41Articles
6Categories
2024-11-15Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
15 NovHigh-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment VariablesCybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as…THEHACKERNEWS.COM
15 NovCVE-2024-49060 Azure Stack HCI Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
15 NovCritical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code RemotelyA critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors to remotely compromise affected devices. The vulnerability, identified as CVE-2024-11237, affects TP-Link VN020 F3v(T) routers running firmware version TT_V6.2.1021, whic…GBHACKERS.COM
15 NovCritical Laravel Vulnerability CVE-2024-52301 Allows Unauthorized AccessCVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building web applications. The vulnerability allows unauthorized access by exploiting improperly validated inputs, potentially leading to privilege escalation, data tampering, or ful…GBHACKERS.COM
15 Nov4M+ WordPress Websites to Attacks, Following Plugin VulnerabilityA critical vulnerability has been discovered in the popular “Really Simple Security” WordPress plugin, formerly known as “Really Simple SSL,” putting over 4 million websites at risk. The flaw, identified as CVE-2024-10924, exposes websites using the plugin…GBHACKERS.COM
15 Nov KEVCISOs who delayed patching Palo Alto vulnerabilities now face real threatTwo of six critical vulnerabilities in Palo Alto Networks’ Expedition Migration tool, which the company patched in October, are being actively exploited according to the US Cybersecurity and Infrastructure Security Agency. CISA has now added the two vulnerabilities — CVE-2024-946…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 14[−]
15 NovNew Report Details Cyber Security Scams For Retailers At Christmas: Cyber Security Today for Friday, November 15, 2024Holiday Cyber Threats, Secret Service Surveillance & AI Safety with DOE In today's episode of Cybersecurity Today, host Jim Love covers essential cybersecurity topics heating up this holiday season. A new report from B4AI unveils sophisticated scams targeting online shoppers, inc…CYBERSECURITYTODAY.LIBSYN.COM
15 NovResearchers Warn of Privilege Escalation Risks in Google's Vertex AI ML PlatformCybersecurity researchers have disclosed two security flaws in Google's Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud. "By exploiting custom job permissions, we were …THEHACKERNEWS.COM
15 Nov KEVCISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack ConfirmedThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition software have come under active exploitation in the wild. To that end, it has added the vulnerabilities to its Known Exploited Vulne…THEHACKERNEWS.COM
15 NovPhishing Attacks Exploit Microsoft Visio Files and SharePointThreat actors are exploiting Microsoft Visio files and SharePoint to launch two-step phishing attacks, according to researchers at Perception Point.KNOWBE4.COM
15 NovChinese SilkSpecter Hackers Attacking Black Friday ShoppersSilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers in Europe and the USA during the Black Friday shopping season.  The campaign leveraged the legitimate payment processor Stripe to steal victims…GBHACKERS.COM
15 NovCybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online StoresThe research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to malicious e-commerce websites, leveraging multiple SEO malware families to achieve their goal. Three distinct threat actor groups were identified, each employing a unique malware famil…GBHACKERS.COM
15 Nov KEVRetrofitting spatial safety to hundreds of millions of lines of C++Posted by Alex Rebert and Max Shavrick, Security Foundations, and Kinuko Yasuda, Core Developer Attackers regularly exploit spatial memory safety vulnerabilities , which occur when code accesses a memory allocation outside of its intended bounds, to compromise systems and sensiti…SECURITY.GOOGLEBLOG.COM
15 NovMisconfigurations can cause many Microsoft Power Pages sites to expose sensitive dataMany websites built with Microsoft Power Pages expose sensitive information from their databases due to a poor understanding of access control configurations and default settings, according to a report from researchers at SaaS security provider AppOmni. Insecure custom code imple…CSOONLINE.COM
15 NovSecurity awareness training: Topics, best practices, costs, free optionsWhat is security awareness training? Security awareness training is a cybersecurity program that aims to educate everyone in an organization about potential cyber threats, as well as actions they can take to help keep the organization’s assets safe. Security awareness training se…CSOONLINE.COM
15 NovGenAI-Security als ChecklisteDas Open Web Application Security Project (OWASP) gibt Unternehmen eine Checkliste für (mehr) GenAI-Sicherheit an die Hand. Foto: Gannvector | shutterstock.com Während Unternehmen wie OpenAI, Anthropic, Google oder Microsoft aber auch Open-Source-Alternativen bei ihren Generative…CSOONLINE.COM
15 NovHow CISOs Shaped Our Platform (And Became Investors!)In this short, we dive into how experienced CISOs helped shape Onyxia's platform, bringing their real-world challenges to the table. These advisors didn’t just stop at giving advice – they believed in them so much that some became investors themselves! Watch how their insights he…YOUTUBE.COM
