🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
19 NovApache Kafka Vulnerability Let Attackers Escalate PrivilegesA newly identified vulnerability tracked as CVE-2024-31141, has been discovered in Apache Kafka Clients that could allow attackers to escalate privileges and gain unauthorized filesystem read access. This vulnerability, rated as Moderate in severity, affects multiple versions of …GBHACKERS.COM
19 Nov KEVCISA Alert: Active Exploitation of VMware vCenter and Kemp LoadMaster FlawsNow-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-se…THEHACKERNEWS.COM
19 NovFrom MFA mandates to locked-down devices, Microsoft posts a year of SFI milestones at IgniteDuring its Ignite conference on Tuesday, Microsoft shared a progress update on its Secure Future Initiative (SFI) , introduced a year ago, which included significant measures such as enforcing multi-factor authentication (MFA) by default for new tenants, isolating close to 100,00…CSOONLINE.COM
19 Nov KEVOracle warns of Agile PLM file disclosure flaw exploited in attacksOracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. [...]BLEEPINGCOMPUTER.COM
19 Nov KEVPalo Alto Networks zero-day firewall flaws caused by basic dev mistakesPalo Alto Networks has issued fixes for two actively exploited vulnerabilities that impact its firewalls and virtual security appliances. When combined, the flaws allow attackers to execute malicious code with the highest possible privileges on the underlying PAN-OS operating sys…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 36[−]
19 NovEntrust, Jumio, Sumsub Lead Identity Verification Gartner MQGartner Publishes First Identity Verification MQ as Workforce-Related Uses Multiply Gartner has recognized Entrust, Incode, Jumio, Socure and Sumsub as identity verification leaders amid a rise in regulatory demands and fraud prevention requirements. Identity verification was his…DATABREACHTODAY.CO.UK
19 NovWordPress Plugin Vulnerability Threatens 4 Million SitesCritical Authentication Flaw Impacts Both Free and Pro Users A widely deployed five-in-one security plugin for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage of…DATABREACHTODAY.CO.UK
19 NovDas gehört in Ihr Security-ToolsetLesen Sie, welche Werkzeuge essenziell sind, um Unternehmen gegen Cybergefahren abzusichern. Gorodenkoff | shutterstock.com Sicherheitsentscheider sind mit einer sich kontinuierlich verändernden Bedrohungslandschaft, einem zunehmend strengeren, regulatorischen Umfeld und immer ko…CSOONLINE.COM
19 NovChinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage CampaignU.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information. The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harves…THEHACKERNEWS.COM
19 NovWordPress Plug-In Vulnerability Threatens 4 Million SitesCritical Authentication Flaw Impacts Both Free and Pro Users A widely deployed five-in-one security plug-in for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage o…DATABREACHTODAY.CO.UK
19 NovPalo Alto Patches Firewall Zero-Day Exploited in Operation Lunar PeekPalo Alto Networks has released patches and CVEs for the firewall zero-days exploited in what the company calls Operation Lunar Peek. The post Palo Alto Patches Firewall Zero-Day Exploited in Operation Lunar Peek appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovWhy Italy Sells So Much SpywareInteresting analysis : Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Itali…SCHNEIER.COM
19 NovApache Kafka Vulnerability Let Attackers Escalate Privilegessubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/apache-kafka-vulnerability/SH.ITJUST.WORKS
19 Nov KEVRecently disclosed VMware vCenter Server bugs are actively exploited in attackssubmitted by kid to cybersecurity 2 points | 0 comments https://securityaffairs.com/171147/security/vmware-vcenter-server-bugs-actively-exploited.htmlSH.ITJUST.WORKS
19 NovA Study of Malware Prevention in Linux Distributionssubmitted by Joker to cybersecurity 2 points | 0 comments https://arxiv.org/abs/2411.11017 [PDF] Research . Malicious attacks on open source software packages are a growing concern. This concern morphed into a panic-inducing crisis after the revelation of the XZ Utils backdoor, w…SH.ITJUST.WORKS
