Today's Core Dump is brought to you by ThreatPerspective

Biz & IT Ars Technica

Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Operation Synergia II took aim at phishing, ransomware, and information stealing. An international coalition of police agencies has taken a major whack at criminals accused of running a host of online scams, inc

Published: 2024-11-07T23:12:23



The Register - Software

Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble

If you didn't fix this a month ago, your to-do list probably needs a reshuffle Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in attacks after Broadcom s

Published: 2024-11-18T22:29:09



The Register - Software

Microsoft Exchange update fixes security flaws, breaks other stuff

Flawed patch stops on-premises, hybrid server transport rules in their tracks for some Microsoft is pausing the rollout of an Exchange security update after it became clear that the patch could break transport rules for some customers.

Published: 2024-11-15T12:29:15



The Register - Software

Five Eyes infosec agencies list 2023's most exploited software flaws

Slack patching remains a problem which is worrying as crooks increasingly target zero-day vulns The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued a list of the 15 most exploited vulnerabilities in 2023, and w

Published: 2024-11-14T08:31:06



The Verge - Securities

Microsoft announces its own Black Hat-like hacking event with big rewards for AI security

Illustration of a closed combination lock turning into pixels, implying a data breach or a lack of security. Microsoft is creating an in-person hacking event, Zero Day Quest, which it says will be the largest of its kind. The event will build upon Microsoft’s existing bug bounty program and incentivize research into high-impact security flaws that...

Published: 2024-11-19T08:30:00



The Verge - Securities

Microsoft's new Windows Resiliency Initiative aims to avoid another CrowdStrike incident

 Alongside the resiliency improvements, Windows 11 is also getting administrator protection soon. It’s a new feature that lets users have the security of a standard user but with the ability to make system changes and even install apps when ne...

Published: 2024-11-19T08:30:00



The Verge - Securities

These are the passwords you definitely shouldn t be using

 There are those who choose “iloveyou” and those who opt for “fuckyou.” Others have distinct interests, like “pokemon,” “naruto,” “samsung,” and “minecraft.” Many more are just names, like “michelle” or “ashley,” but at least some people make ...

Published: 2024-11-13T11:43:03



The Verge - Securities

National Guard Discord leaker sentenced to 15 years in prison

A photo of the American flag with graphic warning symbols. After pleading guilty in March to six counts of willful retention and transmission of national defense information under the Espionage Act, former Air National Guard member Jack Teixeira was sentenced today to 15 years in prison for posting...

Published: 2024-11-12T18:48:56



The Verge - Securities

Amazon confirms employee data breach, but says it's limited to contact info

A laptop surrounded by green and pink message boxes that say “warning.” Amazon says a data breach exposed the email addresses, phone numbers, and building locations linked to its employees, as reported earlier by 404 Media. In a statement to The Verge, Amazon spokesperson Adam Montgomery said the company was “n...

Published: 2024-11-11T15:22:05



The Verge - Securities

A new iOS 18 security feature makes it harder for police to unlock iPhones

Photo collage of a phone with a combination lock and keyhole over the screen. There is an apparently new iOS 18 security feature that reboots iPhones that haven’t been unlocked in a few days, frustrating police by making it harder to break into suspects’ iPhones, according to 404 Media. 404 Media, which first report...

Published: 2024-11-09T11:49:47



The Verge - Securities

The FBI says Russian emails are sending fake bomb threats to polling stations

The FBI symbol atop a red, black and white background made of seven pointed stars. The Federal Bureau of Investigation has issued a warning that fake bomb threats are being emailed to US polling locations in multiple states that “appear to originate from Russian email domains.” “None of the threats have been determined to...

Published: 2024-11-05T15:14:02



BleepingComputer

Cyberattack at French hospital exposes health data of 750,000 patients

A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. [...]

Published: 2024-11-20T21:20:19



BleepingComputer

Fintech giant Finastra investigates data breach after SFTP hack

Finastra has confirmed it warned customers of a cybersecurity incident after a threat actor began selling allegedly stolen data on a hacking forum. [...]

Published: 2024-11-20T15:56:59



BleepingComputer

US charges five linked to Scattered Spider cybercrime gang

The U.S. Justice Department has charged five suspects believed to be part of the financially motivated Scattered Spider cybercrime gang with conspiracy to commit wire fraud. [...]

Published: 2024-11-20T14:22:58



BleepingComputer

Apple fixes two zero-days used in attacks on Intel-based Macs

Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. [...]

Published: 2024-11-19T16:52:18



BleepingComputer

CISA tags Progress Kemp LoadMaster flaw as exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. [...]

Published: 2024-11-19T16:18:14



BleepingComputer

Ford investigates alleged breach following customer data leak

Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum. [...]

Published: 2024-11-19T15:09:14



BleepingComputer

Oracle warns of Agile PLM file disclosure flaw exploited in attacks

Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. [...]

Published: 2024-11-19T14:56:05



Technology

Smart patch buzzes, twists and presses the skin to deliver a sense of touch

The haptic patch has a number of potential applications Scientists have devised a clever new method of allowing people to feel sensations that are transmitted to their skin. Beyond its applications in fields such as gaming and telepresence, the technology could also be used to guide the blind.Continue Rea...

Published: 2024-11-11T20:51:33



Threat Intelligence

Empowering Gemini for Malware Analysis with Code Interpreter and Google Threat Intelligence

One of Google Cloud's major missions is to arm security professionals with modern tools to help them defend against the latest threats. Part of that mission involves moving closer to a more autonomous, adaptive approach in threat intelligence automa

Published: 2024-11-19T14:00:00



Threat Intelligence

Emerging Threats: Cybersecurity Forecast 2025Emerging Threats: Cybersecurity Forecast 2025Content Marketing Manager, Mandiant

Every November, we start sharing forward-looking insights on threats and other cybersecurity topics to help organizations and defenders prepare for the year ahead. The Cybersecurity Forecast 2025 report, available today, plays a big role in helping

Published: 2024-11-13T14:00:00



ProPublica

Microsoft's "Free" Plan to Upgrade Government Cybersecurity Was Designed to Box Out Competitors and Drive Profits, Insiders Say

by Renee Dudley, with research by Doris Burke ProPublic

Published: 2024-11-15T06:00:00



Krebs on Security

Fintech Giant Finastra Investigating Data Breach

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top ...

