102Articles
8Categories
2024-11-04Date
🚨 CISA KEV 1[−]
4 Nov KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability CVE-2024-8956  PTZOptics PT30X-SDI/NDI Cameras Authenticat…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
4 Nov KEVA new SharePoint vulnerability is already being exploitedAttackers are exploiting a recently disclosed remote code execution vulnerability in Microsoft SharePoint to gain initial access to corporate networks. SharePoint’s main role in the Microsoft 365 ecosystem is for building intranets and dedicated web applications to support organi…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 28[−]
4 Nov5 Top Cybersecurity-Zertifizierungen: So pushen Sie Ihre CISO-KarriereLesen Sie, welche Cybersecurity-Zertifizierungen Ihrer Karriere als CISO einen Schub geben. Foto: Elnur – shutterstock.com Zertifizierungen in der Cybersicherheit können das vorhandene Fachwissen hervorheben, die Glaubwürdigkeit erhöhen und Aufstiegsmöglichkeiten eröffnen. Zudem …CSOONLINE.COM
4 NovWie Business Integration die Cybersicherheit stärktLesen Sie, wie Sie mit Hilfe von Business Integration ihre Cybersicherheit stärken können. KorArkaR – Shutterstock.com Mehr als jedes dritte Unternehmen in Deutschland (35 Prozent) war in den letzten Jahren Opfer von Cyberkriminalität, ergab die aktuelle KPMG-Studie e-Crime in de…CSOONLINE.COM
4 NovSecuring Your SaaS Application SecurityThe rapid growth of cloud computing has made SaaS applications indispensable across industries. While they offer many advantages, they are also prime targets for cybercriminals who exploit security risks to steal data or disrupt services. As businesses increasingly focus on SaaS …GBHACKERS.COM
4 Nov KEVCostly and struggling: the challenges of legacy SIEM solutionsSecurity information and event management (SIEM) solutions have been essential in cybersecurity for many years, but as the digital environment grows more complex older SIEM systems are posing significant challenges for the security professionals who manage them. If you’re weighin…CSOONLINE.COM
4 NovNew FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking CallsCybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing (aka vishing) techniques to trick users into parting with their personal information. "FakeCall is an extremely sophisticated Vishing attack …THEHACKERNEWS.COM
4 NovMediaTek High Severity Vulnerabilities Let Attackers Escalate PrivilegesIn its recent MediaTek Product Security Bulletin, the chipmaker disclosed two high-severity security vulnerabilities that affect multiple devices, including smartphones, tablets, AIoT (Artificial Intelligence of Things), smart displays, and more. The vulnerabilities could allow a…GBHACKERS.COM
4 NovCisco says DevHub site leak won’t enable future breaches​Cisco says that non-public files recently downloaded by a threat actor from a misconfigured public-facing DevHub portal don't contain information that could be exploited in future breaches of the company's systems. [...]BLEEPINGCOMPUTER.COM
4 NovOkta Verify Agent for Windows Flaw Let Attackers Steal User PasswordsA newly discovered vulnerability in Okta’s Device Access features for Windows could allow attackers to steal user passwords on compromised devices. The flaw affecting the Okta Verify agent for Windows specifically concerns how the software interacts with OktaDeviceAccessPip…GBHACKERS.COM
4 Nov KEVEnterprises look to AI to bridge cyber skills gap — but will still fall shortGlobal cybersecurity workforce growth has stalled in spite of a clear and growing need for skilled workers. The latest edition of ISC2’s Cybersecurity Workforce Study , published last week, reports that the global cybersecurity workforce grew just 0.1% year-on-year to reach 5.5 m…CSOONLINE.COM
4 NovCyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain.  Imperva, a Thales company, re…THEHACKERNEWS.COM
4 NovGoogle’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database EngineGoogle said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the "first real-world vulnerability" uncov…THEHACKERNEWS.COM
