransomwareSH.ITJUST.WORKS
1 NovIn Other News: FBI’s Ransomware Disruptions, Recall Delayed Again, CrowdStrike Responds to Bloomberg ArticleNoteworthy stories that might have slipped under the radar: FBI conducted over 30 ransomware disruption operations this year, Windows Recall delayed until December, CrowdStrike responds to a Bloomberg article. The post In Other News: FBI’s Ransomware Disruptions, Recall Del…SECURITYWEEK.COM
1 NovYoung people’s data feared stolen in cyberattack on French government contractor.submitted by Dot to cybersecurity 1 points | 0 comments https://therecord.media/france-data-breach-government-contractor-local-missionsSH.ITJUST.WORKS
1 NovRegulator's Call to Breached Organizations: 'Be Human'Breaches Often Have Harmful, Under-Acknowledged 'Ripple Effect' on Victims' Lives Too many breached organizations fail to acknowledge the detrimental impact their mishandling of people's personal data can have on affected individuals, and to treat victims with the "empathy" they …DATABREACHTODAY.CO.UK
1 NovRansomware attack hits German pharmaceutical wholesaler, disrupts medicine supplies.submitted by Dot to cybersecurity 2 points | 0 comments https://therecord.media/ransomware-attack-hits-german-pharmaceutical-wholesaler-disruptionsSH.ITJUST.WORKS
1 NovLos Angeles housing agency confirms another cyberattack after 2023 ransomware incident.submitted by Dot to cybersecurity 2 points | 0 comments https://therecord.media/hacla-los-angeles-second-ransomware-attackSH.ITJUST.WORKS
1 NovThe biggest underestimated security threat of today? Advanced persistent teenagersThese attacks are highly effective, have caused huge data breaches and resulted in huge ransoms paid to make the hackers go away. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
1 NovPhishing Alert: Cybercriminals Impersonating KnowBe4 Training EmailsIn the ever-evolving landscape of cybersecurity threats, we've recently encountered a sophisticated phishing attempt targeting one of our valued KnowBe4 customers. This incident serves as a crucial reminder of the importance of remaining vigilant and maintaining robust email secu…KNOWBE4.COM
1 NovHardPwn 2024: a Researcher's Passion for Hacking IoT DevicesEngineer Dennis Giese on Hacking Robot Vacuum Cleaners and Running Hackathons Dennis Giese, a security researcher and engineer, built his first computer at around age 8 using spare parts. Years later, he hacked his first robotic vacuum cleaner. Giese reflects on his journey as a …DATABREACHTODAY.CO.UK
1 NovEverfox Deepens Cyber Case Management Expertise with YakabodYakabod Deal to Strengthen Everfox's Insider Risk, Cyber Incident Response Platform With its acquisition of Yakabod, Everfox expands capabilities in insider risk and cyber incident management. The move promises stronger integration and greater control over security workflows, ben…DATABREACHTODAY.CO.UK
1 NovDoctor Hit With $500K HIPAA Fine: Feds Worse Than HackerPlastic Surgeon Paid $53K Ransom But Says ‘the Real Criminal’ Is HHS Dr. James Breit recalled the day a hacker locked up his systems with ransomware at his plastic surgery practice. He paid $53,000 in ransom. Nearly, seven years later, after paying a $500,000 HIPAA fine, Breit cl…DATABREACHTODAY.CO.UK
1 NovLA housing authority confirms breach claimed by Cactus ransomwareThe Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing authorities in the United States, confirmed that a cyberattack hit its IT network after recent breach claims from the Cactus ransomware gang. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 16[−]
1 NovChinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network.submitted by Dot to cybersecurity 3 points | 0 comments https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/SH.ITJUST.WORKS
1 NovShared Intel Q&A: Foreign adversaries now using ‘troll factories’ to destroy trust in U.S. electionsForeign adversaries proactively interfering in U.S. presidential elections is nothing new. Related: Targeting falsehoods at US minorities, US veterans It’s well-documented how Russian intelligence operatives proactively meddled with the U.S. presidential election in 2016 and tech…LASTWATCHDOG.COM
1 NovBug Bounty Platform Bugcrowd Secures $50 Million in Growth CapitalBugcrowd has secured $50 million in growth capital facility from Silicon Valley Bank for expansion and innovation. The post Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital appeared first on SecurityWeek .SECURITYWEEK.COM
