🐛 COMMON VULNERABILITIES AND EXPOSURES 15[−]
26 Nov KEVCISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active AttacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the w…THEHACKERNEWS.COM
26 NovMultiple Flaws With Android & Google Pixel Devices Let Attackers Elevate PrivilegesSeveral high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions of users to potential security risks. These flaws, categorized under various CVEs (Common Vulnerabilities and Exposures), range from privilege escalation to data thef…GBHACKERS.COM
26 NovIBM Workload Scheduler Vulnerability Stores User Credentials in Plain TextIBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler software that allows user credentials to be stored in plain text. This issue, identified as CVE-2024-49351, could enable local users to access sensitive information such as passwo…GBHACKERS.COM
26 Nov9 VPN alternatives for securing remote network accessOnce the staple for securing employees working remotely, VPNs were designed to provide secure access to corporate data and systems for a small percentage of a workforce while the majority worked within traditional office confines. The move to mass remote working brought about by …CSOONLINE.COM
26 NovSpoofing via CVE-2024-49040 | Kaspersky official blogKaspersky experts have added spoofing detection technology to email protection solutions that can stop exploitation of the CVE-2024-49040 vulnerability.KASPERSKY.COM
26 NovCustomizable Elpaco ransomware abuses the Everything librarysubmitted by Joker to cybersecurity 1 points | 0 comments https://securelist.com/elpaco-ransomware-a-mimic-variant/114635/ Introduction > In a recent incident response case, we dealt with a variant of the Mimic ransomware with some interesting customization features. The attac…INFOSEC.PUB
26 NovQNAP fixes critical security holes in its networking solutionsNetwork and software solutions provider QNAP — whose customers include trusted IT service providers like Accenture, Cognizant, and Infosys — is urging customers to apply fixes for a few critical severity bugs affecting its Network Attached Storage (NAS) and router services. The f…CSOONLINE.COM
26 NovPalo Alto Networks Warns of GlobalProtect App Flaw with Public Exploit Code (CVE-2024-5921)submitted by kid to cybersecurity 1 points | 0 comments https://securityonline.info/palo-alto-networks-warns-of-globalprotect-app-flaw-with-public-exploit-code-cve-2024-5921/SH.ITJUST.WORKS
26 Nov200,000 WordPress Sites Exposed to Cyber Attack, Following Plugin VulnerabilityA critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk, which is installed on over 200,000 websites. The vulnerability, which includes two distinct flaws (CVE-2024-10542 and CVE-2024-10781), could allow attackers to install an…GBHACKERS.COM
26 NovChinese Hackers Exploiting Critical Vulnerability in Array Networks GatewaysCISA warns about attacks exploiting CVE-2023-28461, a critical vulnerability in Array Networks AG and vxAG secure access gateways. The post Chinese Hackers Exploiting Critical Vulnerability in Array Networks Gateways appeared first on SecurityWeek .SECURITYWEEK.COM
26 NovCritical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote AttacksTwo critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as …THEHACKERNEWS.COM
26 NovCVE-2024-49035 Partner.Microsoft.Com Elevation of Privilege VulnerabilityAn improper access control vulnerability in [Partner.Microsoft.com](https://partner.microsoft.com/) allows an a unauthenticated attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
26 NovCVE-2024-49038 Microsoft Copilot Studio Elevation Of Privilege VulnerabilityImproper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.MSRC.MICROSOFT.COM
26 NovCVE-2024-49052 Microsoft Azure Functions Elevation of Privilege VulnerabilityMissing authentication for critical function in Microsoft Azure Functions allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
26 NovCVE-2024-49053 Microsoft Dynamics 365 Sales Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 37[−]
26 NovCybersecurity in der Lieferkette
Wie Sie Ihre Software-Supply-Chain schützenUm Ihre Software-Lieferkette zu schützen, kann Generative AI sehr hilfreich sein. NTPY -Shutterstock.com Es klingt wie ein Agentenkrimi: Unbekannten Drahtziehern ist es gelungen, eine Hintertür in der XZ-Kompressionsbibliothek , Teil vieler Open-Source-Plattformen, zu verstecken.…CSOONLINE.COM
