🚨 CISA KEV 1[−]
20 Nov KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability CVE-2024-38813 VMware vCenter Server Privilege Escalation Vu…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
20 NovSBOM erklärt: Was ist eine Software Bill of Materials?Softwareentwicklung und Autoproduktion haben mehr gemein, als man denkt. Lesen Sie, was Sie zum Thema Software Bill of Materials (SBOM) wissen sollten. Foto: Ju1978 – shutterstock.com Eine Software Bill of Materials ist ein detaillierter Leitfaden, der unter anderem Aufschluss üb…CSOONLINE.COM
20 Nov KEVApple Releases Urgent Updates to Patch Actively Exploited Zero-Day VulnerabilitiesApple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild. The flaws are listed below - CVE-2024-44308 - A vulnerability in JavaScriptCore that could lead to …THEHACKERNEWS.COM
20 Nov KEVOracle Warns of Agile PLM Vulnerability Currently Under Active ExploitationOracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive informati…THEHACKERNEWS.COM
20 NovCISA Warns Kemp LoadMaster OS Command Injection Vulnerability Exploited in AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent security advisory warning organizations about an active exploitation of a critical vulnerability in Progress Kemp LoadMaster, a popular load balancing and application delivery solution. Designated as CVE…GBHACKERS.COM
20 NovTrend Micro Deep Security Vulnerable to Command Injection AttacksTrend Micro has released a critical update addressing a remote code execution (RCE) vulnerability (CVE-2024-51503) in its Trend Micro Deep Security 20 Agent. This vulnerability, identified as a manual scan command injection flaw, allows attackers to execute arbitrary code on affe…GBHACKERS.COM
20 NovCISA Warns of Progress Kemp LoadMaster Vulnerability ExploitationCISA is warning organizations that CVE-2024-1212, a Progress Kemp LoadMaster OS command injection vulnerability, is being exploited in attacks. The post CISA Warns of Progress Kemp LoadMaster Vulnerability Exploitation appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovCVE-2024-10924, authentication bypass vulnerability in WordPressVulnerability CVE-2024-10924 in the Really Simple Security plugin allows an attacker to log onto a WordPress site with administrator rights.KASPERSKY.COM
20 NovLeveling Up Fuzzing: Finding more vulnerabilities with AIPosted by Oliver Chang, Dongge Liu and Jonathan Metzman, Google Open Source Security Team Recently, OSS-Fuzz reported 26 new vulnerabilities to open source project maintainers, including one vulnerability in the critical OpenSSL library ( CVE-2024-9143 ) that underpins much of in…SECURITY.GOOGLEBLOG.COM
⚠️ VULNERABILITY DISCLOSURE 31[−]
20 NovApple Fixes Two Exploited Vulnerabilitiessubmitted by Joker to cybersecurity 1 points | 0 comments https://isc.sans.edu/diary/31452SH.ITJUST.WORKS
20 NovCybercrime-as-a-service: the industry behind online attackssubmitted by Joker to cybersecurity 1 points | 0 comments https://360info.org/cybercrime-as-a-service-the-industry-behind-online-attacks/ Many low-level cybercrime workers are trapped in coercion and exploitation, pressured into roles by organised networks.SH.ITJUST.WORKS
20 Nov11 biggest financial sector cybersecurity threatsThe financial sector faces a wide array of serious security threats that will only increase as cybercriminals make greater use of AI. Financial sector firms are uniquely exposed to cyber risk due to the large amounts of sensitive data and transactions they process. Common cyber r…CSOONLINE.COM
20 NovDecades-Old Security Vulnerabilities Found in Ubuntu's Needrestart PackageMultiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit (T…THEHACKERNEWS.COM
20 NovLeaks Show Which Phones Secretive Tech ‘Graykey’ Can Unlocksubmitted by Deebster to securitynews 4 points | 0 comments https://www.404media.co/leaked-documents-show-what-phones-secretive-tech-graykey-can-unlock-2/ Archive Today mirror: archive.ph/JTLIU AI summary The webpage discusses leaked documents revealing the capabilities of Grayke…INFOSEC.PUB
20 Nov KEVOracle Patches Exploited Agile PLM Zero-DayOracle has patched a high-severity information disclosure zero-day in Agile PLM that has been exploited in the wild. The post Oracle Patches Exploited Agile PLM Zero-Day appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovUK open to social media ban for kids as gov’t kicks off feasibility studyThe U.K. government is not ruling out further beefing up existing online safety rules by adding an Australian-style ban on social media for under 16s technology secretary, Peter Kyle, has said. Back in the summer the government warned it may toughen laws for tech platforms in the…TECHCRUNCH.COM
