Today's Core Dump is brought to you by ThreatPerspective

Biz & IT Ars Technica

North Korean hackers use newly discovered Linux malware to raid ATMs

Once, FASTCash ran only on Unix. Then came Windows. Now it can target Linux, too. In the beginning, North Korean hackers compromised the banking infrastructure running AIX, IBM’s proprietary version of Unix. Nex

Published: 2024-10-15T21:16:05



Biz & IT Ars Technica

Archive.org, a repository of the history of the Internet, has a data breach

31 million records containing email addresses and password hashes exposed. Archive.org, one of the only entities to attempt to preserve the entire history of the World Wide Web and much of the broader Internet, was recently compromised in a hack that revealed data on roughly 31 million users. A little after 2...

Published: 2024-10-10T00:12:56



The Register - Software

Storage hacks for hungry GPUs

The secret to improving workload performance is to stop bottlenecking your AI Commissioned In the fast-paced world of AI, GPUs are often hailed as the quiet powerhouse driving innovation.

Published: 2024-10-16T15:22:49



The Register - Software

Productivity suites, Exchange servers in path of Microsoft's end-of-support wave

Less than a year to go is your enterprise ready for the change? Office and Exchange Server have joined Windows 10 in a march to obsolescence, with less than a year until support is cut for 2016 and 2019 versions.

Published: 2024-10-16T13:15:15



The Register - Software

One-year countdown to 'biggest Ctrl-Alt-Delete in history' as Windows 10 approaches end of support

Microsoft's hardware compatibility gamble still hasn't paid off Windows 10 is now just a year from its end of support date, and it is clear that Microsoft's hardware compatibility gamble has yet to pay off.

Published: 2024-10-14T17:27:12



The Register - Software

Anthropic's Claude vulnerable to 'emotional manipulation'

AI model safety only goes so far Anthropic's Claude 3.5 Sonnet, despite its reputation as one of the better behaved generative AI models, can still be convinced to emit racist hate speech and malware.

Published: 2024-10-12T10:30:07



The Register - Software

OpenAI says Chinese gang tried to phish its staff

Claims its models aren't making threat actors more sophisticated - but is helping debug their code OpenAI has alleged the company disrupted a spear-phishing campaign that saw a China-based group target its employees through both their personal and co

Published: 2024-10-10T04:05:39



The Verge - Securities

Activision says it's fixed an anti-cheat hack in Modern Warfare III and Call of Duty: Warzone

A screenshot from Call of Duty: Warzone. Activision says it has “disabled a workaround to a detection system” in Modern Warfare III and Call of Duty: Warzone that led to legitimate players getting banned by the Ricochet anti-cheat system. The company says the problem “impacted a s...

Published: 2024-10-17T17:47:53



The Verge - Securities

Brazilian police arrested the hacker who stole everyone's SSN

A number of cursors point toward an unhappy face on a laptop The Federal Police of Brazil announced the arrest of the hacker linked to a breach that leaked 2.9 billion records that included sensitive personal information, including some Social Security numbers. The data from that hack, which came to ...

Published: 2024-10-17T15:10:09



The Verge - Securities

Hacker arrested for the fake SEC tweet that caused a Bitcoin price spike

A cartoon illustration shows a shadowy figure carrying off a red directory folder, which has a surprised-looking face on its side. The FBI has arrested an Alabama man who is accused of hacking the Securities and Exchange Commission’s X account in January. The indictment (PDF) alleges that 25-year-old Eric Council Jr. worked with co-conspirators to take control of the a...

Published: 2024-10-17T12:32:33



The Verge - Securities

Password manager makers want to let you securely transfer passkeys

Illustration of a key being pixelated. The FIDO Alliance, the organization that’s helping shepherd passkey adoption, announced a draft of new specifications that would let users securely move their passkeys across different password managers. Passkeys are great it’s nice to be...

Published: 2024-10-15T14:13:22



The Verge - Securities

Arlo is launching its first wired floodlight camera

A lifestyle image of the Arlo Wired Floodlight Camera. Arlo is releasing a new floodlight security camera that connects directly to your home’s Wi-Fi and power source. That allows the Arlo Wired Floodlight Camera to monitor and illuminate outdoor spaces 24/7 without interruption, unlike battery...