Published: 2024-11-20T01:12:15



Krebs on Security

An Interview With the Target & Home Depot Hacker

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail ...

Published: 2024-11-15T04:45:32



Krebs on Security

Microsoft Patch Tuesday, November 2024 Edition

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as we...

Published: 2024-11-12T21:59:46



Krebs on Security

FBI: Spike in Hacked Police Emails, Fake Subpoenas

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthor...

Published: 2024-11-09T19:20:26



Krebs on Security

Canadian Man Arrested in Snowflake Data Extortions

A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg first reported Moucka's alleged ties to the Snowflake hacks on Monday. At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories used by some of the world’s largest corporations. A 25-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. Image: https://www.pomerium.com/blog/the-real-lessons-from-the-snowflake-breach ...

Published: 2024-11-05T17:10:04



The Register - Security

Five Scattered Spider suspects indicted for phishing spree and crypto heists

DoJ also shutters allleged crimeware and credit card mart PopeyeTools The US Department of Justice has issued an indictment that names five people accused of stealing millions in cryptocurrency and we are told they are suspected members of cyber-gang Scattered Spider.

Published: 2024-11-21T01:29:13



The Register - Security

Chinese cyberspies, Musk's Beijing ties, labelled real risk to US security by senator

Meet Liminal Panda, which prowls telecom networks in South Asia and Africa A senior US senator has warned that American tech companies activities in China represent a national security risk, in a hearing that saw infosec biz CrowdStrike testify it has identified another cyber-espionage crew it believes is backed by Beijing.

Published: 2024-11-20T23:50:14



The Register - Security

Mega US healthcare payments network restores system 9 months after ransomware attack

Change Healthcare's $2 billion recovery is still a work in progress Still reeling from its February ransomware attack, Change Healthcare confirms its clearinghouse services are back up and running, almost exactly nine months since the digital disruption began.

Published: 2024-11-20T18:01:08



The Register - Security

Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed

OSS-Fuzz is making a strong argument for LLMs in security research Google's OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities, including a critical flaw in the widely used OpenSSL library.

Published: 2024-11-20T17:01:27



The Register - Security

D-Link tells users to trash old VPN routers over bug too dangerous to identify

Vendor offers 20% discount on new model, but not patches Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability.

Published: 2024-11-20T14:32:06



The Register - Security

Data is the new uranium incredibly powerful and amazingly dangerous

CISOs are quietly wishing they had less data, because the cost of management sometimes exceeds its value Column I recently got to play a 'fly on the wall' at a roundtable of chief information security officers. Beyond the expected griping and moaning about funding shortfalls and always-too-gullible users, I began to hear a new note: data has become a problem.

Published: 2024-11-20T07:15:09



The Register - Security

Healthcare org Equinox notifies 21K patients and staff of data theft

Ransomware scum LockBit claims it did the dirty deed Equinox, a New York State health and human services organization, has begun notifying over 21 thousand clients and staff that cyber criminals stole their health, financial, and personal information in a "data security incident" nearly seven months ago.

Published: 2024-11-20T00:30:07



The Register - Security

China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer

No word on when or if the issue will be fixed Chinese government-linked snoops are exploiting a zero-day bug in Fortinet's Windows VPN client to steal credentials and other information, according to memory forensics outfit Volexity.

Published: 2024-11-19T23:02:13



The Register - Security

Russian suspected Phobos ransomware admin extradited to US over $16M extortion

This malware is FREE for EVERY crook ($300 decryption keys sold separately) A Russian citizen has been extradited from South Korea to the United States to face charges related to his alleged role in the Phobos ransomware operation.

Published: 2024-11-19T21:55:07



The Register - Security

America's drinking water systems have a hard-to-swallow cybersecurity problem

More than 100M rely on gear rife with vulnerabilities, says EPA OIG Nearly a third of US residents are served by drinking water systems with cybersecurity shortcomings, the Environmental Protection Agency's Office of Inspector General found in a recent study and the agency lacks its own system to track potential attacks.

Published: 2024-11-19T19:59:05



The Register - Security

Palo Alto Networks tackles firewall-busting zero-days with critical patches

Amazing that these two bugs got into a production appliance, say researchers Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week.

Published: 2024-11-19T15:29:12



The Register - Security

Navigating third-party risks

Strategies for mitigating external access vulnerabilities and safeguarding sensitive data Webinar As organizations increasingly rely on third-party contractors, vendors, and service providers, the security risks associated with third-party access can become a top priority.

Published: 2024-11-19T14:33:09



The Register - Security

Crook breaks into AI biz, points $250K wire payment at their own account

Fastidious attacker then tidied up email trail behind them A Maryland AI company has confirmed to the Securities and Exchange Commission (SEC) that it lost $250,000 to a misdirected wire payment.

Published: 2024-11-19T12:31:13



The Register - Security

Join in the festive cybersecurity fun

Get hands-on cybersecurity training this seasonal challenge Sponsored Post Are you ready to pit your wits against the cyber exercises featured in the Holiday Hack Challenge 2024: Snow-maggedon?

Published: 2024-11-19T09:10:55



The Register - Security

iOS 18 added secret and smart security feature that reboots iThings after three days

Security researcher's reverse engineering effort reveals undocumented reboot timer that will make life harder for attackers Apple's latest mobile operating system, iOS 18, appears to have added an undocumented security feature that reboots devices if they re not used for 72 hours.

Published: 2024-11-19T08:31:15



The Register - Security

Ford 'actively investigating' after employee data allegedly parked on leak site

Plus: Maxar Space Systems confirms employee info stolen in digital intrusion Updated Ford Motor Company says it is looking into allegations of a data breach after attackers claimed to have stolen an internal database containing 44,000 customer records and dumped the info on a cyber crime souk for anyone to "enjoy."