20 NovGitHub Launches Fund to Improve Open Source Project SecurityGitHub has launched a $1.25 million fund to be invested in improving the security of 125 open source projects. The post GitHub Launches Fund to Improve Open Source Project Security appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovNHIs Are the Future of Cybersecurity: Meet NHIDRThe frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally acr…THEHACKERNEWS.COM
20 NovD-Link Warns of RCE Vulnerability in Legacy RoutersSix discontinued D-Link router models are affected by a remote code execution (RCE) vulnerability that will not be patched. The post D-Link Warns of RCE Vulnerability in Legacy Routers appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovWeaponized pen testers are becoming a new hacker stapleMalicious adaptations of popular red teaming tools like Cobalt Strike and Metasploit are causing substantial disruption, emerging as a dominant strategy in malware campaigns. According to research by threat-hunting firm Elastic, known for its search-powered solutions, these two c…CSOONLINE.COM
20 NovGhost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile PaymentsThreat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile paym…THEHACKERNEWS.COM
20 NovVolt Typhoon Attacking U.S. Critical Infra To Maintain Persistent AccessVolt Typhoon, a Chinese state-sponsored threat actor, targets critical infrastructure sectors like communications, energy, transportation, and water systems by pre-positions itself in target networks, often exploiting vulnerabilities in operational technology (OT) environments.…GBHACKERS.COM
20 NovWater Barghest Botnet Comprised 20,000+ IoT Devices By Exploiting VulnerabilitiesWater Barghest, a sophisticated botnet, exploits vulnerabilities in IoT devices to enlist them in a residential proxy marketplace by leveraging automated scripts to identify vulnerable devices from public databases like Shodan. When the device is compromised, the Ngioweb malware …GBHACKERS.COM
20 NovUSDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor AuthenticationToday, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation . This report details how USDA successfully implemented phishin…CISA.GOV
20 NovThreat Actors are Sending Malicious QR Codes Via Snail MailThe Swiss National Cyber Security Centre (NCSC) has warned of a QR code phishing (quishing) campaign that’s targeting people in Switzerland via physical letters sent through the mail, Malwarebytes reports.KNOWBE4.COM
20 NovHow ‘Charming Kitten’ Targets Companies with Sneaky MalwareEver wondered how cyberattacks get their names? 🐱 This time, it's 'Charming Kitten'—an Iranian group that's raising eyebrows with their clever malware tricks. They’re targeting the aerospace industry with fake job offers in what’s called the Iranian Dream Job Campaign. Once click…YOUTUBE.COM
20 Nov2024 CWE Top 25 Most Dangerous Software WeaknessesThe Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses . This annual list identif…CISA.GOV
20 NovApple Releases Security Updates for Multiple ProductsApple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply nec…CISA.GOV
20 NovAre Your Apps Spying on You? The Security Risks We Ignore!Our phones are loaded with apps that make life easier, but they come with hidden dangers. From app permissions to data privacy, learn how to identify and protect yourself from potential app security threats. Stay informed about digital safety and how to secure your personal data …YOUTUBE.COM
20 NovUbuntu Linux impacted by decade-old 'needrestart' flaw that gives rootFive local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04. [...]BLEEPINGCOMPUTER.COM
20 NovOut of 29 Billion Cybersecurity Events, Phishing was the Primary Method of Initial AttackThe newly released single largest analysis of cyber attacks across all of 2023 show a strong tie between the use of phishing and techniques designed to gain credentialed access.KNOWBE4.COM
20 NovLearn ANY Skill in Just 30 Days – Skill Building Tips!Ever thought about learning something new but didn’t know where to start? Bill Swearingen shares his secret to mastering ANY skill with a 30-day challenge! It’s simple: pick one thing, dedicate just an hour a day, and in a month, you’ll be amazed at what you can achieve. From lea…YOUTUBE.COM
20 Nov5 Defendants Charged Federally with Running Scheme that Targeted Victim Companies via Phishing Text Messagessubmitted by Joker to cybersecurity 1 points | 0 comments https://www.justice.gov/usao-cdca/pr/5-defendants-charged-federally-running-scheme-targeted-victim-companies-phishing-text Law enforcement today unsealed criminal charges against five defendants who allegedly targeted empl…SH.ITJUST.WORKS