Published: 2024-10-15T08:00:00



The Verge - Securities

The Internet Archive is back as a read-only service after cyberattacks

The Internet Archive’s Wayback Machine logo. The Internet Archive is back online in a read-only state after a cyberattack brought down the digital library and Wayback Machine last week. A data breach and DDoS attack kicked the site offline on October 9th, with a user authentication da...

Published: 2024-10-14T04:55:32



The Verge - Securities

Hackers took over robovacs to chase pets and yell slurs

A picture of the Deebot X2 Omni. Someone gained access to Ecovacs Deebot X2 Omni robotic vacuums across several US cities earlier this year and used them to chase pets and yell racist slurs at their owners, reported ABC News in Australia this week. The outlet spoke with m...

Published: 2024-10-12T13:23:49



The Verge - Securities

The Internet Archive is still down but will return in days, not weeks

Illustration of a computer screen with a blue exclamation point on it and an error box. The Internet Archive will come back within “days” following a cyberattack that brought down the organization’s vast digital library and the Wayback Machine, according to an update from founder Brewster Kahle. It’s been struggling due to a d...

Published: 2024-10-11T16:10:27



The Verge - Securities

The Internet Archive is under attack, with a breach revealing info for 31 million accounts

An image showing a laptop with “Error” notifications on the screen When visiting the Internet Archive (www.archive.org) on Wednesday afternoon, The Verge was greeted with a pop-up claiming the site had been hacked. Just after 9PM ET, Internet Archive founder Brewster Kahle confirmed the breach and said the...

Published: 2024-10-09T17:26:08



The Verge - Securities

How to use Apple's new Passwords app on iOS and macOS

Pop-up on moving passkey to group. Finally, there’s password sharing here, too. To share a password with someone else via AirDrop, select any password stored in the app, then click the share button (the square with an arrow). To share with a group of people: Click the + butto...

Published: 2024-10-09T10:30:00



BleepingComputer

Microsoft warns it lost some customer's security logs for a month

Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorized activity. [...]

Published: 2024-10-17T18:17:29



BleepingComputer

Fake Google Meet conference errors push infostealing malware

A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake connectivity errors that deliver info-stealing malware for Windows and macOS operating systems. [...]

Published: 2024-10-17T17:00:27



BleepingComputer

FBI arrest Alabama man suspected of hacking SEC's X account

An Alabama man was arrested today by the FBI for his suspected role in hacking the SEC's X account to make a fake announcement that Bitcoin ETFs were approved. [...]

Published: 2024-10-17T14:21:35



BleepingComputer

BianLian ransomware claims attack on Boston Children's Health Physicians

The BianLian ransomware group has claimed the cyberattack on Boston Children's Health Physicians (BCHP) and threatens to leak stolen files unless a ransom is paid. [...]

Published: 2024-10-17T11:37:48



BleepingComputer

Hackers blackmail Globe Life after stealing customer data

Insurance giant Globe Life says an unknown threat actor attempted to extort money in exchange for not publishing data stolen from the company's systems earlier this year. [...]

Published: 2024-10-17T10:32:25



BleepingComputer

Top 5 Cloud Security Automations for SecOps Teams

Learn about 5 powerful cloud security automations with Blink Ops to simplify security operations like S3 bucket monitoring, subdomain takeover detection and failed EC2 login detection. [...]

Published: 2024-10-17T10:02:12



BleepingComputer

Iranian hackers act as brokers selling critical infrastructure access

Iranian hackers are breaching critical infrastructure organizations to collect credentials and network data that can be sold on cybercriminal forums to enable cyberattacks from other threat actors. [...]

Published: 2024-10-16T19:16:17



BleepingComputer

Google: 70% of exploited flaws disclosed in 2023 were zero-days

Google Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software. [...]

Published: 2024-10-16T18:12:50



BleepingComputer

USDoD hacker behind National Public Data breach arrested in Brazil

A notorious hacker named USDoD, who is linked to the National Public Data and InfraGard breaches, has been arrested by Brazil's Pol cia Federal in "Operation Data Breach". [...]

Published: 2024-10-16T17:47:48



BleepingComputer

SolarWinds Web Help Desk flaw is now exploited in attacks

CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024. [...]