Published: 2024-11-18T23:58:08



The Register - Security

Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble

If you didn't fix this a month ago, your to-do list probably needs a reshuffle Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in attacks after Broadcom's first attempt to fix the flaws fell short.

Published: 2024-11-18T22:29:09



The Register - Security

T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears

Un-carrier said to be among those hit by Salt Typhoon, including AT&T, Verizon updated T-Mobile US said it is "monitoring" an "industry-wide" cyber-espionage campaign against American networks amid fears Chinese government-backed spies compromised the un-carrier among with various other telecommunications providers.

Published: 2024-11-18T20:43:22



The Register - Security

Sweden's 'Doomsday Prep for Dummies' guide hits mailboxes today

First in six years is nearly three times the size of the older, pre-NATO version Residents of Sweden are to receive a handy new guide this week that details how to prepare for various types of crisis situations or wartime should geopolitical events threaten the country.

Published: 2024-11-18T16:03:15



The Register - Security

Deepen your knowledge of Linux security

Event The security landscape is constantly shifting. If you're running Linux, staying ahead may rely on understanding the challenges - and opportunities - unique to Linux environments.

Published: 2024-11-18T14:42:10



The Register - Security

Teen serial swatter-for-hire busted, pleads guilty, could face 20 years

PLUS: Cost of Halliburton hack disclosed; Time to dump old D-Link NAS; More UN cybercrime convention concerns; and more Infosec in brief A teenager has pleaded guilty to calling in more than 375 fake threats to law enforcement, and now faces years in prison.

Published: 2024-11-18T00:31:07



The Register - Security

Will passkeys ever replace passwords? Can they?

Here's why they really should Systems Approach I have been playing around with passkeys, or as they are formally known, discoverable credentials.

Published: 2024-11-17T18:30:07



The Register - Security

Rust haters, unite! Fil-C aims to Make C Great Again

It's memory-safe, with a few caveats Developers looking to continue working in the C and C++ programming languages amid the global push to promote memory-safe programming now have another option that doesn't involve learning Rust.

Published: 2024-11-16T10:12:14



The Register - Security

Swiss cheesed off as postal service used to spread malware

QR codes arrive via an age-old delivery system Switzerland's National Cyber Security Centre (NCSC) has issued an alert about malware being spread via the country's postal service.

Published: 2024-11-16T07:07:05



The Register - Security

Bloke behind Helix Bitcoin launderette jailed for three years, hands over $400M

Digital money laundering pays, until it doesn't An Ohio man, who operated the Grams dark-web search engine and the Helix cryptocurrency money-laundering service associated with it, has been sentenced to three years in prison.

Published: 2024-11-16T00:58:06



The Register - Security

Letting chatbots run robots ends as badly as you'd expect

LLM-controlled droids easily jailbroken to perform mayhem, researchers warn Science fiction author Isaac Asimov proposed three laws of robotics, and you'd never know it from the behavior of today's robots or those making them.

Published: 2024-11-16T00:03:24



The Register - Security

Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit

Yank access to management interface, stat A critical zero-day vulnerability in Palo Alto Networks' firewall management interface that can allow an unauthenticated attacker to remotely execute code is now officially under active exploitation.

Published: 2024-11-15T21:07:03



The Register - Security

Keyboard robbers steal 171K customers' data from AnnieMac mortgage house

Names and social security numbers of folks looking for the biggest loan of their lives exposed A major US mortgage lender has told customers looking to make the biggest financial transaction of their lives that an intruder broke into its systems and saw data belonging to 171,000 of them.

Published: 2024-11-15T19:22:09



The Register - Security

Bitfinex burglar bags 5 years behind bars for Bitcoin heist

A nervous wait for rapper wife who also faces a stint in the clink The US is sending the main figure behind the 2016 intrusion at crypto exchange Bitfinex to prison for five years after he stole close to 120,000 Bitcoin.

Published: 2024-11-15T14:09:07



The Register - Security

Microsoft Power Pages misconfigurations exposing sensitive data

NHS supplier that leaked employee info fell victim to fiddly access controls that can leave databases dangling online Private businesses and public-sector organizations are unwittingly exposing millions of people's sensitive information to the public internet because they misconfigure Microsoft's Power Pages website creation program.

Published: 2024-11-15T06:32:13



The Register - Security

Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost

Plus a bonus hard-coded local API key A now-patched, high-severity bug in Fortinet's FortiClient VPN application potentially allows a low-privilege rogue user or malware on a vulnerable Windows system to gain higher privileges from another user, execute code and possibly take over the box, and delete log files.

Published: 2024-11-14T22:22:13



The Register - Security

Cybercriminal devoid of boundaries gets 10-year prison sentence

Serial extortionist of medical facilities stooped to cavernous lows in search of small payouts A rampant cybercrook and repeat attacker of medical facilities in the US is being sentenced to a decade in prison, around seven years after the first of his many crimes.

Published: 2024-11-14T20:27:09



The Register - Security

Kids' shoemaker Start-Rite trips over security again, spilling customer card info

Full details exposed, putting shoppers at serious risk of fraud Updated Children's shoemaker Start-Rite is dealing with a nasty "security incident" involving customer payment card details, its second significant lapse during the past eight years.

Published: 2024-11-14T11:57:46



The Register - Security

NatWest blocks bevy of apps in clampdown on unmonitorable comms

From guidance to firm action... no more WhatsApp, Meta's Messenger, Signal, Telegram and more The full list of messaging apps officially blocked by Brit banking and insurance giant NatWest Group is more extensive than WhatsApp, Meta's Messenger, and Skype as first reported.

Published: 2024-11-14T10:53:32



The Register - Security

Asda security chief replaced, retailer sheds jobs during Walmart tech divorce

British grocer's workers called back to office as clock ticks for contractors The head of tech security at Asda, the UK's third-largest food retailer, has left amid an ongoing tech divorce from US grocery giant Walmart.