19 NovSecuring AI and Cloud with the Zero Day QuestOur security teams work around the clock to help protect every person and organization on the planet from security threats. We also know that security is a team sport, and that’s why we also partner with the global security community through our bug bounty programs to proactively…MSRC.MICROSOFT.COM
19 NovMicrosoft shares more details on Windows 11 admin protectionMicrosoft has shared more details about the new Windows 11 administrator protection security feature, which is available in preview and uses Windows Hello authentication prompts to block access to critical system resources. [...]BLEEPINGCOMPUTER.COM
19 NovMicrosoft launches Zero Day Quest hacking event with $4 million in rewardsMicrosoft announced today at its Ignite annual conference in Chicago, Illinois, that it's expanding its bug bounty programs with Zero Day Quest, a new hacking event focusing on cloud and AI products and platforms. [...]BLEEPINGCOMPUTER.COM
19 NovNgioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT DevicesThe malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. "At least 80% of NSOCKS bots in our telemetry originate from the Ngio…THEHACKERNEWS.COM
19 NovHackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports BroadcastsMalicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools. The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a ser…THEHACKERNEWS.COM
19 NovIdentity Security: Navigating the New Normal with Dr. Sean Murphy - Sean Murphy - CSP #201In this episode of CSP, we sit down with Dr. Sean Murphy, the CISO of BECU, one of Seattle’s largest credit unions, to discuss the shifts in identity security brought on by the COVID-19 pandemic. Dr. Murphy highlights how Zero Trust architecture became crucial for verifying inter…YOUTUBE.COM
19 NovAt Ignite, Microsoft looks to genAI, exposure managment, and new bug bounties to secure enterprise ITMicrosoft announced a host of new security measures at its annual Ignite conference, with the goal of strengthening its existing data protection, endpoint security, and extended threat detection and response capabilities. Notable improvements include the introduction of a dedicat…CSOONLINE.COM
19 NovCISA Releases One Industrial Control Systems AdvisoryCISA released one Industrial Control Systems (ICS) advisory on November 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-324-01 Mitsubishi Electric MELSEC iQ-F Series CISA encourages users …CISA.GOV
19 NovFinally, Liability Coverage for CISOs as the Cybersecurity Workforce Peaks - BSW #373In the leadership and communications segment, Insurance Firm Introduces Liability Coverage for CISOs, How to Navigate a Leadership Transition, Has the Cybersecurity Workforce Peaked? and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https…YOUTUBE.COM
19 NovHelldown ransomware exploits Zyxel VPN flaw to breach networksThe new 'Helldown' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices. [...]BLEEPINGCOMPUTER.COM
19 NovEmpower Developers to Secure AI Applications Through CodeDevelopers can now secure their AI applications with a few lines of code. Read the AI Runtime Security API intercept announcement. The post Empower Developers to Secure AI Applications Through Code appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
19 NovEmployee Data Compromised in Hacker Attack on Space Technology Firm MaxarSatellite maker Maxar Space Systems has disclosed a data breach impacting the personal information of its employees. The post Employee Data Compromised in Hacker Attack on Space Technology Firm Maxar appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovGitHub launches $1.25M open source fund with a focus on securityThe open source funding problem is very real, but a slew of initiatives have emerged of late, with startups, corporations, and venture capitalists launching various programs to support some of the most critical projects via equity-free financing. Today it’s GitHub’s t…TECHCRUNCH.COM
19 NovD-Link urges users to retire VPN routers impacted by unfixed RCE flawD-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices. [...]BLEEPINGCOMPUTER.COM
19 NovThe 'Bible' for Cybersecurity Experts? 🤯 Here's Why!The MITRE ATT&CK framework is known as the "Bible" for cybersecurity experts, but why? This powerful resource codifies the tactics, techniques, and procedures (TTPs) of hackers, giving defenders insight into their "hacking handwriting." If you want to understand how cybersecu…YOUTUBE.COM