20 NovAI Edtech Startup Founder Indicted in U.S. Fraud CaseCharges Against AllHere Founder Include Securities and Wire Fraud U.S. law enforcement arrested and indicted the founder of an artificial intelligence edtech startup AllHere over fraud charges. Federal prosecutors accused 33-year-old Joanna Smith-Griffin of defrauding investors, …DATABREACHTODAY.CO.UK
20 NovMITRE shares 2024's top 25 most dangerous software weaknessesMITRE has shared this year's top 25 list of the most common and dangerous software weaknesses behind more than 31,000 vulnerabilities disclosed between June 2023 and June 2024. [...]BLEEPINGCOMPUTER.COM
20 NovFeds Fine Mental Health Clinic $100K in 2020 HIPAA CaseLA County Clinic Delayed Access to Patient's Medical Records During Pandemic Federal regulators have fined a Los Angeles county mental health clinic $100,000 for failure to provide a patient with timely access to her requested health records during the COVID-19 pandemic. The case…DATABREACHTODAY.CO.UK
20 NovSimple But Not Secure: An Empirical Security Analysis of Two-factor Authentication Systemssubmitted by Joker to cybersecurity 2 points | 0 comments https://arxiv.org/abs/2411.11551 To protect users from data breaches and phishing attacks, service providers typically implement two-factor authentication (2FA) to add an extra layer of security against suspicious login at…SH.ITJUST.WORKS
20 NovRisky Business #771 -- Palo Alto's firewall 0days are very, very stupidOn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Microsoft introduces some sensible sounding post-Crowdstrike changes Palo Alto patches hella-stupid bugs in its firewall management webapp CISA head Jen Easterly to depart as Trump…RISKY.BIZ
📋 SECURITY BULLETINS 1[−]
20 NovMicrosoft Unveils New Cybersecurity Features at Ignite Conference: Cyber Security Today for November 20, 2024Cybersecurity Today: Microsoft Updates, Gen AI Risks, and Liminal Panda Threat In this episode of Cybersecurity Today, host Jim Love discusses major cybersecurity updates from Microsoft's Ignite conference, including enhancements to Windows security and device recovery. A survey …CYBERSECURITYTODAY.LIBSYN.COM
📢 SECURITY ADVISORIES 7[−]
20 NovGhost Tap: New cash-out tactic with NFC Relaysubmitted by Joker to cybersecurity 2 points | 0 comments https://www.threatfabric.com/blogs/ghost-tap-new-cash-out-tactic-with-nfc-relay Cash-out tactics of fraudsters are of particular interest for financial institutions for obvious reasons – the ability to detect anomaly in th…SH.ITJUST.WORKS
20 NovAdversaries Abuse Microsoft Teams and Quick Assistsubmitted by Joker to cybersecurity 1 points | 0 comments https://www.bitdefender.com/en-gb/blog/businessinsights/security-advisory-adversaries-abuse-microsoft-teams-and-quick-assist The Bitdefender MDR team observed activity associated with a social engineering campaign that tar…SH.ITJUST.WORKS
20 NovCISA and Partners Release Update to BianLian Ransomware Cybersecurity AdvisoryToday, CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released updates to #StopRansomware: BianLian Ransomware Group on observed tactics, techniques, and procedures (TTPs) and indicators of c…CISA.GOV
🔥 INCIDENT REPORTING 15[−]
20 NovFintech Giant Finastra Investigating Data BreachThe financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of a po…KREBSONSECURITY.COM
20 NovFintech Giant Finastra Investigating Data Breachsubmitted by Joker to cybersecurity 1 points | 0 comments https://krebsonsecurity.com/2024/11/fintech-giant-finastra-investigating-data-breach/SH.ITJUST.WORKS
20 NovChina-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom NetworksA new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection. Cybersecurity company CrowdStrike is tra…THEHACKERNEWS.COM
20 NovFord Says Leaked Data Comes From Supplier and Is Not SensitiveFord has completed its investigation into recent data breach claims and determined that its systems and customer data have not been compromised. The post Ford Says Leaked Data Comes From Supplier and Is Not Sensitive appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovThreat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomwaresubmitted by Joker to cybersecurity 2 points | 0 comments https://unit42.paloaltonetworks.com/threat-assessment-blacksuit-ransomware-ignoble-scorpius/ Executive Summary Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that sug…SH.ITJUST.WORKS