4 NovA Massive Hacking Toolkit From “You Dun” Threat Group Developed To Lauch Massive Cyber AttackThe “You Dun” hacking group exploited vulnerable Zhiyuan OA software using SQL injection, leveraging tools like WebLogicScan, Vulmap, and Xray for reconnaissance. They further escalated privileges on compromised hosts with tools like traitor and CDK. Active Cobalt Str…GBHACKERS.COM
4 NovEmbargo Ransomware Actors Abuses Safe Mode To Disable Security SolutionsIn July 2024, the ransomware group Embargo targeted US companies using the malicious loader MDeployer and EDR killer MS4Killer. MDeployer deployed MS4Killer, which disabled security products, before executing the Embargo ransomware.  The ransomware encrypted files with a ran…GBHACKERS.COM
4 NovMicrosoft SharePoint RCE bug exploited to breach corporate networksubmitted by kid to cybersecurity 4 points | 0 comments https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-rce-bug-exploited-to-breach-corporate-network/SH.ITJUST.WORKS
4 NovGerman Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects ArrestedGerman law enforcement authorities have announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to easily mount distributed denial-of-service (DDoS) attacks. "The platform made such DDoS attacks accessible to a wide range of …THEHACKERNEWS.COM
4 NovNew Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s MachineA security researcher discovered a vulnerability in Windows theme files in the previous year, which allowed malicious actors to steal Windows users’ credentials. When a theme file specifies a network path for specific properties, like the brand image or wallpaper, Windows a…GBHACKERS.COM
4 NovGoogle Says Its AI Found SQLite Vulnerability That Fuzzing MissedGoogle has showcased the capabilities of its Big Sleep LLM agent, which found a previously unknown exploitable memory safety issue in SQLite. The post Google Says Its AI Found SQLite Vulnerability That Fuzzing Missed appeared first on SecurityWeek .SECURITYWEEK.COM
4 NovAs scams targeting the U.S. 2024 presidential election flood the darknet, here’s how to shore up cybersecurity defensesThe 2024 United States presidential election is rapidly approaching, and malicious actors are capitalizing on the attention and activity surrounding the election season to execute their scams. Fortinet recently released its FortiGuard Labs Threat Intelligence Report: Threat Actor…CSOONLINE.COM
4 NovCritical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and PoisoningCybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilit…THEHACKERNEWS.COM
4 NovToday's Hybrid Work Era: Integrated Approach & Implementing Identity - ESW #382Today’s cyber threat actors are capitalizing on organizations’ identity vulnerabilities, such as MFA. Nearly 75% of cloud security failures now result from mismanaged identities, access, and privileges, and the identity attack surface is becoming more challenging to protect as co…YOUTUBE.COM
4 NovRecall, Russia, Win 10, Phish n Ships, Midnight Blizzard, Rob Allen, and More... - SWN #427Recall III: the Re-Re-Recalling, Russia, Win 10, Phish n Ships, Midnight Blizzard, Emerald Whale, Rob Allen, and More, on this edition of the Security Weekly News. Segment Resources: https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-ch…YOUTUBE.COM
4 NovCustom "Pygmy Goat" malware used in Sophos Firewall hack on govt networkUK's National Cyber Security Centre (NCSC) has published an analysis of a Linux malware named "Pigmy Goat" created to backdoor Sophos XG firewall devices as part of recently disclosed attacks by Chinese threat actors. [...]BLEEPINGCOMPUTER.COM
4 NovCelebrating 5 Million Learners: The Evolution of KnowBe4's Compliance PlusWhen you think of KnowBe4, you might immediately picture phishing simulations, password security modules, or other security awareness training topics.KNOWBE4.COM
4 NovPolice Doxing of Criminals Raising Ransomware-Attack StakesIncident Responders Say Disruptions Help, See No Spike in Median Ransom Payments For anyone dreaming of law enforcement agencies arresting ransomware bigwigs, or intelligence agencies taking them out with drone strikes, keep on hoping. But here's good news: ransom payments haven'…DATABREACHTODAY.CO.UK