Published: 2024-11-14T09:30:12



The Register - Security

Five Eyes infosec agencies list 2023's most exploited software flaws

Slack patching remains a problem which is worrying as crooks increasingly target zero-day vulns The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued a list of the 15 most exploited vulnerabilities in 2023, and warned that attacks on zero-day exploits have become more common.

Published: 2024-11-14T08:31:06



The Register - Security

Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'

Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds Updated The US government has confirmed there was "a broad and significant cyber espionage campaign" conducted by China-linked snoops against "multiple" American telecommunications providers' networks.

Published: 2024-11-14T01:54:11



The Register - Security

ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue

Plus: CISA's ScubaGear dives deep to fix M365 misconfigs Bitdefender has released a free decryption tool that can unlock data encrypted by the ShrinkLocker ransomware.

Published: 2024-11-14T00:14:06



The Register - Security

Data broker amasses 100M+ records on people then someone snatches, sells it

We call this lead degeneration What's claimed to be more than 183 million records of people's contact details and employment info has been stolen or otherwise obtained from a data broker and put up for sale by a miscreant.

Published: 2024-11-13T21:44:10



The Register - Security

Ransomware fiends boast they've stolen 1.4TB from US pharmacy network

American Associated Pharmacies yet to officially confirm infection American Associated Pharmacies (AAP) is the latest US healthcare organization to have had its data stolen and encrypted by cyber-crooks, it is feared.

Published: 2024-11-13T19:10:13



The Register - Security

Microsoft slips Task Manager and processor count fixes into Patch Tuesday

Sore about cores no more Microsoft has resolved two issues vexing Windows 11 24H2 and Windows Server 2025 users among the many security updates that emerged on Patch Tuesday.

Published: 2024-11-13T17:35:12



The Register - Security

Admins can give thanks this November for dollops of Microsoft patches

Don't be a turkey get these fixed Patch Tuesday Patch Tuesday has swung around again, and Microsoft has released fixes for 89 CVE-listed security flaws in its products including two under active attack and reissued three more.

Published: 2024-11-13T01:29:13



The Register - Security

China's Volt Typhoon crew and its botnet surge back with a vengeance

Ohm, for flux sake China's Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.

Published: 2024-11-13T00:58:10



The Register - Security

Air National Guardsman gets 15 years after splashing classified docs on Discord

22-year-old talked of 'culling the weak minded' hmm! A former Air National Guard member who stole classified American military secrets, and showed them to his gaming buddies on Discord, has been sentenced to 15 years in prison.

Published: 2024-11-13T00:01:21



The Register - Security

Here's what we know about the suspected Snowflake data extortionists

A Canadian and an American living in Turkey 'walk into' cloud storage environments Two men allegedly compromised what's believed to be multiple organizations' Snowflake-hosted cloud environments, stole sensitive data within, and extorted at least $2.5 million from at least three victims.

Published: 2024-11-12T21:10:15



The Register - Security

'Cybersecurity issue' at Food Lion parent blamed for US grocery mayhem

Stores still open, but customers report delayed deliveries, invoicing issues, and more at Stop & Shop and others Retail giant Ahold Delhaize, which owns Food Lion and Stop & Shop, among others, is confirming outages at several of its US grocery stores are being caused by an ongoing "cybersecurity issue."

Published: 2024-11-12T19:30:07



The Register - Security

HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code

'Once again, we've lost a little more faith in the internet,' researcher says Researchers are publicizing a proof of concept (PoC) exploit for what they're calling an unauthenticated remote code execution (RCE) vulnerability in Citrix's Virtual Apps and Desktops.

Published: 2024-11-12T16:11:12



The Register - Security

Managing third-party risks in complex IT environments

Key steps to protect your organization's data from unauthorized external access Webinar With increasing reliance on contractors, partners, and vendors, managing third-party access to systems and data is a complex security challenge.

Published: 2024-11-12T15:08:09



The Register - Security

Amazon confirms employee data exposed in leak linked to MOVEit vulnerability

Over 5 million records from 25 organizations posted to black hat forum Amazon employees' data is part of a stolen trove posted to a cybercrime forum linked to last year's MOVEit vulnerability.

Published: 2024-11-12T13:29:06



The Register - Security

FBI issues warning as crooks ramp up emergency data request scams

Just because it's .gov doesn't mean that email is trustworthy Cybercrooks abusing emergency data requests in the US isn't new, but the FBI says it's becoming a more pronounced issue as the year draws to a close.

Published: 2024-11-11T16:23:12



Security Latest

Inside the Booming ‘AI Pimping’ Industry

AI-generated influencers based on stolen images of real-life adult content creators are flooding social media.

Published: 2024-11-20T11:00:00



Security Latest

Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany

More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany and the Pentagon is powerless to stop it.

Published: 2024-11-20T04:00:00



Security Latest

Immigration Police Can Already Sidestep US Sanctuary City Laws Using Data-Sharing Fusion Centers

Built to combat terrorism, fusion centers give US Immigration and Customs Enforcement a way to gain access to data that’s meant to be protected under city laws limiting local police cooperation with ICE.

Published: 2024-11-19T10:00:00



Security Latest

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist

Plus: An “AI granny” is wasting scammers’ time, a lawsuit goes after spyware-maker NSO Group’s executives, and North Korea linked hackers take a crack at macOS malware.

Published: 2024-11-16T11:30:00



Security Latest

More Spyware, Fewer Rules: What Trump’s Return Means for US Cybersecurity

Experts expect Donald Trump’s next administration to relax cybersecurity rules on businesses, abandon concerns around human rights, and take an aggressive stance against the cyber armies of US adversaries.

Published: 2024-11-14T10:30:00



Security Latest

Teen Behind Hundreds of Swatting Attacks Pleads Guilty to Federal Charges

Alan Filion, believed to have operated under the handle “Torswats,” admitted to making more than 375 fake threats against schools, places of worship, and government buildings around the United States.

Published: 2024-11-14T01:37:28



Security Latest

These Guys Hacked AirPods to Give Their Grandmas Hearing Aids

Three technologists in India used a homemade Faraday cage and a microwave oven to get around Apple’s location blocks.