19 NovA New Era In Human Risk Management:Introducing KnowBe4 HRM+Cybersecurity threats grow more sophisticated by the day. Amid this constant change, one truth remains: people are simultaneously our greatest security vulnerability and our strongest line of defense. It’s time to empower organizations with a new approach that minimizes human ris…KNOWBE4.COM
19 NovHelldown Ransomware Group Tied to Zyxel's Firewall ExploitsFirewall Vendor Warns Attackers Using Valid Credentials They Previously Stole Attackers wielding an emerging strain of ransomware called Helldown have been gaining a foothold in victims' networks by exploiting a previously unknown flaw in their Zyxel firewalls, security researche…DATABREACHTODAY.CO.UK
19 Nov KEVApple Confirms Zero-Day Attacks Hitting Intel-based MacsApple rushes out out major macOS and iOS security updates to cover a pair of vulnerabilities already being exploited in the wild. The post Apple Confirms Zero-Day Attacks Hitting Intel-based Macs appeared first on SecurityWeek .SECURITYWEEK.COM
19 Nov KEVCISA tags Progress Kemp LoadMaster flaw as exploited in attacksThe U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. [...]BLEEPINGCOMPUTER.COM
19 NovApple fixes two zero-days used in attacks on Intel-based MacsApple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. [...]BLEEPINGCOMPUTER.COM
19 NovSurface Transportation: TSA Is Taking Steps to Enhance Cybersecurity, but Additional Actions Are Neededsubmitted by Joker to cybersecurity 1 points | 0 comments https://www.gao.gov/products/gao-25-107947 Cyberattacks can disrupt the transportation systems that many people and businesses rely on, like mass transit and freight rail. The TSA is responsible for protecting the nation’s…SH.ITJUST.WORKS
19 NovApple says Mac users targeted in zero-day cyberattacksApple said the security update for Macs, iPhones, and iPads is "recommended for all users." © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
19 NovApple Fixes Two Exploited Vulnerabilities, (Tue, Nov 19th)Today, Apple released updates patching two vulnerabilities that have already been exploited. Interestingly, according to Apple, the vulnerabilities have only been exploited against Intel-based systems, but they appear to affect ARM (M"x") systems as well.
ISC.SANS.EDU
📢 SECURITY ADVISORIES 45[−]
19 NovCyberstarts Program Sparks Debate Over Ethical BoundariesScrutiny Over Ethics of Profit-Sharing Prompts End to Cyberstarts CISO Compensation Allegations of conflicts of interest in Cyberstarts’ Sunrise program have sparked debate in the CISO community. While the program connected CISOs with startups for advisory purposes, its profit-sh…DATABREACHTODAY.CO.UK
19 NovVerteidigungsminister Pistorius vermutet SabotageBundesverteidigungsminister Boris Pistorius (SPD): “Niemand glaubt, dass diese Kabel aus Versehen durchtrennt worden sind.” Alexandros Michailidis – Shutterstock.com Bundesverteidigungsminister Boris Pistorius geht davon aus, dass Kabel zur Datenübertragung in der Ostsee absichtl…CSOONLINE.COM
19 NovT-Mobile US von China gehacktErst hat die chinesische Hackergruppe Salt Typhoon Trumps Handy gehackt und jetzt T-Mobile USA. Chebakalex7/shutterstock.com Die Zahl der Cyberangriffe , insbesondere von staatlicher Seite , nimmt immer weiter zu. Jetzt hat es den zweitgrößten Mobilfunkanbieter der USA erwischt: …CSOONLINE.COM
19 NovNew Windows 11 recovery tool to let admins remotely fix unbootable devicesMicrosoft is working on a new Windows "Quick Machine Recovery" feature that will allow IT administrators to use Windows Update "targeted fixes" to remotely fix systems rendered unbootable. [...]BLEEPINGCOMPUTER.COM
19 NovRussian Phobos Ransomware Operator Extradited to USEvgenii Ptitsyn was extradited from South Korea to the US to face charges for his alleged involvement in administering the Phobos ransomware. The post Russian Phobos Ransomware Operator Extradited to US appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovCISA Director Jen Easterly to Step DownA CISA told SecurityWeek that all appointees of the Biden-Harris administration will leave by noon on inauguration day. The post CISA Director Jen Easterly to Step Down appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovChina Privacy Law: Data Management Audits Are Coming in 2025Attorney James Gong Examines Upcoming Regulations Related to Non-Personal Data In 2025, companies in China will face additional obligations when data protection audits become mandatory, setting a new benchmark for compliance with privacy laws. China is also expected to introduce …DATABREACHTODAY.CO.UK