26 NovDell Wyse Management Suite Vulnerabilities Let Attackers Exploit Affected Systems RemotelyDell Technologies has released a security update for its Wyse Management Suite (WMS) to address multiple vulnerabilities that could allow malicious users to compromise affected systems. Wyse Management Suite is a flexible hybrid cloud solution that empowers IT admin to securely m…GBHACKERS.COM
26 NovStarbucks operations hit after ransomware attack on supply chain software vendorStarbucks is grappling with operational challenges after a ransomware attack on a third-party software provider, affecting the company’s ability to process employee schedules and payroll, according to Reuters . Last week, Blue Yonder, a UK-based supply chain software vendor servi…CSOONLINE.COM
26 NovBeware Of SpyLoan Apps Exploits Social Engineering To Steal User DataSpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive users into granting excessive permissions, where these apps, installed millions of times, exfiltrate sensitive data to C2 servers via encrypted HTTP requests. Primarily targeting South A…GBHACKERS.COM
26 NovRomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated CyberattacksThe Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. "In a successful attack,…THEHACKERNEWS.COM
26 NovFirefox and Windows zero-days exploited by Russian RomCom hackersRussian-based RomCom cybercrime group chained two zero-day vulnerabilities in recent attacks targeting Firefox and Tor Browser users across Europe and North America. [...]BLEEPINGCOMPUTER.COM
26 NovXSS Vulnerability in bing.com Let Attackers Send Crafted Malicious Requestssubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/xss-vulnerability-in-bing-com/SH.ITJUST.WORKS
26 NovIBM Workload Scheduler Vulnerability Stores User Credentials in Plain Textsubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/ibm-workload-scheduler-vulnerability-stores-user-credentials-in-plain-text/SH.ITJUST.WORKS
26 Nov KEVRomCom exploits Firefox and Windows zero days in the wildsubmitted by Joker to cybersecurity 1 points | 0 comments https://www.welivesecurity.com/en/eset-research/romcom-exploits-firefox-and-windows-zero-days-in-the-wild/ ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild …INFOSEC.PUB
26 Nov7-Zip RCE Vulnerability Let Attackers Execute Remote Codesubmitted by kid to cybersecurity 6 points | 0 comments https://gbhackers.com/7-zip-vulnerability/SH.ITJUST.WORKS
26 NovWhat Graykey Can and Can’t UnlockThis is from 404 Media : The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Apple’s mobi…SCHNEIER.COM
26 NovIntruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest ThreatsWhen CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That’s why Intruder, a leader in attack surface management, built Intel - a free vulnerability intelligence platform designed to help you act fast and prioritize r…THEHACKERNEWS.COM
26 NovHackers exploit critical bug in Array Networks SSL VPN productsAmerica's Cyber Defense Agency has received evidence of hackers actively exploiting a remote code execution vulnerability in SSL VPN products Array Networks AG and vxAG ArrayOS. [...]BLEEPINGCOMPUTER.COM
26 NovFirefox and Windows zero-days exploited by Russian RomCom hackerssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/firefox-and-windows-zero-days-exploited-by-russian-romcom-hackers/SH.ITJUST.WORKS
26 NovIBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOARIBM has released patches for two high-severity remote code execution vulnerabilities in Data Virtualization Manager and Security SOAR. The post IBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOAR appeared first on SecurityWeek .SECURITYWEEK.COM
26 Nov83% of organizations reported insider attacks in 2024According to Cybersecurity Insiders’ recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five …SECURITYINTELLIGENCE.COM
26 NovThe source code of Banshee Stealer leaked onlinesubmitted by kid to cybersecurity 2 points | 0 comments https://securityaffairs.com/171423/malware/the-source-code-of-banshee-stealer-leaked-online.htmlSH.ITJUST.WORKS
26 NovCyberheistNews Vol 14 #48 [Eye Opener] Phishing Attacks Now Exploit Visio and SharePoint FilesKNOWBE4.COM
26 NovVMware Patches High-Severity Vulnerabilities in Aria OperationsThe company warns that malicious hackers can craft exploits to elevate privileges or launch cross-site scripting attacks. The post VMware Patches High-Severity Vulnerabilities in Aria Operations appeared first on SecurityWeek .SECURITYWEEK.COM
26 NovChinese Threat Actor Targets Black Friday Shoppers With Phishing CampaignResearchers at EclecticIQ warn that the financially motivated Chinese threat actor “SilkSpecter” has launched a phishing campaign targeting Black Friday shoppers across Europe and the US.KNOWBE4.COM