Published: 2024-11-13T19:07:15



Security Latest

ICE Started Ramping Up Its Surveillance Arsenal Immediately After Donald Trump Won

US Immigration and Customs Enforcement put out a fresh call for contracts for surveillance technologies before an anticipated surge in the number of people it monitors ahead of deportation hearings.

Published: 2024-11-13T12:00:00



Security Latest

The WIRED Guide to Protecting Yourself From Government Surveillance

Donald Trump has vowed to deport millions and jail his enemies. To carry out that agenda, his administration will exploit America’s digital surveillance machine. Here are some steps you can take to evade it.

Published: 2024-11-12T11:30:00



Security Latest

The Real Problem With Banning Masks at Protests

Privacy advocates worry banning masks at protests will encourage harassment, while cops’ high-tech tools render the rules unnecessary.

Published: 2024-11-12T11:00:00



Security Latest

The AI Machine Gun of the Future Is Already Here

The Pentagon is pursuing every available option to keep US troops safe from the rising tide of adversary drones, including a robotic twist on its standard-issue small arms.

Published: 2024-11-11T10:30:00



Security Latest

Auto-Rebooting iPhones Are Causing Chaos for Cops

Plus: Hot Topic confirms a customer data breach, Germany arrests a US citizen for allegedly passing military secrets to Chinese intelligence, and more.

Published: 2024-11-09T11:30:00



Security Latest

764 Terror Network Member Richard Densmore Sentenced to 30 Years in Prison

The 47-year-old Michigan man, who pleaded guilty to sexually exploiting a child, was highly active in the online criminal network called 764, which the FBI now considers a “tier one” terrorism threat.

Published: 2024-11-07T20:46:05



Security Latest

Russia Is Going All Out on Election Day Interference

Along with other foreign influence operations including from Iran Kremlin-backed campaigns to stoke division and fear have gone into overdrive.

Published: 2024-11-05T21:04:35



Security Latest

Man Arrested for Snowflake Hacking Spree Faces US Extradition

Alexander “Connor” Moucka was arrested this week by Canadian authorities for allegedly carrying out a series of hacks that targeted Snowflake’s cloud customers. His next stop may be a US jail.

Published: 2024-11-05T18:36:22



Security Latest

Flaw in Right-Wing ‘Election Integrity’ App Exposes Voter-Suppression Plan and User Data

A bug that WIRED discovered in True the Vote’s VoteAlert app revealed user information and an election worker who wrote about carrying out an illegal voter-suppression scheme.

Published: 2024-11-05T16:56:22



The Hacker News

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic. "Criminals can now misuse Google Pay and Apple

Published: 2024-11-20T18:39:00



The Hacker News

NHIs Are the Future of Cybersecurity: Meet NHIDR

The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take

Published: 2024-11-20T17:00:00



The Hacker News

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that

Published: 2024-11-20T14:46:00



The Hacker News

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised. The idea, the tech giant said, is to avoid incidents like that of CrowdStrike's earlier this July, enable more apps and users to be run without admin privileges, add controls surrounding the use of unsafe apps and drivers, and offer

Published: 2024-11-20T12:30:00



The Hacker News

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection. Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications

Published: 2024-11-20T12:28:00



The Hacker News

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild. The flaws are listed below - CVE-2024-44308 (CVSS score: 8.8) - A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content CVE-2024-44309 (CVSS score: 6.1

Published: 2024-11-20T10:07:00



The Hacker News

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. "This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network

Published: 2024-11-20T09:54:00



The Hacker News

Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices

The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. "At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices," the Black Lotus Labs team at

Published: 2024-11-19T19:31:00



The Hacker News

Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts

Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools. The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report shared with The

Published: 2024-11-19T19:30:00



The Hacker News

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Privileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access rather than securing the accounts and users entrusted with it. This emphasis is perhaps due to the persistent challenges of Privileged Access Management (PAM) deployments. Yet, as the threat landscape evolves, so must organizational priorities. To

Published: 2024-11-19T17:00:00



The Hacker News

New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group

Published: 2024-11-19T15:10:00



The Hacker News

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information. The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harvest cellphone communications of "high-value intelligence targets." It's not clear what information was taken, if any,

Published: 2024-11-19T12:32:00



The Hacker News

Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation

Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog. It was

Published: 2024-11-19T12:01:00



The Hacker News

New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers

Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza. BabbleLoader is an "extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory," Intezer security

Published: 2024-11-18T22:18:00



The Hacker News

The Problem of Permissions and Non-Human Identities - Why Remediating Credentials Takes Longer Than You Think

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone. One of the more troubling aspects of this report is that over 90% of valid

Published: 2024-11-18T19:30:00



The Hacker News

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)

What do hijacked websites, fake job offers, and sneaky ransomware have in common? They’re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative using everything from human trust to hidden flaws in

Published: 2024-11-18T17:06:00



The Hacker News

Gmail's New Shielded Email Feature Lets Users Create Aliases for Email Privacy

Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android. The idea is to create unique, single-use email addresses that forward the messages to

Published: 2024-11-18T16:45:00



The Hacker News

Beyond Compliance: The Advantage of Year-Round Network Pen Testing

IT leaders know the drill regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here’s the thing: hackers don’t wait around for compliance schedules. Most companies approach network penetration testing on a set schedule, with the most common frequency being twice a year (29%), followed by three to four times per year (23%) and once per year (20%),

Published: 2024-11-18T16:45:00



The Hacker News

Fake Discount Sites Exploit Black Friday to Hijack Shopper Information

A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season. "The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts. The threat actor used fake discounted products

Published: 2024-11-18T16:26:00



The Hacker News

NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit

Legal documents released as part of an ongoing legal tussle between Meta's WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so. They also show that NSO Group repeatedly found ways to install the invasive surveillance tool on the target's devices as

Published: 2024-11-18T11:22:00



The Hacker News

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The

Published: 2024-11-18T10:22:00



The Hacker News

PAN-OS Firewall Vulnerability Under Active Exploitation IoCs and Patch Released

Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web interface IP addresses

Published: 2024-11-16T13:51:00



The Hacker News

Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials

A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet's FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA,