19 NovBiometric Frontiers: Unlocking The Future Of Engagement - Andras Cser, Enza Iannopollo - ASW #308This week's interview dives deep into the state of biometrics with two Forrester Research analysts! This discussion compares and contrasts regional approaches to biometrics; examine the security challenges and benefits of their implementation; and reveal how biometrics holds the …YOUTUBE.COM
🔥 INCIDENT REPORTING 24[−]
19 NovFinsure - 296,124 breached accountsIn October 2024, almost 300k unique email addresses from Australian mortgage broking group Finsure were obtained from the ActivePipe real estate marketing platform. The impacted data also included names, phone numbers and physical addresses. The incident did not directly affect a…HAVEIBEENPWNED.COM
19 NovMaxar Space Data Leak, Threat Actors Gain Unauthorized Access to the SystemMaxar Space Systems, a leader in space technology and Earth intelligence solutions, has recently confirmed a significant data breach that exposed the personal information of both current and former employees. The breach, which took place in mid-October 2024, has raised serious cy…GBHACKERS.COM
19 NovNew 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux SystemsCybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a repor…THEHACKERNEWS.COM
19 NovPhobos Ransomware Admin as Part of International Hacking OperationThe U.S. Department of Justice unsealed criminal charges today against Evgenii Ptitsyn, a 42-year-old Russian national accused of being a key figure in the notorious Phobos ransomware syndicate. Ptitsyn was extradited from South Korea and made his initial appearance in the U.S. D…GBHACKERS.COM
19 NovHelldown Ransomware: an overview of this emerging threatsubmitted by Joker to cybersecurity 1 points | 0 comments https://blog.sekoia.io/helldown-ransomware-an-overview-of-this-emerging-threat/SH.ITJUST.WORKS
19 NovFord Investigating Potential Breach After Hackers Claim Data TheftFord has launched an investigation after hackers claimed to have stolen 44,000 customer data records. The post Ford Investigating Potential Breach After Hackers Claim Data Theft appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovRansomware Attack on Oklahoma Medical Center Impacts 133,000submitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/ransomware-attack-on-oklahoma-medical-center-impacts-133000/SH.ITJUST.WORKS
19 NovAkira Ransomware Racks Up 30+ Victims in a Single Daysubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/akira-ransomware-30-victims-single-daySH.ITJUST.WORKS
19 NovAkira Ransomware Drops 30 Victims on Leak Site in One DayCyberint has observed the Akira ransomware group leaking in a single day the information allegedly stolen from 32 victims. The post Akira Ransomware Drops 30 Victims on Leak Site in One Day appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovNew 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systemssubmitted by kid to cybersecurity 3 points | 0 comments https://thehackernews.com/2024/11/new-helldown-ransomware-expands-attacks.htmlSH.ITJUST.WORKS
19 NovFord 'actively investigating' breach claimssubmitted by kid to cybersecurity 3 points | 0 comments https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/SH.ITJUST.WORKS
19 NovHackers Redirect $250,000 Payment in iLearningEngines CyberattackAI-powered learning automation firm iLearningEngines has been targeted in a cyberattack that resulted in the theft of $250,000. The post Hackers Redirect $250,000 Payment in iLearningEngines Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovFord untersucht Hinweise auf HackerangriffIn einem Hackerforum sind Daten aufgetaucht, die angeblich von Ford stammen. Matthew G Eddy – Shutterstock.com Ein Cyberkrimineller namens EnergyWeaponUser prahlt damit, kürzlich gemeinsam mit IntelBroker in die Systeme der Ford Motor Company eingedrungen zu sein. Die Angreifer b…CSOONLINE.COM
19 NovLibrary of Congress' Email System Compromised for Nine Months by Unknown Hackerssubmitted by Joker to cybersecurity 1 points | 0 comments https://www.bitdefender.com/en-gb/blog/hotforsecurity/library-of-congress-email-system-compromised-for-nine-months-by-unknown-hackersSH.ITJUST.WORKS