20 NovMicrosoft Launches Windows Resiliency Initiative to Boost Security and System IntegrityMicrosoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised. The idea, the tech giant said, is to avoid incidents like that of CrowdStrike's earlier this July, enable more app…THEHACKERNEWS.COM
20 NovFintech giant Finastra confirms it’s investigating a data breachAn incident disclosure shared with Finastra's banking and financial customers confirms a hacker stole files from a company system. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
20 NovChinas Cyber-Pandas greifen Telekom-Unternehmen anSetzt China im Rahmen seiner Belt and Road Initiative auf Cyberspionage? ndutfrea/shutterstock.com Dank des von ihm verschuldeten Sicherheitsfiasko s hat Crowd-Strike in letzter Zeit zwar mehr von sich selbst reden gemacht. Dennoch wurde der Security-Anbieter am 19. November 2024…CSOONLINE.COM
20 NovANY.RUN Sandbox Automates Interactive Analysis of Complex Cyber Attack ChainsANY.RUN, a well-known interactive malware analysis platform, has announced Smart Content Analysis, an enhancement to its Automated Interactivity feature. This new mechanism is designed to automatically analyze and detonate complex malware and phishing attacks, providing investiga…GBHACKERS.COM
20 NovFintech Finastra Confirms Data Theft; Investigation UnderwayCompany Probing Customers Affected After Attacker Claims 400 Gigabyte Data Theft Financial technology firm Finastra is warning customers that it suffered a breach of a secure file transfer system that it uses to relay information to some customers, leading to an unknown quantity …DATABREACHTODAY.CO.UK
20 NovRansomware Gangs Evolve: They're Now Recruiting Penetration TestersA new and concerning cybersecurity trend has emerged. According to the latest Q3 2024 Cato CTRL SASE Threat Report from Cato Networks, ransomware gangs are now actively recruiting penetration testers to enhance the effectiveness of their attacks.KNOWBE4.COM
20 NovFintech giant Finastra investigates data breach after SFTP hackFinastra has confirmed it warned customers of a cybersecurity incident after a threat actor began selling allegedly stolen data on a hacking forum. [...]BLEEPINGCOMPUTER.COM
20 NovFlipaClip - 892,854 breached accountsIn November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server . The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been rectified.HAVEIBEENPWNED.COM
20 NovCyberattack at French hospital exposes health data of 750,000 patientsA data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 27[−]
20 NovFighting cybercrime is no hack jobsubmitted by Joker to cybersecurity 1 points | 0 comments https://360info.org/fighting-cybercrime-is-no-hack-job/ Governments and businesses need to invest in cybersecurity to combat ever-evolving, sophisticated cybercrimes.SH.ITJUST.WORKS
20 NovISC Stormcast For Wednesday, November 20th, 2024 https://isc.sans.edu/podcastdetail/9226, (Wed, Nov 20th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
20 NovCyera Raises $300 Million at $3 Billion ValuationData security firm Cyera has raised $300 million in Series D funding, which brings the total investment in the company to $760 million. The post Cyera Raises $300 Million at $3 Billion Valuation appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovMicrosoft Ignite New 360-degree Details Attackers Tools & MethodsA significant leap forward in cybersecurity was announced with the introduction of new threat intelligence (TI) capabilities in Security Copilot, aimed at giving organizations a comprehensive ‘360-degree’ view of attacker tools and methodologies. These innovations pro…GBHACKERS.COM
20 NovData Protection Startup Cyera Raises $300M on $3B ValuationCyera's Valuation Doubles Amid Expansion From DSPM to DLP, Identity Protection Cyera secures $300M in funding from Accel and Sapphire Ventures, doubling its valuation to $3 billion. The company is enhancing its data security platform by integrating DSPM with DLP and identity secu…DATABREACHTODAY.CO.UK
20 NovMalicious QR codessubmitted by Joker to cybersecurity 1 points | 0 comments https://blog.talosintelligence.com/malicious_qr_codes/ QR codes are disproportionately effective at bypassing most anti-spam filters, as most filters are not designed to recognize that a QR code is present in an image and …SH.ITJUST.WORKS
20 NovWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 1 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