1 NovStrela Stealer Targets Europe Stealthily Via WebDavsubmitted by kid to cybersecurity 1 points | 0 comments https://cyble.com/blog/strela-stealer-targets-europe-stealthily-via-webdav/SH.ITJUST.WORKS
1 NovSophos reveals 5-year battle with Chinese hackers attacking network devicessubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/sophos-reveals-5-year-battle-with-chinese-hackers-attacking-network-devices/SH.ITJUST.WORKS
1 NovNew LightSpy Spyware Version Targets iPhones with Increased Surveillance Tacticssubmitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2024/10/new-lightspy-spyware-version-targets.htmlSH.ITJUST.WORKS
1 NovYour KnowBe4 Fresh Content Updates from October 2024Check out the 60 new pieces of training content added in October, alongside the always fresh content update highlights, events and new features.KNOWBE4.COM
1 NovThreat Actors Abuse LinkedIn to Target Job SeekersThreat actors are targeting people who have recently lost their jobs with employment scams on LinkedIn, according to researchers at Malwarebytes.KNOWBE4.COM
1 NovOff-Topic Fridaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
1 NovFake Web Store Reviews Attempting to Steal Customer Data.submitted by Dot to cybersecurity 1 points | 0 comments https://blog.lastpass.com/posts/fake-web-store-reviews-attempting-to-steal-customer-dataSH.ITJUST.WORKS
1 NovEvery Cybersecurity List Should Be a Risk-Ranked ListCybersecurity is all about risk management and reduction. You cannot get rid of all risk. Well, I guess you could, but you (and everyone else) would probably not want to work in a true zero-risk environment. It would be too locked down, super slow, and incredibly inflexible. Cybe…KNOWBE4.COM
1 NovMSP Efficiency Set to Surge With SaaS Alerts Joining KaseyaKaseya Acquisition of SaaS Alerts to Boost MSP Efficiency, Security With New Hires Kaseya’s SaaS Alerts acquisition promises a streamlined experience for MSPs by enhancing integrations with existing products. According to CEO Jim Lippie, SaaS Alerts' current and future users can …DATABREACHTODAY.CO.UK
1 NovCyberEdBoard Profiles in Leadership: Alex GahloCIO Alex Gallo on Balancing Digital Change, Security and Continuous Learning Alex Gallo, CyberEdBoard member and CIO, shared how he drives secure digital transformation by balancing AI integration with cybersecurity, fostering a security-first culture, and emphasizing continuous …DATABREACHTODAY.CO.UK
1 NovFriday Squid Blogging: Squid Sculpture in Massachusetts BuildingGreat blow-up sculpture . Blog moderation policy.SCHNEIER.COM
1 NovChinese Hackers Use Quad7 Botnet for Credential TheftHackers Using Password Spraying to Steal User Microsoft Account Credentials Multiple Chinese hacking groups are using a botnet named for a TCP routing port number to conduct password spraying attacks, warned Microsoft Thursday. The Quad7 operators are almost certainly located in …DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 1[−]
📡 INFOSEC NEWS 10[−]
1 NovMicrosoft Delays Windows Copilot+ Recall Release Over Privacy ConcernsMicrosoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it's taking the time to improve the experience. The development was first reported by The Verge. The artificial intelligence-powered tool was initially slated for a pre…THEHACKERNEWS.COM
1 NovDownload the AI in the Enterprise (for Real) SpotlightDownload the November 2024 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World.US.RESOURCES.CSOONLINE.COM
1 NovYou Can Hack A Nintendo Alarm ClockPACKETSTORMSECURITY.COM
1 NovLastPass warns of fake support centers trying to steal customer dataLastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their com…BLEEPINGCOMPUTER.COM
1 NovOpenAI's new ChatGPT Search Chrome extension feels like a search hijackerOpenAI's new "ChatGPT search" Chrome extension feels like nothing more than a typical search hijacker, changing Chrome's settings so your address bar searches go through ChatGPT Search instead. [...]BLEEPINGCOMPUTER.COM
1 NovBooking.com Phishers May Leave You With ReservationsA number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We'll also explore an array of cyberc…KREBSONSECURITY.COM
1 NovMicrosoft warns Azure Virtual Desktop users of black screen issuesMicrosoft warned customers they might experience up to 30 minutes of black screens when logging into Azure Virtual Desktop (AVD) after installing the KB5040525 Windows 10 July 2024 preview update. [...]BLEEPINGCOMPUTER.COM