Published: 2024-11-16T11:55:00



The Hacker News

Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations

Cybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands. Cybersecurity company Check Point has codenamed the malware WezRat, stating it has been detected in the wild since at least September 1, 2023, based on artifacts uploaded to the

Published: 2024-11-15T23:27:00



The Hacker News

Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform

Cybersecurity researchers have disclosed two security flaws in Google's Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud. "By exploiting custom job permissions, we were able to escalate our privileges and gain unauthorized access to all data services in the project," Palo Alto Networks

Published: 2024-11-15T18:05:00



The Hacker News

Live Webinar: Dive Deep into Crypto Agility and Certificate Management

In the fast-paced digital world, trust is everything but what happens when that trust is disrupted? Certificate revocations, though rare, can send shockwaves through your operations, impacting security, customer confidence, and business continuity. Are you prepared to act swiftly when the unexpected happens? Join DigiCert’s exclusive webinar, "When Shift Happens: Are You Ready for Rapid

Published: 2024-11-15T17:18:00



The Hacker News

Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia

A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer. The malware "targets victims' sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and data from gaming software,"

Published: 2024-11-15T16:42:00



The Hacker News

How AI Is Transforming IAM and Identity Security

In recent years, artificial intelligence (AI) has begun revolutionizing Identity Access Management (IAM), reshaping how cybersecurity is approached in this crucial field. Leveraging AI in IAM is about tapping into its analytical capabilities to monitor access patterns and identify anomalies that could signal a potential security breach. The focus has expanded beyond merely managing human

Published: 2024-11-15T16:00:00



The Hacker News

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8. Environment variables are user-defined values that can allow a program

Published: 2024-11-15T12:10:00



The Hacker News

Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin

Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday. Lichtenstein was charged for his involvement in a money laundering scheme that led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion at current prices) from the crypto exchange.

Published: 2024-11-15T11:00:00



The Hacker News

CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition software have come under active exploitation in the wild. To that end, it has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates

Published: 2024-11-15T10:34:00



The Hacker News

Experts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack Scheme

Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000) have been subsequently

Published: 2024-11-14T23:06:00



The Hacker News

Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes

Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. "Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users," Laurie Richardson, VP and Head of Trust and Safety at Google, said. "The landing

Published: 2024-11-14T19:30:00



The Hacker News

5 BCDR Oversights That Leave You Exposed to Ransomware

Ransomware isn’t just a buzzword; it’s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. Almost all respondents (99.8%) in a recent

Published: 2024-11-14T17:40:00



The Hacker News

TikTok Pixel Privacy Nightmare: A New Case Study

Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations. But one online travel marketplace targeting young holidaymakers with ads on the popular video-sharing platform broke GDPR rules when a third-party partner misconfigured

Published: 2024-11-14T16:00:00



The Hacker News

New RustyAttr Malware Targets macOS Through Extended Attribute Abuse

Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including

Published: 2024-11-14T15:21:00



The Hacker News

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user's NTLMv2 hash. It was patched by Microsoft earlier this

Published: 2024-11-14T11:13:00



The Hacker News

Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel

A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said in an analysis. "The [Israel-Hamas] conflict has not disrupted the WIRTE's

Published: 2024-11-13T21:39:00



The Hacker News

Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims

Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. The decryptor is the result of a comprehensive analysis of ShrinkLocker's inner workings, allowing the researchers to discover a "specific window of opportunity for data recovery immediately after the removal of protectors from BitLocker-encrypted

Published: 2024-11-13T19:08:00



The Hacker News

Comprehensive Guide to Building a Strong Browser Security Program

The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, data leakage, and malicious extensions. As a result, the browser also becomes a vulnerability that

Published: 2024-11-13T16:30:00



The Hacker News

OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution

A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices. "Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and

Published: 2024-11-13T14:58:00



The Hacker News

Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks

The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. "The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said

Published: 2024-11-13T12:44:00



The Hacker News

Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs

Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in

Published: 2024-11-13T12:44:00



The Hacker News

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the

Published: 2024-11-12T19:31:00



The Hacker News

New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by a threat actor named cyberdluffy (aka Cyber D' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub

Published: 2024-11-12T19:30:00



The Hacker News

North Korean Hackers Target macOS Using Flutter-Embedded Malware

Threat actors with ties to the Democratic People's Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built

Published: 2024-11-12T18:30:00



The Hacker News

5 Ways Behavioral Analytics is Revolutionizing Incident Response

Behavioral analytics, long associated with threat detection (i.e. UEBA or UBA), is experiencing a renaissance. Once primarily used to identify suspicious activity, it’s now being reimagined as a powerful post-detection technology that enhances incident response processes. By leveraging behavioral insights during alert triage and investigation, SOCs can transform their workflows to become more

Published: 2024-11-12T16:30:00



The Hacker News

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said. "Threat actors leveraged an unconventional blend

Published: 2024-11-12T11:30:00



The Hacker News

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04 - Nov 10)

Imagine this: the very tools you trust to protect you online your two-factor authentication, your car’s tech system, even your security software turned into silent allies for hackers. Sounds like a scene from a thriller, right? Yet, in 2024, this isn’t fiction; it’s the new cyber reality. Today’s attackers have become so sophisticated that they’re using our trusted tools as secret pathways,

Published: 2024-11-11T17:27:00



The Hacker News

New GootLoader Campaign Targets Users Searching for Bengal Cat Laws in Australia

In an unusually specific campaign, users searching about the legality of Bengal Cats in Australia are being targeted with the GootLoader malware. "In this case, we found the GootLoader actors using search results for information about a particular cat and a particular geography being used to deliver the payload: 'Are Bengal Cats legal in Australia?,'" Sophos researchers Trang Tang, Hikaru Koike,

Published: 2024-11-11T17:25:00



Security Affairs

Ford data breach involved a third-party supplier

Ford investigates a data breach linked to a third-party supplier and pointed out that its systems and customer data were not compromised. Ford investigation investigated a data breach after a threat actors claimed the theft of customer information on the BreachForums cybercrime. On November 17, threat actors IntelBroker and EnergyWeaponUser published a post on BreachForums […]