19 NovThreat Actor Turns Thousands of IoT Devices Into Residential ProxiesA threat actor tracked as Water Barghest has compromised over 20,000 IoT devices and monetizes them as residential proxies. The post Threat Actor Turns Thousands of IoT Devices Into Residential Proxies appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovCommunication platforms play a major role in data breach risksEvery online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools. When it comes to cybersecurity, co…SECURITYINTELLIGENCE.COM
19 NovUS extradites Russian accused of extorting millions in Phobos ransomware paymentsPhobos ransomware has been used to extort at least $16 million from over a thousand victims globally, according to the DOJ © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
19 NovSimilarities Between SOX And SEC's Cyber Rule - Padraic O'Reilly - BSW #373The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored inv…YOUTUBE.COM
19 NovGaetz Sexual Misconduct Testimony Hacked After Trump AG PickHacker Reportedly Gained Access to File Containing Testimony Against Matt Gaetz Matt Gaetz, President-elect Donald Trump’s pick to lead the Justice Department, faces growing controversy over allegations of sexual misconduct after a hacker reportedly gained access to a shared file…DATABREACHTODAY.CO.UK
19 NovFord investgates alleged breach following customer data leakFord is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum. [...]BLEEPINGCOMPUTER.COM
19 NovOklahoma Hospital Says Ransomware Hack Hits 133,000 PeopleIncident Is Among Growing List of Attacks on Small, Rural Hospitals An Oklahoma hospital quickly restored its IT systems after a ransomware attack in September, but the 62-bed hospital could not recover some data and later learned that hackers may have accessed the personal infor…DATABREACHTODAY.CO.UK
19 NovFord investigates alleged breach following customer data leakFord is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum. [...]BLEEPINGCOMPUTER.COM
19 NovFord rejects breach allegations, says customer data not impactedFord is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 25[−]
19 NovReport: Over 100M Americans Rely on Vulnerable Water SystemsInspector General Report Reveals 97 Water Systems with Critical Cybersecurity Risks The Environmental Protection Agency inspector general said over 100 million Americans depend on drinking water systems exposed to cybersecurity flaws that could allow hackers to "disrupt service o…DATABREACHTODAY.CO.UK
19 NovSuspected Russian Hackers Infect 20,000 IoT DevicesWater Barghest Group Lists Infected Devices Within 10 Minutes of Initial Compromise A threat actor with suspected ties to Russian nation-state hackers has listed thousands of IoT devices as proxy networks within minutes of their initial compromise. A campaign that began in 2020 h…DATABREACHTODAY.CO.UK
19 NovISC Stormcast For Tuesday, November 19th, 2024 https://isc.sans.edu/podcastdetail/9224, (Tue, Nov 19th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
19 NovDetecting the Presence of a Debugger in Linux, (Tue, Nov 19th)Hello from Singapore where&#;x26;#;xc2;&#;x26;#;xa0;I&#;x26;#;39;m&#;x26;#;xc2;&#;x26;#;xa0;with Johannes and Yee!&#;x26;…ISC.SANS.EDU
19 NovSpot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 UmbrellaLODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. We have identified a new campaign connected to this group with significant updates to their strategy, tactics, and arsenals.TRENDMICRO.COM
19 NovKaspersky online shopping threat report 2024submitted by Joker to cybersecurity 1 points | 0 comments https://securelist.com/black-friday-report-2024/114589/SH.ITJUST.WORKS
19 NovSpotify abused to promote pirated software and game cheatsSpotify playlists and podcasts are being abused to push pirated software, game cheat codes, spam links, and "warez" sites. By injecting targeted keywords and links in playlist names and podcast descriptions, threat actors may benefit from boosting SEO for their dubious online pro…BLEEPINGCOMPUTER.COM
19 NovFrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communicationssubmitted by Joker to cybersecurity 2 points | 0 comments https://unit42.paloaltonetworks.com/frostygoop-malware-analysis/SH.ITJUST.WORKS