26 NovU.K. Residents are Victims of the Latest Phishing Scam Targeting Starbuck Customer CredentialsAnalysis of a new phishing attack highlight just how easy it can be to spot these kinds of attacks if recipients were properly educated.KNOWBE4.COM
26 NovWhy Cybersecurity Leaders Trust the MITRE ATT&CK EvaluationsThe "MITRE Engenuity ATT&CK Evaluations: Enterprise" stand out as an essential resource for cybersecurity decision makers. Learn more from Cynet on what to expect in the upcoming 2024 MITRE ATT&CK Evaluation results. [...]BLEEPINGCOMPUTER.COM
26 NovOperation Undercut: Russian Influence Campaign Targets Western Support for Ukrainesubmitted by Joker to cybersecurity 1 points | 0 comments https://www.recordedfuture.com/research/operation-undercut-shows-multifaceted-nature-sdas-influence-operations Summary > Operation Undercut is a covert influence operation conducted by Russia’s Social Design Agency (SDA…INFOSEC.PUB
26 NovCISA Releases Six Industrial Control Systems AdvisoriesCISA released six Industrial Control Systems (ICS) advisories on November 26, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-331-01 Schneider Electric PowerLogic PM55xx and PowerLogic PM8ECC …CISA.GOV
26 NovChinese APT Hackers Using Multiple Tools And Vulnerabilities To Attack Telecom OrgsEarth Estries, a Chinese APT group, has been actively targeting critical sectors like telecommunications and government entities since 2023. They employ advanced techniques, including exploiting vulnerabilities, lateral movement, and deploying multiple backdoors like GHOSTS…GBHACKERS.COM
26 NovTerms & Acronyms - SWN VaultCheck out this episode from the SWN Vault, originally published on February 13, 2019! This Secure Digital Life episode was hand-picked by main host Doug White. Well, there are a lot of terms that are around in Cyber these days. I think we could do shows every week for a while and…YOUTUBE.COM
26 NovRomCom Hackers Exploits Windows & Firefox Zero-Day in Advanced CyberattacksIn a new wave of cyberattacks, the Russia-aligned hacking group “RomCom” has been found exploiting critical zero-day vulnerabilities in Microsoft Windows and Mozilla Firefox products. Security researchers at ESET uncovered the alarming attack chain, which uses the vul…GBHACKERS.COM
26 NovOver 1,000 arrested in massive ‘Serengeti’ anti-cybercrime operationLaw enforcement agencies in Africa arrested as part of 'Operation Serengeti' more than a thousand individuals suspected of being involved in major cybercriminal activities that caused close to $193 million in financial losses all over the world. [...]BLEEPINGCOMPUTER.COM
26 NovRockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)submitted by Joker to cybersecurity 1 points | 0 comments https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rockstar-2fa-a-driving-force-in-phishing-as-a-service-paas/INFOSEC.PUB
26 NovRussia-linked hackers exploited Firefox and Windows zero-day bugs in ‘widespread’ hacking campaignThe Russia-aligned RomCom gang exploited the vulnerabilities to target hundreds of Firefox users across Europe and North America. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
26 NovQNAP Systems Fixes Bugs in QuRouter and Notes Station 3Exploits Could Allow Remote Command Execution and Access The Taiwanese NAS maker QNAP Systems on Saturday patched multiple flaws in its operating system and applications that could allow attackers to compromise network storage devices. The patch also included multiple flaws in QN…DATABREACHTODAY.CO.UK
26 NovUK NHS Hospital Reports 'Major' CyberincidentOutpatient Appointments Cancelled at Wirral University Teaching Hospital A U.K. National Heath Service teaching hospital in northwest England reported a major cyberincident on Tuesday that forced the healthcare facility to cancel outpatient appointments for the day. DATABREACHTODAY.CO.UK
26 NovNew NachoVPN attack uses rogue VPN servers to install malicious updatesA set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them. [...]BLEEPINGCOMPUTER.COM
26 NovNew Sysdig CEO: Focus on Falco, AI and Fast Threat ResponseNew Sysdig CEO Bill Welch Aims to Expand Real-Time Response and GSI Partnerships New CEO Bill Welch discusses Sysdig's cloud security strategy, emphasizing AI, open-source leadership with Falco, and expansion plans to serve SMBs and midmarket businesses. He shares goals for real-…DATABREACHTODAY.CO.UK
