45Articles
7Categories
2024-11-14Date
🚨 CISA KEV 1[−]
14 Nov KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability CVE-2024-9465  Palo Alto Networks Expedition SQL Injection V…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 14[−]
14 NovRussian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing EmailsA newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoo…THEHACKERNEWS.COM
14 NovChromium: CVE-2024-11110 Inappropriate implementation in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
14 NovChromium: CVE-2024-11111 Inappropriate implementation in AutofillThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
14 NovCVE-2024-49040 Microsoft Exchange Server Spoofing VulnerabilityAdded an FAQ to indicated that we have temporarily paused the rollout of this update. Please see the Exchange Server [Blog entry](https://techcommunity.microsoft.com/blog/exchange/released-november-2024-exchange-server-security-updates/4293125) for more information.MSRC.MICROSOFT.COM
14 NovChromium: CVE-2024-11116 Inappropriate implementation in PaintThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
14 NovChromium: CVE-2024-11113 Use after free in AccessibilityThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
14 NovChromium: CVE-2024-11115 Insufficient policy enforcement in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
14 NovChromium: CVE-2024-11112 Use after free in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
14 NovChromium: CVE-2024-11117 Inappropriate implementation in FileSystemThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
14 NovChromium: CVE-2024-11114 Inappropriate implementation in ViewsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
14 NovCVE-2024-43598 LightGBM Remote Code Execution VulnerabilityUpdated FAQs and updated the CVSS score. These are informational changes only.MSRC.MICROSOFT.COM
14 NovCitrix admins advised to install hotfixes to block vulnerabilitiesCISOs with Citrix Virtual Apps and Desktop in their environments should patch two holes that could give an authenticated hacker the ability to escalate privileges and run remote code. This warning comes after the discovery by researchers at watchTowr of the vulnerabilities, who s…CSOONLINE.COM
14 NovCVE-2024-43451 allows stealing NTLMv2 hash | Kaspersky official blogPatch Tuesday, November 2024: CVE-2024-43451, used in real attacks, permits stealing an NTLMv2 hash with minimal interaction from the victim.KASPERSKY.COM
⚠️ VULNERABILITY DISCLOSURE 9[−]
14 NovNew iOS Security Feature Makes It Harder for Police to Unlock Seized PhonesEverybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted. This is a really good security feature. But various …SCHNEIER.COM
14 NovCISA Releases Nineteen Industrial Control Systems AdvisoriesCISA released nineteen Industrial Control Systems (ICS) advisories on November 14, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-319-01 Siemens RUGGEDCOM CROSSBOW ICSA-24-319-02 Siemens SIPO…CISA.GOV
14 NovSmashing Security podcast #393: Who needs a laptop to hack when you have a Firestick?Arion Kurtaj, a teenager from the UK, amassed a fortune through audacious cybercrimes. From stealing Grand Theft Auto 6 secrets to erasing Brazil's COVID vaccination data, his exploits were legendary. But his hacking spree took a bizarre turn when he was placed under police prote…GRAHAMCLULEY.COM
14 NovOvercome fragmented cloud security operations with unified XDR and SIEMAs any security practitioner can attest, it takes many resources and a great deal of manpower to protect dynamic hybrid and multicloud environments. Today, the average organization deploys anywhere from 41 to 60 disparate security tools spread across as many as 10 different vendo…CSOONLINE.COM
14 NovImplementing zero trust in AI and LLM architectures: A practitioner’s guide to secure and responsible AI systemsIn the rapidly evolving landscape of artificial intelligence (AI) and large language models (LLMs), security can no longer be an afterthought. Implementing robust security measures is paramount as these technologies become integral to enterprise operations. However, proper securi…CSOONLINE.COM
14 NovUS says China conducted massive espionage through breached telcosMultiple US telecommunications companies were hacked into by a People’s Republic of China (PRC)-backed threat actor to carry out a full-blown cyber-espionage attack, according to a joint FBI and CISA statement issued on Wednesday. During what the FBI is calling a “broad and signi…CSOONLINE.COM
14 NovHow to defend Microsoft networks from adversary-in-the-middle attacksAn office worker received an email that appeared to be from a vendor but was caught in quarantine and the user requested its release. It looked innocent enough, so an administrator released the email. The user clicked on the email to review the contents, which included an attache…CSOONLINE.COM
📢 SECURITY ADVISORIES 4[−]