20 NovSurf Security Adds Deepfake Detection Tool to Enterprise BrowserSurf Security has released Deepwater, a deepfake detection tool integrated into the company’s enterprise browser. The post Surf Security Adds Deepfake Detection Tool to Enterprise Browser appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovErneute Phishing-Attacke auf IHK-UnternehmenHacker versuchen erneut an Daten von IHK-Unternehmen zu gelangen. janews – Shutterstock.com Cyberkriminelle lassen sich immer wieder neue Tricks einfallen, um an Unternehmensdaten zu gelangen. Aktuell kursieren wieder Phishing-Mails im Namen der Deutschen Industrie- und Handelska…CSOONLINE.COM
20 NovTwine Snags $12M for AI-Powered ‘Digital Employees’ TechTwine and its investors are betting on the idea of AI-powered “digital cyber employees” to handle mundane but critical security tasks. The post Twine Snags $12M for AI-Powered ‘Digital Employees’ Tech appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovNorth Korean IT Worker Using Weaponized Video Conference Apps To Attack Job SeakersNorth Korean IT workers, operating under the cluster CL-STA-0237, have been implicated in recent phishing attacks leveraging malware-infected video conference apps. The group, likely based in Laos, has demonstrated a sophisticated approach, infiltrating a U.S.-based SMB IT …GBHACKERS.COM
20 NovHackers Hijacked Misconfigured Servers For Live Streaming SportsRecent threat hunting activities focused on analyzing outbound network traffic and binaries within containerized environments. By cross-referencing honeypot data with threat intelligence platforms, researchers identified suspicious network events linked to the execution of the be…GBHACKERS.COM
20 NovProtecting your digital assets from non-human identity attacksUntethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machin…SECURITYINTELLIGENCE.COM
20 NovRekoobe Backdoor In Open Directories Possibly Attacking TradingView UsersAPT31, using the Rekoobe backdoor, has been observed targeting TradingView, a popular financial platform, as researchers discovered malicious domains mimicking TradingView, suggesting a potential interest in compromising the platform’s user community. By analyzing sha…GBHACKERS.COM
20 NovAutomation in Action — How 3 Customers Revolutionized SecOps with XSOARSee how three of Palo Alto Networks customers across various industries and regions are leveraging Cortex XSOAR. The post Automation in Action — How 3 Customers Revolutionized SecOps with XSOAR appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
20 NovDark Side of Deals: Emerging Scams for Black Friday, Cyber Monday and Giving TuesdayAs the holiday shopping season kicks into high gear, cybercriminals are gearing up too. This year, alongside the usual suspects, we're seeing some crafty new scams, so let’s take a look at some of the ones you should be most careful of during Black Friday, Cyber Monday and Giving…KNOWBE4.COM
20 NovSteve Bellovin’s Retirement TalkSteve Bellovin is retiring. Here’s his retirement talk, reflecting on his career and what the cybersecurity field needs next.SCHNEIER.COM
20 NovRisk Intelligence Startup RIIG Raises $3 MillionRisk intelligence and cybersecurity solutions provider RIIG has raised $3 million in a seed funding round led by Felton Group. The post Risk Intelligence Startup RIIG Raises $3 Million appeared first on SecurityWeek .SECURITYWEEK.COM
20 Nov“Sad announcement” email leads to tech support scamsubmitted by Joker to cybersecurity 2 points | 0 comments https://www.malwarebytes.com/blog/news/2024/11/sad-announcement-email-leads-to-tech-support-scamSH.ITJUST.WORKS
20 NovSophos MDR blocks and tracks activity from probable Iranian state actor “MuddyWater”Sophos MDR has observed a new campaign that uses targeted phishing to entice the target to download a legitimate remote machine management tool to dump credentials. We believe with moderate confidence that this activity, which we track as STAC 1171, is related to an Iranian threa…SOPHOS.COM
20 NovCSO30 ASEAN 2024: The top 30 cybersecurity leaders in Southeast Asia and Hong KongThe fourth CSO30 ASEAN Awards programme recognises the top 30 cybersecurity leaders driving business value, demonstrating leadership, and influencing rapid change across Southeast Asia and Hong Kong. In addition to individual recognition, the programme includes: Business Value an…CSOONLINE.COM
20 NovBeware of Fake Tech Support ScamsAbout five years ago, I was having trouble with an expensive brand-name refrigerator that my wife and I had bought. It was a great refrigerator feature-wise. My wife and I initially loved it. But it kept breaking. And each break, even though it was covered by the warranty, took w…KNOWBE4.COM
20 NovCriminals 'Ghost Tap' NFC for Payment Cash-Out AttacksTactic Uses Stolen Cards Added to Apple Pay and Google Pay Digital Wallets Criminals have been caught tapping a new type of relay attack to cash-out stolen payment cards added to legitimate digital wallets. These criminals use money mules who carry an Android device able to captu…DATABREACHTODAY.CO.UK
20 NovNightwing CEO on Post-Raytheon Independence, Cyber ExpertiseNightwing's John DeSimone Talks Growth, Threats, National Security and AI Strategy Nightwing CEO John DeSimone reveals how the company’s independence from Raytheon allows it to better serve customers, invest in intelligence, advanced AI and data solutions, address sophisticated c…DATABREACHTODAY.CO.UK
20 NovCoast Guard Warns of Continued Risks in Chinese Port CranesMilitary Says Ship-to-Shore Cranes Made in China Include Dangerous Security Flaws The United States Coast Guard is continuing to warn of significant security risks embedded in ship-to-shore cranes developed by companies with ties to Beijing while issuing new sensitive requirement…DATABREACHTODAY.CO.UK
20 NovFeds Seize PopeyeTools Marketplace, Charge Alleged OperatorsJustice Department Dismantles Cybercrime Hub, Announces Charges and Seizes Crypto The Justice Department has seized PopeyeTools, a notorious cybercrime marketplace, while announcing criminal charges for three alleged operators behind the website, which generated over $1.7 million…DATABREACHTODAY.CO.UK
20 NovSquareX Brings Industry’s First Browser Detection Response Solution to AISA Melbourne CyberCon 2024SquareX, the leading browser security company, will make its Australian debut at Melbourne CyberCon 2024, hosted by AISA (Australian Information Security Association), from 26th to 28th November 2024. SquareX will showcase its groundbreaking Browser Detection and Response (BDR) s…GBHACKERS.COM
🎙️ PODCASTS 2[−]
20 NovAmazon and Audible flooded with 'forex trading' and warez listingsAmazon, Amazon Music, and Audible, an Amazon-owned online audiobook and podcast service, have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software. [...]BLEEPINGCOMPUTER.COM
20 NovWhy Your First Customers Are Critical for Success!Ever wondered why the first dozen customers are your most important? It's because they don't just buy your product—they help you build it! In this video, Raj Mallempati shares why these early design partners are key to giving you the critical feedback you need to take your busine…YOUTUBE.COM
📡 INFOSEC NEWS 12[−]
20 Nov KEVPortugal’s Tekever raises $74M for dual-use drone platform deployed to UkraineDual-use drone startup Tekever has raised €70 million ($74 million) to develop its product and expand into new markets, specifically the U.S.. The news is part of a trend of smaller tech-driven startups moving into markets normally dominated by large ‘defense primes’. It also sho…TECHCRUNCH.COM
20 NovBuilding a Secure and Scalable Hybrid Cloud with Red Hat Enterprise Linux and AzureDATABREACHTODAY.CO.UK
20 NovNew Ghost Tap attack abuses NFC mobile payments to steal moneyCybercriminals have devised a novel method to cash out from stolen credit card details linked to mobile payment systems such as Apple Pay and Google Pay, dubbed 'Ghost Tap,' which relays NFC card data to money mules worldwide. [...]BLEEPINGCOMPUTER.COM
20 NovMicrosoft confirms game audio issues on Windows 11 24H2 PCsMicrosoft says a Windows 24H2 bug causes game audio to unexpectedly increase to full volume when using USB DAC sound systems. [...]BLEEPINGCOMPUTER.COM
20 NovUS charges five linked to Scattered Spider cybercrime gangThe U.S. Justice Department has charged five suspects believed to be part of the financially motivated Scattered Spider cybercrime gang with conspiracy to commit wire fraud. [...]BLEEPINGCOMPUTER.COM
20 NovUS charges five accused of multi-year hacking spree targeting tech and crypto giantsThe five alleged hackers are accused of stealing millions of dollars in crypto, and corporate data from several victims all over the world. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
20 NovLet's Give Thanks for How Far We’ve Come - and Forge Ahead!Cybersecurity Training and Education Must Evolve to Keep Pace With the Profession Over the past few decades, cybersecurity has evolved from a niche concern into a global priority, creating a vast and dynamic career field. While we celebrate the journey, let's also focus on how to…DATABREACHTODAY.CO.UK
20 NovKathryn Thornton: Correcting Hubble's vision | Starmus HighlightsThe veteran of four space missions discusses challenges faced by the Hubble Space Telescope and how human ingenuity and teamwork made Hubble’s success possibleWELIVESECURITY.COM