19 NovCybersecurity Aphorisms: A Humorous and Insightful Look at Industry’s TruthsThe aphorism is a valuable cultural phenomenon for spreading the wisdom of experience — and cybersecurity, with its complexities, nuances, contradictions, and perpetual stress, is a fertile field. The post Cybersecurity Aphorisms: A Humorous and Insightful Look at Industry’…SECURITYWEEK.COM
19 NovSpace tech giant Maxar confirms hacker accessed employees' personal datasubmitted by kid to cybersecurity 1 points | 0 comments https://techcrunch.com/2024/11/18/satellite-giant-maxar-confirms-hacker-accessed-employees-personal-data/SH.ITJUST.WORKS
19 NovPurina’s Champions Program Is the Best I Have SeenIn my most recent book, Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing , I highlight the use of “champions," which are co-workers in your organization who can help spread security awareness training to better lower human risk.KNOWBE4.COM
19 NovThe World Premiere of The Inside Man - Season 6 in St. Petersburg, FloridaKnowBe4, the leading platform for security awareness training , is excited to bring the award-winning original series, "The Inside Man,” back to your screens with more excitement, drama, and cybersecurity lessons than ever before.KNOWBE4.COM
19 NovCyberheistNews Vol 14 #47 Step-by-Step To Creating Your First Realistic Deepfake Video in a Few MinutesKNOWBE4.COM
19 NovThe Urgent And Critical Need To Prioritize Mobile SecurityOrganizations that get serious about mobile risks will reduce business risk and boost trust and confidence in their employees, customers, business partners and investors. The post The Urgent And Critical Need To Prioritize Mobile Security appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovVulnerable Jupyter Servers Targeted for Sports PiracyMisconfigured instances of JupyterLab and Jupyter Notebook have been targeted by threat actors for sports stream ripping. The post Vulnerable Jupyter Servers Targeted for Sports Piracy appeared first on SecurityWeek .SECURITYWEEK.COM
19 NovGen Q3/2024 Threat Reportsubmitted by Joker to cybersecurity 1 points | 0 comments https://www.gendigital.com/blog/insights/reports/threat-report-q3-2024SH.ITJUST.WORKS
19 NovFree AI editor lures in victims, installs information stealer instead on Windows and Macsubmitted by Joker to cybersecurity 1 points | 0 comments https://www.malwarebytes.com/blog/news/2024/11/free-ai-editor-lures-in-victims-installs-information-stealer-instead-on-windows-and-macSH.ITJUST.WORKS
19 NovEmpowering Gemini for Malware Analysis with Code Interpreter and Google Threat Intelligencesubmitted by Joker to cybersecurity 3 points | 0 comments https://cloud.google.com/blog/topics/threat-intelligence/gemini-malware-analysis-code-interpreter-threat-intelligence/SH.ITJUST.WORKS
19 NovAI fixes everything, C++ the actual worst, IAM is hard - ASW #308This week, in the Application Security News, we dismiss magical thinking and discuss what generative AI will _actually_ be able to do for us. We also discuss whether Secure by Design's goals are practical or not. OSC&R releases a report on software supply chain that should be…YOUTUBE.COM
19 NovGoogle DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and... - SWN #432Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-432YOUTUBE.COM
19 NovUK CMA Clears Alphabet, Anthropic PartnershipGoogle Does Not Have Material Influence Over Antrhtopic, Agency Says The U.K. antitrust regulator called off an investigation into a $2 billion partnership between computing giant Alphabet and artificial intelligence startup Anthropic. The .K. Competition and Markets Authority pr…DATABREACHTODAY.CO.UK
19 NovCyberEdBoard Profiles in Leadership: David AndersonWoodruff Sawyer's David Anderson on Cyber Insurance, Client Relationships and Trust David Anderson's career began in banking and followed a path to the rapidly changing world of cyber insurance. Anderson, vice president of cyber liability at Woodruff Sawyer, shares how he built a…DATABREACHTODAY.CO.UK
19 NovUS Agencies Urged to Combat Growing Chinese CyberthreatExperts Call on Feds to Step Up Defense Against Escalating Chinese Threats A panel of cybersecurity experts and top industry officials pushed lawmakers and the federal government to step up their defenses against escalating cyberthreats from China, citing recent high-profile exam…DATABREACHTODAY.CO.UK