Published: 2024-11-20T21:22:09



Security Affairs

Hacker obtained documents tied to lawsuit over Matt Gaetz’s sexual misconduct allegations

A hacker allegedly accessed a file containing testimony from a woman claiming she had sex with Matt Gaetz when she was 17, sparking controversy. The New York Times reported that a hacker, who goes online with the name name Altam Beezley, gained access to files containing confidential testimony from a woman who claims she had […]

Published: 2024-11-20T15:33:01



Security Affairs

Apple addressed two actively exploited zero-day vulnerabilities

Apple released security updates for iOS, iPadOS, macOS, visionOS, and Safari browser to address two actively exploited zero-day flaws. Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS, macOS, visionOS, and Safari web browser, which are actively exploited in the wild. The vulnerability CVE-2024-44309 is a cookie management issue […]

Published: 2024-11-20T10:39:57



Security Affairs

Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events

Threat actors exploit misconfigured JupyterLab and Jupyter Notebooks servers to rip sports streams and illegally redistribute them. Researchers from security firm Aqua observed threat actors exploiting misconfigured JupyterLab and Jupyter Notebook servers to hijack environments, deploy streaming tools, and duplicate live sports broadcasts on illegal platforms. “threat actors using misconfigured servers to hijack environments for […]

Published: 2024-11-20T07:32:57



Security Affairs

Russian Phobos ransomware operator faces cybercrime charges

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges. According to the DoJ, the […]

Published: 2024-11-19T22:36:29



Security Affairs

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Chinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY, DEEPDATA, and DEEPPOST. DEEPDATA is a […]

Published: 2024-11-19T15:05:27



Security Affairs

U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of the above vulnerabilities: CVE-2024-1212 is a Progress Kemp LoadMaster […]

Published: 2024-11-19T08:34:02



Security Affairs

Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals

A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information. On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. The organization launched an investigation into the incident with the help of a cybersecurity firm. The healthcare center discovered that a threat actor […]

Published: 2024-11-19T07:34:57



Security Affairs

Recently disclosed VMware vCenter Server bugs are actively exploited in attacks

Threat actors are actively exploiting two VMware vCenter Server vulnerabilities tracked as CVE-2024-38812 and CVE-2024-38813, Broadcom warns. Broadcom warns that the two VMware vCenter Server vulnerabilities CVE-2024-38812 and CVE-2024-38813 are actively exploited in the wild. “Updated advisory to note that VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813.” […]

Published: 2024-11-18T20:42:17



Security Affairs

Foreign adversary hacked email communications of the Library of Congress says

The Library of Congress discloses the compromise of some of its IT systems, an alleged foreign threat actor hacked their emails. The Library of Congress informed lawmakers about a security breach, an alleged foreign adversary compromised some of their IT systems and gained access to email communications between congressional offices and some library staff, including […]

Published: 2024-11-18T14:51:18



News Packet Storm

CISA Director Jen Easterly To Step Down Jan. 20

Equinox Notifies 21,000 Patients And Staff Of Data Theft

D-Link Tells Users To Trash Old VPN Routers Due To Bug

Helldown Ransomware Evolves To Target VMware Systems Via Linux

Apple Confirms Zero Day Attacks Hitting macOS Systems

Oracle Patches Exploited Agile PLM Zero-Day

Bitcoin Bursts Past $94,000 For The First Time

Palo Alto Sounds Alarm Over PAN-OS Zero Day Attacks

Crooks Snag $250k Wire Payment From AI Biz

US Senate To Hold Panel Hearing On Suspected Chinese Hacking Incidents

Thousands Of IoT Devices Turned Into Residential Proxies

Discontinued GeoVision Products Targeted In Botnet Attacks

Ransomware Attack On Oklahoma Medical Center Impacts 133,000

NSO Operates Its Spyware, Legal Documents Reveal

300 Drinking Systems In US Exposed To Disruptive, Damaging Hacker Attacks

Swiss Cheesed Off As Postal Service Used To Spread Malware

Will Passkeys Ever Replace Passwords? Can They?

Webscout Is Worth Checking Out

Microsoft Power Pages Misconfigurations Exposing Sensitive Data

Palo Alto Networks Confirms New Firewall Zero-Day Exploitation

Fortinet Patches VPN Flaw That Provided Privilege Escalation

Known Brand, Gov Domains Hijacked Via Sitting Ducks Attacks

Man Gets 5 Years For Laundering Crypto From Bitfinex Hack

Five Eyes Infosec Agencies List 2024's Most Exploited Software Flaws

CISA, FBI Confirm China Hacked Telecoms To Spy

SecurityWeek

US Gathers Allies to Talk AI Safety as Trump’s Vow to Undo Biden’s AI Policy Overshadows Their WorkIndustry Moves for the week of November 18, 2024 - SecurityWeek

Risk Intelligence Startup RIIG Raises $3 Million

Twine Snags $12M for AI-Powered ‘Digital Employees’ Tech

Surf Security Adds Deepfake Detection Tool to Enterprise Browser

D-Link Warns of RCE Vulnerability in Legacy Routers

CISA Warns of Progress Kemp LoadMaster Vulnerability Exploitation

GitHub Launches Fund to Improve Open Source Project Security

Cyera Raises $300 Million at $3 Billion Valuation

Oracle Patches Exploited Agile PLM Zero-Day

Ford Blames Third-Party Supplier for Data Breach

CISA News

CISA Releases Venue Guide for Security Considerations

CISA Launches New Learning Platform to Enhance Training and Education U.S. Veterans and Other Stakeholders

Joint Statement from FBI and CISA on the People's Republic of China (PRC) Targeting of Commercial Telecommunications Infrastructure

CISA Kicks Off Critical Infrastructure Security and Resilience Month 2024

Statement from CISA Director Easterly on the Security of the 2024 Elections

Joint ODNI, FBI, and CISA Statement

Joint Statement from CISA and EAC in Support of State and Local Election Officials

Joint ODNI, FBI, and CISA Statement on Russian Election Influence Efforts

CISA Releases Its First Ever International Strategic Plan

CISA Launches #PROTECT2024 Election Threat Updates Webpage

CISA Blog

USDA Stops Credential Phishing with FIDO Authentication

CISA’s Vulnerability Management goes “Big” on Interns and the Results are Staggering!