26 Nov KEVRussian Hackers Target Mozilla, Windows in New Exploit ChainESET Discovers Two Major Vulnerabilities Exploited by Russian RomCom Hacking Group Two vulnerabilities in Mozilla products and Windows are actively exploited by RomCom, a Kremlin-linked cybercriminal group known for targeting businesses and conducting espionage, warn security res…DATABREACHTODAY.CO.UK
26 NovFirefox and Windows zero days chained to deliver the RomCom backdoorThe backdoor can execute commands and lets attackers download additional modules onto the victim’s machine, ESET research findsWELIVESECURITY.COM
26 Nov KEVRomCom exploits Firefox and Windows zero days in the wildESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploitWELIVESECURITY.COM
📋 SECURITY BULLETINS 1[−]
26 NovQNAP firmware update leaves NAS owners locked out of their boxesDowngrading or customer support are your options if you caught the bad one.ARSTECHNICA.COM
📢 SECURITY ADVISORIES 6[−]
26 NovAustralia’s first Cyber Security Act passes both housesThe Cyber Security Legislative Reforms proposed by the Australian federal government passed both houses on 25 November, during the last week of Parliamentary sittings. This follows a long process initiated by the 2023-2030 Australian Cyber Security Strategy , published in Novembe…CSOONLINE.COM
26 NovCISA Details Red Team Assessment Including TTPs & Network DefenseThe Cybersecurity and Infrastructure Security Agency (CISA) recently detailed findings from a Red Team Assessment (RTA) conducted on a critical infrastructure organization in the United States. The assessment, carried out over three months, simulated real-world cyberattacks to ev…GBHACKERS.COM
26 NovVictims Must Disclose Ransom Payments Under Australian LawNew Law Calls for Better Reporting, Securing Devices and Critical Infrastructure The Australian government's proposed cybersecurity legislation passed both houses of the Parliament on Monday, formalizing the government's strategy to boost ransomware payment reporting, mandate bas…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 13[−]
26 NovBlue Yonder Ransomware Attack Impacts Starbucks & Multiple SupermarketsA ransomware attack on Blue Yonder, a leading supply chain management software provider, has created ripples across global retail and manufacturing sectors, affecting major players like Starbucks and prominent UK supermarket chains. The breach, which occurred on November 21, unde…GBHACKERS.COM
26 NovRetailers struggle after ransomware attack on supply chain tech provider Blue Yondersubmitted by Joker to cybersecurity 2 points | 0 comments https://therecord.media/retailers-struggle-after-ransomware-attack-on-supply-chain-tech-company A major technology provider for hundreds of large retailers is struggling to recover from a ransomware attack that began last …INFOSEC.PUB
26 NovResearchers Detailed Tools Used By Hacktivists Fueling Ransomware AttacksCyberVolk, a politically motivated hacktivist group, has leveraged readily available ransomware builders like AzzaSec, Diamond, LockBit, and Chaos to launch DDoS and ransomware attacks against targets opposing Russian interests. The highly skilled members of the group modify and …GBHACKERS.COM
26 NovStarbucks, Grocery Stores Hit by Blue Yonder Ransomware AttackSupply chain management software provider Blue Yonder has been targeted in a ransomware attack that caused significant disruptions for some customers. The post Starbucks, Grocery Stores Hit by Blue Yonder Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
26 NovBlue Yonder Ransomware Attack Hits Starbucks, Supermarketssubmitted by kid to cybersecurity 3 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/ransomware-attack-blue-yonder-starbucks-supermarketsSH.ITJUST.WORKS
26 NovNew York Fines Geico and Travelers $11 Million Over Data BreachesNew York has announced $11 million settlements with Geico and Travelers over data breaches affecting 120,000 people. The post New York Fines Geico and Travelers $11 Million Over Data Breaches appeared first on SecurityWeek .SECURITYWEEK.COM
26 NovDOJ: Man hacked networks to pitch cybersecurity servicessubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/doj-man-hacked-networks-to-pitch-cybersecurity-services/SH.ITJUST.WORKS
26 NovMajor UK, US stores face ongoing disruption after ransomware attack hits supply chain giant Blue YonderThe Arizona-based company it has "no timeline" for restoration, causing disruption at companies around the world. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