4 NovBypassing ChatGPT Safety Guardrails, One Emoji at a TimeMozilla Researcher Uses Non-Natural Language to Jailbreak GPT-4o Anyone can jailbreak GPT-4o's security guardrails with hexadecimal encoding and emojis. A Mozilla researcher demonstrated the jailbreaking technique, tricking OpenAI's latest model into generating python exploits an…DATABREACHTODAY.CO.UK
4 NovABB Smart Building Software Flaws Invite In HackersProof of Concepts Available for Cylon Aspect Energy Management Software Vulnerabilities in a smart building energy management system including an easily exploitable, two-year-old flaw that hasn't been widely patched could let hackers take over instances misconfigured to allow int…DATABREACHTODAY.CO.UK
4 NovNokia investigates breach after hacker claims to steal source codeNokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company's stolen source code. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 13[−]
4 NovHackers Downgrading Remote Desktop Security Setting For Unauthorized AccessThe attackers use a multi-stage attack, starting with a malicious LNK file disguised as a healthcare-related document. This file, likely sent via phishing emails, triggers PowerShell commands to download and execute additional payloads from a remote server. These payloads allow r…GBHACKERS.COM
4 NovYour KnowBe4 Compliance Plus Fresh Content Updates from October 2024Check out the October updates in Compliance Plus so you can stay on top of featured compliance training content.KNOWBE4.COM
4 NovCISA Director Sees No Threats Impacting Election OutcomeUS Cyber Defense Agency Dismisses Claims of Fraud and Assures Secure Election Day The director of the Cybersecurity and Infrastructure Security Agency said Monday the agency has not seen any evidence of material threats that could sway the nationwide results, despite escalating c…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 18[−]
4 NovZ-lib - 9,737,374 breached accountsIn June 2024, almost 10M user records from Z-lib were discovered exposed online . Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers. The exposed data included usernames, email addresses, countries of …HAVEIBEENPWNED.COM
4 NovChina is an increasing threat in Cyber Security: Cyber Security Today for Monday, November 4, 2024Chinese Cybersecurity Threats: Espionage in Silicon Valley, Canadian Government Infiltration, and Persistent Botnets In this special edition of Cyber Security Today, host Jim Love discusses three alarming stories illustrating the increasing cybersecurity threats posed by China. T…CYBERSECURITYTODAY.LIBSYN.COM
4 Nov(PDF neutering) Not all PDFs are documents; some are apps! Insurance company sent me a form to sign as a PDF with JavaScript. Is it a tracker?submitted by evenwicht to cybersecurity 3 points | 0 comments cross-posted from: lemmy.sdf.org/post/24645301 They emailed me a PDF. It opened fine with evince and looked like a simple doc at first. Then I clicked on a field in the form. Strangely, instead of simply populating the…INFOSEC.PUB
4 NovCity of Columbus Ransomware Attack Impacts 500,000 PeopleThe City of Columbus says the personal information of 500,000 people was stolen in a ransomware attack. The post City of Columbus Ransomware Attack Impacts 500,000 People appeared first on SecurityWeek .SECURITYWEEK.COM
4 NovRussia, Iran, And China Influence U.S. Elections, Microsoft WarnsThe researchers have observed consistent efforts by Russia, Iran, and China to exert foreign influence on democratic processes in the United States.  Recent U.S. government actions have exposed Iranian cyberattacks on the Trump-Vance campaign and the dissemination of stolen …GBHACKERS.COM
4 NovInterlock Ransomware Puts FreeBSD Servers in Critical Danger Worldwidesubmitted by kid to cybersecurity 1 points | 0 comments https://www.secureblink.com/cyber-security-news/interlock-ransomware-puts-free-bsd-servers-in-critical-danger-worldwideSH.ITJUST.WORKS
4 NovChinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray AttacksResearchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to launch highly evasive password spray attacks, successfully stealing credentials from multiple Microsoft customers. The stolen credentials are then leveraged by threa…GBHACKERS.COM