CISA’s ScubaGear Tool Improves Security for Organizations Using M365 and Surpasses 30,000 Downloads

Engaging with Security Researchers: Embracing a “See Something, Say Something” Culture

A Message to Election Officials from CISA Director Jen Easterly

Region 8 Invites You to Secure Our World

CISA Director Jen Easterly Remarks at the Election Center 39th Annual National Conference in Detroit

Learn with Region 8’s Webinar Program

Shaping the legacy of partnership between government and private sector globally: JCDC

SAFECOM and NCSWIC Develop Global Positioning System (GPS) for Public Safety Location Services: Use Cases and Best Practices

All CISA Advisories

USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication

Apple Releases Security Updates for Multiple Products

2024 CWE Top 25 Most Dangerous Software Weaknesses

CISA and Partners Release Update to BianLian Ransomware Cybersecurity Advisory

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Releases One Industrial Control Systems Advisory

Mitsubishi Electric MELSEC iQ-F Series

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Siemens OZW672 and OZW772 Web Server

Siemens TeleControl Server

Siemens Engineering Platforms

Baxter Life2000 Ventilation System

2N Access Commander

Rockwell Automation Verve Reporting (Update A)

Siemens SIPORT

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Siemens Mendix Runtime

Hitachi Energy MSM

Siemens SIMATIC CP

Siemens RUGGEDCOM CROSSBOW

Siemens SINEC INS

CISA Releases Nineteen Industrial Control Systems Advisories

Rockwell Automation Arena Input Analyzer

Rockwell Automation FactoryTalk Updater (Update A)

Siemens Spectrum Power 7

Siemens Solid Edge

Siemens SINEC NMS

Siemens SCALANCE M-800 Family

Palo Alto Networks Emphasizes Hardening Guidance

Microsoft Releases November 2024 Security Updates

Exploit-DB.com RSS Feed

[webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)

[webapps] reNgine 2.2.0 - Command Injection (Authenticated)

[webapps] openSIS 9.1 - SQLi (Authenticated)

[webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)

[webapps] NoteMark < 0.13.0 - Stored XSS

[webapps] Gitea 1.22.0 - Stored XSS

[webapps] Invesalius3 - Remote Code Execution

[dos] Windows TCP/IP - RCE Checker and Denial of Service

[webapps] Aurba 501 - Authenticated RCE

[webapps] HughesNet HT2000W Satellite Modem - Password Reset

[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure

[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass

[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config

[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass

[webapps] Helpdeskz v2.0.2 - Stored XSS

[webapps] Calibre-web 0.6.21 - Stored XSS

[webapps] Devika v1 - Path Traversal via 'snapshot_path'

[local] Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path

[local] SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path

[local] Oracle Database 12c Release 1 - Unquoted Service Path

[webapps] Ivanti vADC 9.9 - Authentication Bypass

[local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation

[webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection

[webapps] Azon Dominator Affiliate Marketing Script - SQL Injection

[webapps] Microweber 2.0.15 - Stored XSS

[webapps] Customer Support System 1.0 - Stored XSS

[webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

[webapps] SolarWinds Platform 2024.1 SR1 - Race Condition

[webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)

[webapps] Boelter Blue System Management 1.3 - SQL Injection

[webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)

[webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)

[webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)

[webapps] XMB 1.9.12.06 - Stored XSS

[webapps] Carbon Forum 5.9.0 - Stored XSS

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)

[webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)

[webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

[webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE)

[webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE)

[webapps] Dotclear 2.29 - Remote Code Execution (RCE)

[webapps] Serendipity 2.5.0 - Remote Code Execution (RCE)

[webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS)

[webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated)

[webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI)

[webapps] Check Point Security Gateway - Information Disclosure (Unauthenticated)

[webapps] Aquatronica Control System 5.1.6 - Information Disclosure

[webapps] changedetection < 0.45.20 - Remote Code Execution (RCE)

Full Disclosure

SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)

Security issue in the TX Text Control .NET Server for ASP.NET.

SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater

Unsafe eval() in TestRail CLI

4 vulnerabilities in ibmsecurity

32 vulnerabilities in IBM Security Verify Access

xlibre Xnest security advisory & bugfix releases

APPLE-SA-10-29-2024-1 Safari 18.1

SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)

SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)

APPLE-SA-10-28-2024-8 visionOS 2.1

APPLE-SA-10-28-2024-7 tvOS 18.1

APPLE-SA-10-28-2024-6 watchOS 11.1

APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1

APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1

Open Source Security

CVE-2024-52067: Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log

[kubernetes] CVE-2024-10220: Arbitrary command execution through gitRepo volume

Local Privilege Escalations in needrestart

Fwd: wget-1.25.0 released [fixes CVE-2024-10524]

CVE-2024-31141: Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider

CVE-2024-52318: Apache Tomcat: Incorrect JSP tag recycling leads to XSS

CVE-2024-52317: Apache Tomcat: Request/response mix-up with HTTP/2

CVE-2024-52316: Apache Tomcat: Authentication bypass when using Jakarta Authentication API

Re: shell wildcard expansion (un)safety

Re: PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21

PostgreSQL: 4 CVEs fixed in 17.1, 16.5, 15.9, 14.14, 13.17, 12.21

CVE-2024-41151: Apache HertzBeat: RCE by notice template injection vulnerability

CVE-2024-45791: Apache HertzBeat: Exposure sensitive token via http GET method with query string

CVE-2024-45505: Apache HertzBeat (incubating): Exists Native Deser RCE and file writing vulnerabilities

CVE-2024-47208: Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE






© Segmentation Fault . All rights reserved.

Privacy | Terms of Use | Contact Us