14 NovFBI confirms China-backed hackers breached US telecom giants to steal wiretap dataThe FBI and CISA say they have uncovered a "broad and significant" China-linked cyber espionage campaign © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
14 NovNIST publishes timeline for quantum-resistant cryptography, but enterprises must move fasterThe US National Institute of Standards and Technology (NIST) on Tuesday published its timetables for moving government agencies off current types of encryption onto what they hope will be quantum-resistant encryption by 2035. But analysts urge enterprises to move much more quickl…CSOONLINE.COM
14 NovAutonomous security for cloud in AWS: Harnessing the power of AI for a secure futureAs the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This …SECURITYINTELLIGENCE.COM
🔥 INCIDENT REPORTING 3[−]
14 Nov5 BCDR Oversights That Leave You Exposed to RansomwareRansomware isn’t just a buzzword; it’s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods…THEHACKERNEWS.COM
14 NovShrinkLocker ransomware: what you need to knowShrinkLocker is a family of ransomware that encrypts an organisation's data and demands a ransom payment in order to restore access to their files. It was first identified by security researchers in May 2024, after attacks were observed in Mexico, Indonesia, and Jordan. Read more…TRIPWIRE.COM
14 NovHacker brüsten sich mit gestohlenen Destatis-Datensrcset="https://b2b-contenthub.com/wp-content/uploads/2024/11/shutterstock_2206522337.jpg?quality=50&strip=all 4000w, https://b2b-contenthub.com/wp-content/uploads/2024/11/shutterstock_2206522337.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
🕵️ THREAT INTELLIGENCE 7[−]
14 NovExperts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack SchemeMultiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. The findings come from Infoblox, which said it identified nearly 800,000 vul…THEHACKERNEWS.COM
14 NovNew RustyAttr Malware Targets macOS Through Extended Attribute AbuseThreat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked …THEHACKERNEWS.COM
14 Nov[World Premiere] KnowBe4 Debuts New Season 6 of Netflix-Style Security Awareness Video Series - “The Inside Man”We’re thrilled to announce the long-awaited sixth season of the award-winning KnowBe4 Original Series - “The Inside Man” is now available in the KnowBe4 ModStore!KNOWBE4.COM
14 NovThe Intersection of Marketing and TechnologyThe modern marketer must embrace technology to increase speed to market, improve competitiveness and deliver personalized and exceptional user experiences. The post The Intersection of Marketing and Technology appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
14 Nov2025 Predictions — How One Year Will Redefine the Cybersecurity IndustryThese predictions underscore the new pillars of cybersecurity – platform unity, data transparency and strategic partnerships – defining success in 2025. The post 2025 Predictions — How One Year Will Redefine the Cybersecurity Industry appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
14 NovBlueHat 2024 - 33 talkssubmitted by ashar to security_cpe 3 points | 0 comments https://infosec.pub/pictrs/image/f7686036-da47-4831-9a74-e712bfe4c618.jpeg BlueHat 2024 Schedule PDF BlueHat 2024 PlaylistINFOSEC.PUB
14 NovESET APT Activity Report Q2 2024–Q3 2024: Key findingsESET Chief Security Evangelist Tony Anscombe highlights some of the most intriguing insights revealed in the latest ESET APT Activity ReportWELIVESECURITY.COM
📡 INFOSEC NEWS 7[−]
14 NovGoogle Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto SchemesGoogle has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. "Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to de…THEHACKERNEWS.COM
14 NovTikTok Pixel Privacy Nightmare: A New Case StudyAdvertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations. But one online travel marketplace targeting young …THEHACKERNEWS.COM
14 NovNew Apple security feature reboots iPhones after 3 days, researchers confirm“Inactivity reboot" effectively puts iPhones in a more secure state by locking the user's encryption keys in the iPhone's secure enclave chip. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
14 NovBitsight buys dark web security specialist Cybersixgill for $115MMore consolidation is afoot in the world of cybersecurity. Bitsight, a cybersecurity startup last valued at $2.4 billion when ratings firm Moody’s took a stake in the business and became its largest shareholder in 2021, is acquiring Cybersixgill for $115 million. Boston-bas…TECHCRUNCH.COM
14 NovIT specialist Jack Teixeira jailed for 15 years after leaking classified military documents on DiscordJack Teixeira, the 22-year-old former Air National Guardsman who leaked hundreds of classified documents online, has been sentenced to 15 years in prison. Teixeira, who served as an IT specialist at Otis Air National Guard Base in Massachusetts, was arrested in April 2023 after a…BITDEFENDER.COM