26 NovRansomware-Angriff beeinträchtigt IT von Starbuckssrcset="https://b2b-contenthub.com/wp-content/uploads/2024/11/shutterstock_2538779037.jpg?quality=50&strip=all 6000w, https://b2b-contenthub.com/wp-content/uploads/2024/11/shutterstock_2538779037.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
26 NovRansomware Attack on Supply Chain Provider Causes DisruptionBlue Yonder Outage Causing Disruptions for Starbucks, Major Grocery Store Chains Major grocery store chains, Starbucks and other large organizations are experiencing disruptions following a ransomware attack against supply chain management service provider Blue Yonder. The provid…DATABREACHTODAY.CO.UK
26 NovData leaks from websites built on Microsoft Power Pages, including 1.1 million NHS recordsA security researcher has blamed misconfigured implementations of Microsoft Power Pages for a slew of data breaches from web portals - including the leak of 1.1 million NHS employee records. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
26 NovInterpol Clamps Down on Cybercrime and Arrests Over 1,000 Suspects in AfricaOperation Serengeti targeted criminal suspects in Africa behind ransomware, business email compromise, digital extortion and scams. The post Interpol Clamps Down on Cybercrime and Arrests Over 1,000 Suspects in Africa appeared first on SecurityWeek .SECURITYWEEK.COM
26 NovStarbucks operations hit after ransomware attack on supply chain software vendorsubmitted by BrikoX to cybersecurity 2 points | 0 comments https://www.csoonline.com/article/3612838/starbucks-operations-hit-after-ransomware-attack-on-supply-chain-software-vendor.html Blue Yonder, a supply chain software provider for Starbucks and other retailers, confirmed se…SH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 20[−]
26 NovAustralia’s first Cyber Security Act passes both housessubmitted by BrikoX to cybersecurity 3 points | 0 comments https://www.csoonline.com/article/3612378/australias-first-cyber-security-act-passes-both-houses.html After a year of consultation, discussions and amendments, the Cyber Security Act which requires certain businesses to r…SH.ITJUST.WORKS
26 NovISC Stormcast For Tuesday, November 26th, 2024 https://isc.sans.edu/podcastdetail/9232, (Tue, Nov 26th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
26 NovCritical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress SitesTwo vulnerabilities in the Anti-Spam by CleanTalk WordPress plugin allowed attackers to execute arbitrary code remotely. The post Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites appeared first on SecurityWeek .SECURITYWEEK.COM
26 NovSalt Typhoon hackers backdoor telcos with new GhostSpider malwaresubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/SH.ITJUST.WORKS
26 NovChinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ CountriesThe China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies. Trend Micro, which described the hacking group as an aggressive …THEHACKERNEWS.COM
26 Novminivault - granular credentials store in Rustsubmitted by boredsquirrel to cybersecurity 1 points | 0 comments https://codeberg.org/FedericoCeratto/minivaultSH.ITJUST.WORKS
26 NovBitLocker Security: Are Your Keys Truly Safe?submitted by Joker to cybersecurity 2 points | 0 comments https://blog.nviso.eu/2024/11/26/wake-up-and-smell-the-bitlocker-keys/INFOSEC.PUB
26 NovApple Web Content Filter Bypasssubmitted by Joker to cybersecurity 1 points | 0 comments https://cxsecurity.com/issue/WLB-2024110035INFOSEC.PUB
26 NovLateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examplessubmitted by kid to cybersecurity 0 points | 0 comments https://unit42.paloaltonetworks.com/unique-popular-techniques-lateral-movement-macos/SH.ITJUST.WORKS
26 NovAdvanced Cyberthreats Targeting Holiday Shopperssubmitted by Joker to cybersecurity 1 points | 0 comments https://www.fortinet.com/blog/threat-research/advanced-cyberthreats-targeting-holiday-shoppersINFOSEC.PUB
26 NovIdentity Challenges in Manufacturing - Tammy Klotz - CSP #202In this episode, we’re joined by Tammy Klotz, a 3x CISO in the manufacturing industry, to explore identity security challenges in manufacturing environments. Tammy discusses the differences in access management for frontline workers versus knowledge workers, touching on the uniqu…YOUTUBE.COM
26 NovCERT-In Alert: Multiple Vulnerabilities In Android Impacting Millions Of Devicessubmitted by Joker to cybersecurity 3 points | 0 comments https://cyble.com/blog/cert-in-alert-multiple-vulnerabilities-in-android-impacting-millions-of-devices/INFOSEC.PUB