4 Nov210,000 Impacted by Saint Xavier University Data BreachSaint Xavier University is notifying over 210,000 individuals of personal information compromise in a July 2023 data breach. The post 210,000 Impacted by Saint Xavier University Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
4 NovCity of Columbus: Data of 500,000 stolen in July ransomware attack​The City of Columbus, Ohio, notified 500,000 individuals that a ransomware gang stole their personal and financial information in a July 2024 cyberattack. [...]BLEEPINGCOMPUTER.COM
4 NovColumbus says ransomware gang stole personal data of 500,000 Ohio residentsColumbus says hackers accessed resident's Social Security numbers and bank account details © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
4 NovCyberattack disrupts classes at Irish technology university.submitted by Dot to cybersecurity 2 points | 0 comments https://therecord.media/cyberattack-disrupts-classes-at-irish-tech-universitySH.ITJUST.WORKS
4 NovGrenzen zwischen Cyberspionage und Cybercrime verschwimmenHacker aus China, Nord-Korea, Russland und dem Iran erhalten immer mehr Unterstützung, um ihre kriminellen Machenschaften für den Staat einzusetzen. Andy.LIU/Shutterstock.com Staatlich geförderte Bedrohungsakteure sind keine Unbekannten, wenn es um Operationen unter falscher Flag…CSOONLINE.COM
4 NovSchneider Electric confirms dev platform breach after hacker steals dataSchneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the company's JIRA server. [...]BLEEPINGCOMPUTER.COM
4 NovAttack Hits Small Rural Georgia Hospital, Nursing HomeMemorial Hospital and Manor Tapping Its Experience Dealing With Downtime Procedures A small community hospital and its nursing home in rural Georgia have resorted to paper charts and other manual process for patient care as they deal with a ransomware attack discovered Saturday t…DATABREACHTODAY.CO.UK
4 NovWestern Sydney University Suffers Third Major Breach in 2024Threat Actor Compromised an IT Account and Accessed Data Warehouse, Core Systems Australia's Western Sydney University said hackers breached its student management system and data warehouse to steal students' demographic and enrollment information in the third data theft incident…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 27[−]
4 NovISC Stormcast For Monday, November 4th, 2024 https://isc.sans.edu/podcastdetail/9206, (Mon, Nov 4th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
4 NovThreat Actors Allegedly Claiming Leak of Dell Partner Portal DataA well-known dark web forum threat actor allegedly claimed responsibility for leaking data from Dell’s enterprise partner portal. According to the claim, the leak exposes sensitive information of approximately 80,000 users, including user IDs and email addresses, primarily …GBHACKERS.COM
4 NovBusinesses Worldwide Targeted in Large-Scale ChatGPT Phishing CampaignBarracuda has observed a large-scale OpenAI impersonation campaign whose goal is to phish for ChatGPT credentials. The post Businesses Worldwide Targeted in Large-Scale ChatGPT Phishing Campaign appeared first on SecurityWeek .SECURITYWEEK.COM
4 NovSiemens and Rockwell Tackle Industrial Cybersecurity, but Face Customer HesitationSiemens and Rockwell Automation are taking steps to improve cybersecurity in industrial organizations, but getting customers to install security systems and upgrade ICS can still be challenging. The post Siemens and Rockwell Tackle Industrial Cybersecurity, but Face Customer Hesi…SECURITYWEEK.COM
4 NovRussian Hackers Attacking Ukraine Military With Malware Via TelegramResearchers discovered a Russian-linked threat actor, UNC5812, utilizing a Telegram persona named “Civil Defense. ” This persona has been distributing Windows and Android malware disguised as legitimate software designed to aid potential conscripts in Ukraine. Once in…GBHACKERS.COM
4 NovSingapore’s Government Directed ISPs To Block Access To Ten Inauthentic WebsitesSingapore’s government has instructed internet service providers to block access to websites deemed “inauthentic,” which are believed to be part of hostile information campaigns potentially targeting Singapore. The government’s action is intended to combat the distribution …GBHACKERS.COM
4 NovSophos Versus the Chinese HackersReally interesting story of Sophos’s five-year war against Chinese hackers.SCHNEIER.COM
4 NovSYS01 InfoStealer Malware Attacking Meta Business Page To Steal LoginsThe ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to distribute the SYS01 InfoStealer through ElectronJs applications disguised as legitimate software like video editors, productivity tools, and streaming services. The campaign leverage…GBHACKERS.COM
4 NovFBI Seeking Information on Chinese Hackers Targeting Sophos FirewallsThe FBI is asking for information on the Chinese threat actors targeting Sophos edge devices to compromise private and government entities. The post FBI Seeking Information on Chinese Hackers Targeting Sophos Firewalls appeared first on SecurityWeek .SECURITYWEEK.COM
4 NovMassive Midnight Blizzard Phishing Attack Using Weaponized RDP FilesResearchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in various sectors. The attacks involve sending signed RDP configuration files to thousands of targets, aiming to compromise systems for intelligence gathering. The …GBHACKERS.COM
4 NovSophisticated Phishing Attack Targeting Ukraine Military SectorsThe Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against critical Ukrainian infrastructure, including government agencies, key industries, and military entities. Phishing emails promoting integration with Amazon, Microsoft, …GBHACKERS.COM
4 NovEvasive Panda Attacking Cloud Services To Steal Data Using New ToolkitThe Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese government entity in early 2023, which leverages three modules, CGM, CGN, and COL, to hijack web sessions and access cloud services like Google Drive, Gmail, and Outlook.  By stealing …GBHACKERS.COM
4 NovErmittler zerschlagen Drogen-Marktplatz und DDoS-Dienstsrcset="https://b2b-contenthub.com/wp-content/uploads/2024/11/shutterstock_1121900963.jpg?quality=50&strip=all 5333w, https://b2b-contenthub.com/wp-content/uploads/2024/11/shutterstock_1121900963.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
4 NovUS Sentences Nigerian to 26 Years in Prison for Stealing Millions Through PhishingKolade Akinwale Ojelade was sentenced to 26 years in prison in the US for compromising email accounts through phishing and stealing millions. The post US Sentences Nigerian to 26 Years in Prison for Stealing Millions Through Phishing appeared first on SecurityWeek .SECURITYWEEK.COM
4 NovSupply Chain Attack Using Ethereum Smart Contracts to Distribute Multi-Platform Malware.submitted by Dot to cybersecurity 1 points | 0 comments https://checkmarx.com/blog/supply-chain-attack-using-ethereum-smart-contracts-to-distribute-multi-platform-malware/SH.ITJUST.WORKS
4 NovAttackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale.submitted by Dot to cybersecurity 0 points | 0 comments https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/SH.ITJUST.WORKS
4 NovMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
4 NovHackers Claim Access to Nokia Internal Data, Selling for $20,000.submitted by Dot to cybersecurity 1 points | 0 comments https://hackread.com/hackers-claim-access-nokia-internal-data-selling-20k/SH.ITJUST.WORKS
4 NovWhat if securing buildings was as easy as your smartphone? - Blaine Frederick - ESW #382The future is here! Imagine if you could get into the office, a datacenter, or even an apartment building as easily as you unlock your smartphone. Alcatraz AI is doing exactly that with technology that works similarly to how smartphones unlock using your face. It works in the dar…YOUTUBE.COM
4 NovFunding, AI controls your PC, Cyberstarts stops Sunrise, public cyber goes private - ESW #382This week, in the enterprise security news: 1. the latest cybersecurity fundings 2. Cyera acquires Trail Security 3. Sophos acquires Secureworks 4. new companies and products 5. more coverage on Cyberstarts’ sunrise program 6. AI can control your PC 7. public cybersecurity compan…YOUTUBE.COM
4 NovIf Social Engineering Is 70% - 90% of Attacks, Why Aren’t We Acting Like It?Over a decade ago, I noticed that social engineering was the primary cause for all malicious hacking. It has been that way since the beginning of computers, but it took me about half of my 36-year career to realize it.KNOWBE4.COM
4 NovMarcus Hutchins' Video Is WILD – And Here’s Why You Need to Watch ItEver heard of Marcus Hutchins? In just 8 minutes, he takes you on a wild journey through cybersecurity, scanning the entire internet, and accidentally creating a botnet 😱. This video blew Paul's mind – it’s entertaining, educational, and brilliantly produced. Paul watches a ton o…YOUTUBE.COM
4 NovDocuSign's Envelopes API abused to send realistic fake invoicesThreat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal. [...]BLEEPINGCOMPUTER.COM
4 NovSEC Moves to Get Foreign Testimony in SolarWinds Fraud CaseTestimony Request Targets Cybersecurity Concerns Raised by Ex-SolarWinds Engineer In its fraud case against SolarWinds, the SEC is pursuing testimony from former SolarWinds engineer Robert Krajcir - who lives in the Czech Republic - to address claims of lax cybersecurity practice…DATABREACHTODAY.CO.UK
4 NovUK Banks Urged to Gird for CrowdStrike-Like OutageRegulator Tells Regulators to Enhance Third-Party Service Security British financial institutions must ensure by this spring that they could reasonably weather a third party tech outage on the scale of July's global meltdown of 8.5 million computers triggered by a faulty update f…DATABREACHTODAY.CO.UK
4 NovHow Microsoft Defender for Office 365 innovated to address QR code phishing attacksThis blog examines the impact of QR code phishing campaigns and the innovative features of Microsoft Defender for Office 365 that help combat evolving cyberthreats. The post How Microsoft Defender for Office 365 innovated to address QR code phishing attacks appeared first on Micr…MICROSOFT.COM
4 NovTop Financial, Cyber Experts Gathering for ISMG's NYC SummitNov. 7 Summit to Confront the Next Generation of Financial Cyber Risks ISMG’s 2024 Financial Services Cybersecurity Summit kicks off Thursday in New York City, bringing together industry leaders and cyber experts to explore critical defense strategies, including digital identity …DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 2[−]
4 NovWindows infected with backdoored Linux VMs in new phishing attacksA new phishing campaign dubbed 'CRON#TRAP' infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks. [...]BLEEPINGCOMPUTER.COM
4 NovSOC Around the Clock: World Tour Survey FindingsTrend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of cybersecurity, from job pressures to the need for more advanced tools. Explore what SOC teams had to say.TRENDMICRO.COM
📡 INFOSEC NEWS 12[−]
4 NovAnalyzing an Encrypted Phishing PDF, (Mon, Nov 4th)Once in a while, I get a question about my pdf-parser.py tool, not able to decode strings and streams from a PDF document. ISC.SANS.EDU
4 NovIndustry Moves for the week of November 4, 2024 - SecurityWeekExplore industry moves and significant changes in the industry for the week of November 4, 2024. Stay updated with the latest industry trends and shifts.SECURITYWEEK.COM
4 NovMicrosoft confirms Windows Server 2025 blue screen, install issues​Microsoft has confirmed several bugs causing install and Blue Screen of Death (BSOD) issues impacting Windows Server 2025 systems with more than 256 logical processors. [...]BLEEPINGCOMPUTER.COM
4 NovTHN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03)This week was a total digital dumpster fire! Hackers were like, "Let's cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? 🕵️‍♀️) We're talking password-stealing bots, sneaky extensi…THEHACKERNEWS.COM
4 NovSolving the painful password problem with better policiesWeak and reused credentials continue to plague users and organizations. Learn from Specops software about why passwords are so easy to hack and how organizations can fortify their security efforts. [...]BLEEPINGCOMPUTER.COM
4 NovWindows Server 2025 released—here are the new features​Microsoft has announced that Windows Server 2025, the latest version of its server operating system, is generally available starting Friday, November 1st. [...]BLEEPINGCOMPUTER.COM
4 NovDefense-in-Depth: Not Deep EnoughDATABREACHTODAY.CO.UK