15 NovAI and the Autonomous SOC - Separating Hype from Reality - Itai Tevet - ESW #384There have been a lot of bold claims about how generative AI and machine learning will transform the SOC. Ironically, the SOC was (arguably) invented only because security products failed to make good on bold claims. The cybersecurity market is full of products that exist only to…YOUTUBE.COM
🔥 INCIDENT REPORTING 5[−]
15 NovIranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli OrganizationsCybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands. Cybersecurity company Check Point has codenamed the malware We…THEHACKERNEWS.COM
15 NovHow AI Is Transforming IAM and Identity SecurityIn recent years, artificial intelligence (AI) has begun revolutionizing Identity Access Management (IAM), reshaping how cybersecurity is approached in this crucial field. Leveraging AI in IAM is about tapping into its analytical capabilities to monitor access patterns and identif…THEHACKERNEWS.COM
15 NovHalf of all Ransomware Attacks This Year Targeted Small BusinessesNew data shows just how crippling ransomware has been on small businesses that have fallen victim to an attack and needed to pay the ransom.KNOWBE4.COM
15 NovBlack Basta Ransomware Leveraging Social Engineering For Malware DeploymentBlack Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in 2022 by employing sophisticated social engineering techniques to infiltrate target networks, often leveraging advanced malware to compromise systems undetected.  Once inside, Black…GBHACKERS.COM
15 NovCybersecurity dominates concerns among the C-suite, small businesses and the nationOnce relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of so…SECURITYINTELLIGENCE.COM
🕵️ THREAT INTELLIGENCE 6[−]
15 NovFriday Squid Blogging: Female Gonatus Onyx Squid Carrying Her EggsFantastic video of a female Gonatus onyx squid swimming while carrying her egg sack. An earlier related post . Blog moderation policy.SCHNEIER.COM
15 NovGood Essay on the History of Bad Password PoliciesStuart Schechter makes some good points on the history of bad password policies: Morris and Thompson’s work brought much-needed data to highlight a problem that lots of people suspected was bad, but that had not been studied scientifically. Their work was a big step forward…SCHNEIER.COM
15 NovVietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and AsiaA Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer. The malware "targets victims' sensitive information, including credentials for…THEHACKERNEWS.COM
15 NovDatenpanne bei Tibber: 50.000 deutsche Kunden betroffenHacker sind in das System des Stromanbieters Tribber eingedrungen. Black_Kira – Shutterstock.com Der deutsche Standort des norwegischen Stromanbieters Tibber wurde kürzlich von Hackern angegriffen. Nach Angaben des Unternehmens haben die Angreifer Daten von etwa 50.000 Nutzern en…CSOONLINE.COM
15 NovGranny Bots, Microsoft, Shrinklocker, SlugResin, BlueSky, Aaran Leyland, and More... - SWN #431Granny Bots, Microsoft, Shrinklocker, SlugResin, BlueSky, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-431YOUTUBE.COM
15 NovSimple Include Statement Hides Casino Spamsubmitted by Joker to cybersecurity 7 points | 0 comments https://blog.sucuri.net/2024/11/simple-include-statement-hides-casino-spam.htmlSH.ITJUST.WORKS
🌐 CYBER THREAT LANDSCAPE 1[−]
15 NovNSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documentsNewly unsealed documents brought by a WhatsApp lawsuit shows NSO Group's spyware, Pegasus, was used to hack as many as "tens of thousands” of devices. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
📡 INFOSEC NEWS 9[−]
15 NovAn Interview With the Target & Home Depot HackerIn December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using th…KREBSONSECURITY.COM
15 NovLive Webinar: Dive Deep into Crypto Agility and Certificate ManagementIn the fast-paced digital world, trust is everything—but what happens when that trust is disrupted? Certificate revocations, though rare, can send shockwaves through your operations, impacting security, customer confidence, and business continuity. Are you prepared to act swiftly…THEHACKERNEWS.COM
15 NovBitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in BitcoinIlya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday. Lichtenstein was charged for his involvement in a money laundering scheme that le…THEHACKERNEWS.COM
15 NovWebscout Is Worth Checking OutPACKETSTORMSECURITY.COM
15 NovThe Mysterious Call That Changed Election Security! 📞 #MaricopaWhen I got that call about the CrowdStrike outage in Maricopa County, I had no idea it would open up a hidden side of election security. 🔍 It wasn’t just any call—it was from someone right in the heart of a battleground state’s primary election. Cybersecurity in elections has alw…YOUTUBE.COM
15 NovSecurity Defaults in Microsoft 365… Here’s What You Missed!Microsoft made a big move to secure your M365 accounts, but did you know about the hidden feature they added? 🔒 With the new security defaults, anyone creating an M365 account now has extra protection enabled by default, like mandatory MFA enrollment and conditional access. But h…YOUTUBE.COM