26 Nov[New!] Check Out These Powerful New KnowBe4 AI FeaturesYou do not want to miss this one! You can now see our AI Defense Agents (AIDA) live in a demo, now that they are released. Customers can now fight AI with AI ! KNOWBE4.COM
26 NovWhat’s up India? PixPirate is back and spreading via WhatsAppQuick recap This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this additional content. As a reminder, PixPirate malware consists of two…SECURITYINTELLIGENCE.COM
26 NovUS senators propose mandated MFA, encryption in healthcaresubmitted by PhilipTheBucket to cybersecurity 1 points | 0 comments https://www.theregister.com/2024/11/26/us_senators_healthcare_cybersecurity/SH.ITJUST.WORKS
26 NovThe Bing Wallpaper app may decrypt, read your cookiessubmitted by kid to cybersecurity 2 points | 0 comments https://www.theregister.com/2024/11/26/bing_wallpaper_app/ “The app locates where Google Chrome, Microsoft Edge, and Mozilla Firefox store their cookies, queries for cookies with names they are interested in (such as MUID), …SH.ITJUST.WORKS
26 Nov'Matrix' Hackers Deploy Massive New IoT Botnet for DDoS Attackssubmitted by kid to cybersecurity 2 points | 0 comments https://hackread.com/matrix-hackers-new-iot-botnet-ddos-attacks/SH.ITJUST.WORKS
26 NovHow a 2-Hour Interview With an LLM Makes a Digital TwinScientists Devise Technique to Make AI Models Mimic Specific People Researchers have devised a technique to train artificial intelligence models to impersonate people's behavior based on just two hours of interviews, creating a virtual replica that can mimic an individual's value…DATABREACHTODAY.CO.UK
26 NovAI Startup Execs Say It Should Be Easier to Tap UK Funding'You Wonder, Should I Just Spend It on a Place to Stay in America For a Week' Revisions to U.K. government research funding guidelines and their complex application pose a challenge to early-stage tech companies, experts on Tuesday told a parliamentary committee inquiry. "We have…DATABREACHTODAY.CO.UK
26 NovWatchdog Report: HHS OCR Should Beef-Up HIPAA Audit ProgramHHS OIG: Current Audit Program Is Not Pushing Entities Enough to Improve Cyber The U.S. Department of Health and Human Services' Office for Civil Rights should restart and toughen the scope of its HIPAA audits. A watchdog agency says HHS needs to better assess whether regulated h…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 3[−]
26 NovGuess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024Trend Micro has identified a spear-phishing campaign active in Japan since June 2024. Evidence about the malware used by this campaign suggests this was part of a new operation by Earth Kasha.TRENDMICRO.COM
26 NovGet 50% off Malwarebytes during Black Friday 2024Malwarebytes' Black Friday 2024 deals are now live, offering a 50% discount for one and two-year subscriptions to personal, family, and business subscriptions to its standalone anti-malware software, VPN, and Personal Data Remover services. [...]BLEEPINGCOMPUTER.COM
26 Nov[Guest Diary] Using Zeek, Snort, and Grafana to Detect Crypto Mining Malware, (Tue, Nov 26th)[This is a Guest Diary by David Fitzmaurice, an ISC intern as part of the SANS.edu Bachelor&#;39;s Degree in Applied Cybersecurity (BACS) program [1].
ISC.SANS.EDU
🎙️ PODCASTS 1[−]
26 NovThe AI Fix #26: Would AI kill sentient robots, and is water wet?In episode 26 of The AI Fix, an AI does surgery on pork chops, holographic Jesus wants your consent to use cookies, Mark opens the pod bay doors, our hosts discover OpenAI's couch potato health coach, and Graham finds a robot made of drain pipes. Graham pits Mark against an AI in…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 4[−]
26 NovCleo Capital launches cybersecurity accelerator to help undo the ‘crushing burden’ of online threatsCleo Capital, the early-stage venture fund that counts the AI firm Groq, fintech company Ellevest, and fashion brand Hill House as investments, has announced the launch of a new cybersecurity accelerator. The program is looking for pre-seed and seed companies from all around the …TECHCRUNCH.COM
26 NovA milestone for Sophos NDR: 1,000 customers and countingOrganizations are increasingly choosing Sophos to defend against hidden threats on the networkSOPHOS.COM
26 NovNordVPN Black Friday Deal: Save up to 74% on yearly subscriptionsWant the best VPN with a 74% discount? The NordVPN Black Friday deal is live and runs until December 10. This is the perfect chance to lock in a 2-year plan for the low cost of $2.99 per month, with an extra 3 months for free. [...]BLEEPINGCOMPUTER.COM