19 NovIndia Fines WhatsApp $25M, Bans Data Sharing for 5 YearsCompetition Regulator Says WhatsApp Users Could Not Opt Out of Data Sharing India's Competition Commission has fined social media conglomerate Meta over $25 million for forcing WhatsApp users to agree to a sweeping data sharing policy with other Meta platforms. The agency ordered…DATABREACHTODAY.CO.UK
19 NovAI innovations for a more secure future unveiled at Microsoft IgniteCompany delivers advances in AI and posture management, unprecedented bug bounty program, and updates on its Secure Future Initiative. The post AI innovations for a more secure future unveiled at Microsoft Ignite appeared first on Microsoft Security Blog .MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
19 NovMalware delivered via malicious QR codes sent in the postCybercriminals have adopted a novel trick for infecting devices with malware: sending out physical letters that contain malicious QR codes. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
19 NovPrivileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top PriorityPrivileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access—rather than securing the accounts and users entrusted with it. This emphasis is perhaps due to the persistent challenges of Privilege…THEHACKERNEWS.COM
19 NovBotnet fueling residential proxies disrupted in cybercrime crackdownThe Ngioweb botnet, which supplies most of the 35,000 bots in the cybercriminal NSOCKS proxy service, is being disrupted as security companies block traffic to and from the two networks. [...]BLEEPINGCOMPUTER.COM
🎙️ PODCASTS 1[−]
19 NovThe AI Fix #25: Beware of the superintelligence, and a spam-eating AI super granIn episode 25 of The AI Fix, humanity creates a satellite called Skynet and then loses it, Graham folds proteins in the comfort of his living room, a Florida man gets a robot dog, Grok rats on its own boss, and a podcast host discovers Brazil nuts. Graham meets an elderly grandmo…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 13[−]
19 NovWebinar | Navigating the Evolving SIEM Landscape: Key Insights and Strategic IntegrationsDATABREACHTODAY.CO.UK
19 NovCybersecurity Education Needs a Team: Better Partner Up!Here's How Schools, Certification Bodies, Boot Camps and Leaders Can Lend a Hand Across the security landscape, partnerships are becoming a cornerstone in developing agile, prepared professionals who can not only react to threats but anticipate and neutralize them. Here's how uni…DATABREACHTODAY.CO.UK
19 NovKaspersky Password Manager Update | Kaspersky official blogAn overview of the design update in Kaspersky Password Manager for mobile devices.KASPERSKY.COM
19 NovMicrosoft to launch new custom chips for data processing, securityMicrosoft on Tuesday revealed new custom chips aimed at powering workloads on its Azure cloud and bolstering security, particularly a new hardware accelerator that can manage data processing, networking and storage-related tasks. The Azure Boost DPU is Microsoft’s first dat…TECHCRUNCH.COM
19 NovMicrosoft beefs up Windows security with new recovery and patching featuresIn the aftermath of the devastating CrowdStrike outage this July, Microsoft vowed to do better even though it insisted that the event was an aberration. Evidently unwilling to take chances (or risk further hits to its credibility), the company on Tuesday, during Microsoft Ignite …TECHCRUNCH.COM
19 NovYC-backed Formal brings a clever security reverse-proxy out of stealthFormal is a security startup coming out of stealth on Tuesday with a nice list of investors and an interesting product positioning. The company has designed a reverse-proxy for data stores and APIs so that security teams can more easily secure access to sensitive data. In more pr…TECHCRUNCH.COM
19 NovMicrosoft now testing hotpatch on Windows 11 24H2 and Windows 365Microsoft announced today that hotpatching is now also available in preview on Windows 365 and Windows 11 Enterprise 24H2 client devices. [...]BLEEPINGCOMPUTER.COM
19 NovPSA: You shouldn’t upload your medical images to AI chatbotsSecurity and privacy advocates have long warned that sensitive medical data can be used to train AI models, and can expose personal data down the line. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM