23Articles
8Categories
2024-11-08Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
8 Nov KEVCISA Alerts to Active Exploitation of Critical Palo Alto Networks VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked…THEHACKERNEWS.COM
8 NovCISA Warns of Critical Palo Alto Networks Vulnerability Exploited in AttacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability in Palo Alto Networks’ Expedition tool, which could lead to severe security breaches. The vulnerability, CVE-2024-5910, is classified as a “Missing Authent…GBHACKERS.COM
8 Nov KEV2023 Top Routinely Exploited VulnerabilitiesSummary The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (hereafter collectively referred to as the authoring agencies): United States: The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and Nat…CISA.GOV
8 NovVEEAM exploit seen used again with a new ransomware: “Frag”Last month, Sophos X-Ops reported several MDR cases where threat actors exploited a vulnerability in Veeam backup servers. We continue to track the activities of this threat cluster, which recently included deployment of a new ransomware. The vulnerability, CVE-2024-40711, was us…SOPHOS.COM
⚠️ VULNERABILITY DISCLOSURE 7[−]
8 NovChoosing AI: the 7 categories cybersecurity decision-makers need to understandMost of the chatter about artificial intelligence (AI) in cybersecurity concerns the technology’s use in augmenting and automating the traditional functional tasks of attackers and defenders, like how AI will improve vulnerability scanning or how large language models (LLMs) migh…CSOONLINE.COM
8 NovThe US Department of Defense has finalized cyber rules for its suppliersA new rule by the US Department of Defense to ensure that contractors and subcontractors are implementing information security measures required by the federal government is set to take effect 60 days after publication in the Federal Register on October 15. The rule governs the a…CSOONLINE.COM
8 NovCanada Orders TikTok To Close Operations: Cyber Security Today for Friday, November 8th, 2024FBI Warnings, TikTok's Canadian Shutdown, Major Data Breach Arrests & More | Cybersecurity Today In this episode of Cybersecurity Today, host Jim Love highlights the FBI's warning about growing phishing attacks exploiting government email credentials, leading to potential data th…CYBERSECURITYTODAY.LIBSYN.COM
8 NovAI Industry is Trying to Subvert the Definition of “Open Source AI”The Open Source Initiative has published (news article here ) its definition of “open source AI,” and it’s terrible . It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training data…SCHNEIER.COM
8 NovAndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud ServicesThe threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintai…THEHACKERNEWS.COM
8 NovThe vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity PowerhousesWe’ve all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses (SMBs) are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Sec…THEHACKERNEWS.COM
8 NovMalicious NPM Packages Target Roblox Users with Data-Stealing MalwareA new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber. "This incident highlights the alarming ease with which threat actors can launch su…THEHACKERNEWS.COM
📋 SECURITY BULLETINS 1[−]
8 NovWebinar: Learn How Storytelling Can Make Cybersecurity Training Fun and EffectiveLet’s face it—traditional security training can feel as thrilling as reading the fine print on a software update. It’s routine, predictable, and, let’s be honest, often forgotten the moment it's over. Now, imagine cybersecurity training that’s as unforgettable as your favorite sh…THEHACKERNEWS.COM
📢 SECURITY ADVISORIES 1[−]
8 NovUS consumer protection agency bans employee mobile calls amid Chinese hack fearsThe US Consumer Financial Protection Bureau (CFPB) has issued an urgent directive barring employees and contractors from using mobile phones for work-related calls, following a major breach in US telecommunications infrastructure attributed to Chinese-linked hackers. According to…CSOONLINE.COM
🔥 INCIDENT REPORTING 2[−]
8 NovNew CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade AntivirusCybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts. The "intriguing" campaign, codenamed CRON#TRAP, starts with a malicious W…THEHACKERNEWS.COM
8 NovDarkNet Diaries Ep 151: Chris Rocksubmitted by ashar to security_cpe 6 points | 0 comments https://darknetdiaries.com/transcript/151/ DarkNet Diaries Ep 151: Chris Rock Chris Rock is known for being a security researcher. But he’s also a black hat incident responder. He tells us about a job he did in the middle e…INFOSEC.PUB
🕵️ THREAT INTELLIGENCE 6[−]
8 NovISC Stormcast For Friday, November 8th, 2024 https://isc.sans.edu/podcastdetail/9214, (Fri, Nov 8th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
8 NovBreaking Down Earth Estries' Persistent TTPs in Prolonged Cyber OperationsDiscover how Earth Estries employs a diverse set of tactics, techniques, and tools, including malware such as Zingdoor and Snappybee, for its campaigns.TRENDMICRO.COM
8 NovFriday Squid Blogging: Squid-A-Rama in Des MoinesSquid-A-Rama will be in Des Moines at the end of the month. Visitors will be able to dissect squid, explore fascinating facts about the species, and witness a live squid release conducted by local divers. How are they doing a live squid release? Simple: this is Des Moines, Washin…SCHNEIER.COM
8 NovIcePeony and Transparent Tribe Target Indian Entities with Cloud-Based ToolsHigh-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of…THEHACKERNEWS.COM
8 NovSpyAgent malware targets crypto wallets by stealing screenshotsA new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices. Here’s ho…SECURITYINTELLIGENCE.COM
8 NovKaspersky uncovers a crypto game created by Lazarus APT | Kaspersky official blogA new version of the classic tank game, DeTankZone, turned out to be a trap.KASPERSKY.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
8 NovLife on a crooked RedLine: Analyzing the infamous infostealer’s backendFollowing the takedown of RedLine Stealer by international authorities, ESET researchers are publicly releasing their research into the infostealer’s backend modulesWELIVESECURITY.COM
📡 INFOSEC NEWS 1[−]
8 NovFBI says hackers are sending fraudulent police data requests to tech giants to steal people’s private informationThe warning is a rare admission from the FBI about the threat from fake emergency data requests submitted by hackers with access to police email accounts. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM