🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
13 Nov KEVNovember 2024 Patch Tuesday patches four zero days and three critical flawsAfter hitting users with five zero-day vulnerabilities in October, November’s Patch Tuesday update has followed up with another four from a total haul of 89 CVEs. In terms of priorities, admins will want to start by patching the two zero days that are being actively exploited bef…CSOONLINE.COM
13 NovVolt Typhoon returns with fresh botnet attacks on critical US infrastructureVolt Typhoon, a China-linked cyber-espionage group, has renewed its assault on US infrastructure through an advanced botnet operation, exploiting outdated Cisco and Netgear routers to breach critical networks. Volt Typhoon’s tactics mark a sophisticated escalation, as its hackers…CSOONLINE.COM
13 Nov KEVRisky Business #770 -- A Russian IR guy discovers extremely cool spookwareOn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Apple frustrates law enforcement with iOS auto-reboot CISA says most KEV vulnerabilities in 2023 were first used as zero days Russians roll incident response on some sweet Linux sp…RISKY.BIZ
⚠️ VULNERABILITY DISCLOSURE 11[−]
13 NovMapping License Plate Scanners in the USDeFlock is a crowd-sourced project to map license plate scanners . It only records the fixed scanners, of course. The mobile scanners on cars are not mapped.SCHNEIER.COM
13 NovCisco Hits A Perfect 10 With A Critical Flaw in Industrial Wireless Systems: Cyber Security Today for Wednesday, November 13, 2024In this episode, we discuss urgent cybersecurity concerns: Cisco's critical vulnerability affecting industrial wireless systems with a CVSS 10 rating, D-Link's refusal to patch severe flaws in over 60,000 outdated NAS devices, and Amazon's data breach tied to the MoveIT vulnerabi…CYBERSECURITYTODAY.LIBSYN.COM
13 NovInside the DemandScience by Pure Incubation Data BreachPresently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device. Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them . I knew I'd seen a metric about this someti…TROYHUNT.COM
13 NovComprehensive Guide to Building a Strong Browser Security ProgramThe rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phi…THEHACKERNEWS.COM
13 NovOvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code ExecutionA security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices. "Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supp…THEHACKERNEWS.COM
13 Nov KEVMicrosoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler BugsMicrosoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday upda…THEHACKERNEWS.COM
13 NovPalo Alto Networks Emphasizes Hardening GuidanceUpdated November 15, 2024 Palo Alto Networks (PAN) has updated their informational bulletin, noting they "observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to …CISA.GOV
13 NovFortifying Defenses Against AI-Powered OSINT Cyber AttacksIn the ever-evolving landscape of cybersecurity, the convergence of Artificial Intelligence (AI) and Open-Source Intelligence (OSINT) has created new opportunities for risk.KNOWBE4.COM
13 NovCriminal Threat Actor Uses Stolen Invoices to Distribute MalwareResearchers at IBM X-Force are tracking a phishing campaign by the criminal threat actor “Hive0145” that’s using stolen invoice notifications to trick users into installing malware.KNOWBE4.COM
13 NovCitrix, Cisco, Fortinet Zero-Days Among 2023's Most Exploited VulnerabilitiesPACKETSTORMSECURITY.COM
13 NovDemandScience by Pure Incubation - 121,796,165 breached accountsIn early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum . Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that was largely business contact info…HAVEIBEENPWNED.COM
📋 SECURITY BULLETINS 2[−]
13 NovNovember Patch Tuesday loads up everyone’s plateFourteen product families affected as 2024 passes an unfortunate milestoneSOPHOS.COM
📢 SECURITY ADVISORIES 3[−]
13 NovCISA’s ScubaGear Tool Improves Security for Organizations Using M365 and Surpasses 30,000 DownloadsCISA.GOV
13 NovLW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violationsThe compliance variable has come into play in an impactful way. Related: Technology and justice systems The U.S. Security and Exchange Commission (SEC) recently laid down the hammer charging and fining four prominent cybersecurity vendors for making misleading claims in … (…LASTWATCHDOG.COM
🔥 INCIDENT REPORTING 7[−]
13 NovFree Decryptor Released for BitLocker-Based ShrinkLocker Ransomware VictimsRomanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. The decryptor is the result of a comprehensive analysis of ShrinkLocker's inner workings, allowing the researchers to discover a "spe…THEHACKERNEWS.COM
13 NovLawyer allegedly hacked with spyware names NSO founders in lawsuitSpanish lawyer Andreu Van den Eynde is suing NSO Group and its founders Omri Lavie and Shalev Hulio, accusing them of illegal hacking. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
13 NovHot Topic data breach exposed personal data of 57 million customersMillions of customers of Hot Topic have been informed that their personal data was compromised during an October data breach at the American retailer. Have I Been Pwned (HIBP), the breach notification service, said this week that it alerted 57 million Hot Topic customers that the…TECHCRUNCH.COM
13 NovSafer with Google: New intelligent, real-time protections on Android to keep you safePosted by Lyubov Farafonova, Product Manager and Steve Kafka, Group Product Manager, Android User safety is at the heart of everything we do at Google. Our mission to make technology helpful for everyone means building features that protect you while keeping your privacy top of m…SECURITY.GOOGLEBLOG.COM
13 Nov KEVAmazon bestätigt DatenklauAmazon ist von einem Datenleck betroffen. Hintergrund ist eine Sicherheitslücke bei einem Drittanbieter. bluestork – Shutterstock.com Anfang November meldete ein Cyberkrimineller unter dem Namen „Nam3L3ss“, dass er rund 2,8 Millionen Daten von Amazon erbeutet hat. Dazu zählen E-M…CSOONLINE.COM
13 NovAdversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurityNation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, “nation-state attackers are increasing their investments and launching more sophisticated cybe…SECURITYINTELLIGENCE.COM
13 NovHow to prevent company from getting hacked again | Kaspersky official blogLearning from cyber-incidents and sharing best practices to prevent incident recurrence.KASPERSKY.COM
🕵️ THREAT INTELLIGENCE 8[−]
13 NovHamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against IsraelA threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Sau…THEHACKERNEWS.COM
13 NovIranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace AttacksThe Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. "The campaign dist…THEHACKERNEWS.COM
13 NovISC Stormcast For Wednesday, November 13th, 2024 https://isc.sans.edu/podcastdetail/9220, (Wed, Nov 13th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
13 NovMicrosoft Data Security Index annual report highlights evolving generative AI security needs84% of surveyed organizations want to feel more confident about managing and discovering data input into AI apps and tools. The post Microsoft Data Security Index annual report highlights evolving generative AI security needs appeared first on Microsoft Security Blog .MICROSOFT.COM
13 NovA Security-First Approach to 6G5G and 6G can transform industries and drive the Industrial Revolution beyond connectivity. They need to provide Zero Trust, enterprise-grade security. The post A Security-First Approach to 6G appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
13 NovWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 9 points | 3 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
13 NovESET Research Podcast: GamaredonESET researchers introduce the Gamaredon APT group, detailing its typical modus operandi, unique victim profile, vast collection of tools and social engineering tactics, and even its estimated geolocationWELIVESECURITY.COM
📡 INFOSEC NEWS 4[−]
13 NovDigital Identities: Getting to Know the Verifiable Digital Credential EcosystemIf you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver’s license” or “mDL.” These terms, among others, all reference a gr…NIST.GOV