Published: 2024-10-16T15:53:25



Technology

Facial recognition data breach: Meta glasses extract info in real time

This shows how the I-Xray software works, from capturing the image to aggregating the data In what might be described as a real-life Black Mirror episode, a Harvard student uses facial recognition with $379 Meta Ray-Ban 2 smart sunglasses - to dig up personal data on every face he sees in real time.Continue ReadingCategory: TechnologyTags:...

Published: 2024-10-02T22:10:52



Threat Intelligence

How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends

Number of vendors exploited by year Written by: Casey Charrier, Robert Weiner We note that the total number of vulnerabilities affecting a vendor does not directly relate to how secure or insecure a vendor's security posture is, nor does it s...

Published: 2024-10-15T14:00:00



Krebs on Security

Lamborghini Carjackers Lured by $243M Cyberheist

The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was bea...

Published: 2024-10-09T17:36:27



Krebs on Security

Patch Tuesday, October 2024 Edition

Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of produc...

Published: 2024-10-08T22:21:19



Krebs on Security

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researcher...

Published: 2024-10-03T13:05:52



The Register - Security

Uncle Sam puts $10M bounty on Russian troll farm Rybar

Propaganda op focuses on anti-West narratives to meddle with elections The US has placed a $10 million bounty on Russian media network Rybar and a number of its key staffers following alleged attempts to sway the upcoming US presidential election.

Published: 2024-10-18T01:00:10



The Register - Security

Troubled US insurance giant hit by extortion after data leak

Globe Life claims blackmailers shared stolen into with short sellers US insurance provider Globe Life, already grappling with legal troubles, now faces a fresh headache: an extortion attempt involving stolen customer data.

Published: 2024-10-17T23:30:10



The Register - Security

Brazilian police claim they've cuffed serial cybercrook behind FBI and Airbus attacks

Early stage opsec failures lead to landmark arrest of suspected serial data thief Brazilian police are being cagey with the details about the arrest of a person suspected to be responsible for various high-profile data thefts.

Published: 2024-10-17T14:00:06



The Register - Security

WeChat devs introduced security flaws when they modded TLS, say researchers

No attacks possible, but enough issues to cause concern Messaging giant WeChat uses a network protocol that the app's developers modified and by doing so introduced security weaknesses, researchers claim.

Published: 2024-10-17T08:31:12



The Register - Security

Anonymous Sudan isn't any more: Two alleged operators named, charged

Gang said to have developed its evilware on GitHub then DDoSed GitHub Hacktivist gang Anonymous Sudan appears to have lost its anonymity after the US Attorney's Office on Wednesday unsealed an indictment identifying two of its alleged operators.

Published: 2024-10-17T07:27:08



The Register - Security

US contractor pays $300K to settle accusation it didn't properly look after Medicare users' data

Resolves allegations it improperly stored screenshots containing PII that were later snaffled A US government contractor will settle claims it violated cyber security rules prior to a breach that compromised Medicare beneficiaries' personal data.

Published: 2024-10-16T23:15:11



The Register - Security

Critical default credential bug in Kubernetes Image Builder allows SSH root access

It's called leaving the door wide open especially in Proxmox A critical bug in Kubernetes Image Builder could allow unauthorized SSH access to virtual machines (VMs) thanks to default credentials being enabled during the image build process.

Published: 2024-10-16T21:58:12



The Register - Security

Volkswagen monitoring data dump threat from 8Base ransomware crew

The German car giant appears to be unconcerned The 8Base ransomware crew claims to have stolen a huge data dump of Volkswagen files and is threatening to publish them, but the German car giant appears to be unconcerned.

Published: 2024-10-16T21:30:12



The Register - Security

Critical hardcoded SolarWinds credential now exploited in the wild

Another blow for IT software house and its customers A critical, hardcoded login credential in SolarWinds' Web Help Desk line has been exploited in the wild by criminals, according to the US Cybersecurity and Infrastructure Security Agency, which has added the security blunder to its Known Exploited Vulnerabilities (KEV) Catalog.

Published: 2024-10-16T20:00:14



The Register - Security

China's infosec leads accuse Intel of NSA backdoor, cite chip security flaws

Uncle Sam having a secret way into US tech? Say it ain't so A Chinese industry group has accused Intel of backdooring its CPUs, in addition to other questionable security practices while calling for an investigation into the chipmaker, claiming its products pose "serious risks to national security."

Published: 2024-10-16T18:30:15



The Register - Security

Strengthen your cybersecurity with automation

Find out how to enhance efficiency using Google Security Operations Webinar In an era of ever-evolving cyber threats, staying ahead of potential security risks is essential.

Published: 2024-10-16T08:38:14



The Register - Security

Internet Archive wobbles back online, with limited functionality

DDoS detectives deduce Mirai used to do the deed, using home entertainment boxes in Korea, China, and Brazil The Internet Archive has come back online, in slightly degraded mode, after repelling an October 9 DDoS attack and then succumbing to a raid on users' data.

Published: 2024-10-16T07:28:10



The Register - Security

IBM acquires Indian SaaS startup Prescinto to shine a light on renewable energy assets

Also: Crypto-hub Binance helps Delhi police shut down solar power scam IBM announced on Tuesday it has acquired Prescinto a Bangalore-based provider of asset performance management software for renewable energy.

Published: 2024-10-16T05:25:08



The Register - Security

WhatsApp may expose the OS you use to run it which could expose you to crooks

Meta knows messaging service creates persistent user IDs that have different qualities on each device Updated An analysis of Meta's WhatsApp messaging software reveals that it may expose which operating system a user is running, and their device setup information including the number of linked devices.

Published: 2024-10-16T04:26:10



The Register - Security

Cisco confirms 'ongoing investigation' after crims brag about selling tons of data

Networking giant says 'no evidence' of impact on its systems but will tell customers if their info has been stolen UPDATED Cisco has confirmed it is investigating claims of stealing and now selling data belonging to the networking giant.

Published: 2024-10-15T22:30:12



The Register - Security

Microsoft says more ransomware stopped before reaching encryption

Volume of attacks still surging though, according to Digital Defense Report Microsoft says ransomware attacks are up 2.75 times compared to last year, but claims defenses are actually working better than ever.

Published: 2024-10-15T16:45:11



The Register - Security

AI amplifies systemic risk to financial sector, says India's Reserve Bank boss

Who also worries misinformation on social media could threaten liquidity The governor of India's Reserve Bank, Shri Shaktikanta Das, yesterday warned that AI and the platforms that provide it could worsen systemic risk to the nation's financial system.

Published: 2024-10-15T03:42:10



The Register - Security

China again claims Volt Typhoon cyber-attack crew was invented by the US to discredit it

Enough with the racist-sounding 'dragons' and 'pandas', Beijing complains then points the finger at koalas Chinese authorities have published another set of allegations that assert the Volt Typhoon cyber-crew is an invention of the US and its allies, and not a crew run by Beijing.

Published: 2024-10-15T01:15:08



The Register - Security

US healthcare org admits up to 400,000 people's personal info was snatched

It waited till just before Columbus Day weekend to make mandated filing, but don't worry, we saw it A Houston-based services provider to healthcare organizations says a crook may have grabbed up to 400,000 people's information after the miscreant accessed the systems of one of its customers.

Published: 2024-10-14T22:03:07



The Register - Security

Leveraging AI/ML for next-gen SOC environments

Technologies that help SOCs detect, analyze, and respond to emerging threats faster and more accurately Partner Content This article discusses some of the challenges traditional SOCs face and how integrating artificial intelligence/machine learning (AI/ML) modules could help solve the challenges faced by security professionals and organizations.

Published: 2024-10-14T14:43:05



The Register - Security

Trump campaign arms up with 'unhackable' phones after Iranian intrusion

Florida man gets his hands on 'the best ever' With less than a month to go before American voters head to the polls to choose their next president, the Trump campaign has been investing in secure tech to make sure it doesn't get compromised again.

Published: 2024-10-14T14:28:05



The Register - Security

Thousands of Fortinet instances vulnerable to actively exploited flaw

No excuses for not patching this nine-month-old issue More than 86,000 Fortinet instances remain vulnerable to the critical flaw that attackers started exploiting last week, according to Shadowserver's data.

Published: 2024-10-14T12:30:10



The Register - Security

How to head off data breaches with CIAM

Let Okta lift the lid on customer identity in this series of webinars Sponsored Post Recent reports suggest that stolen identity and privileged access credentials now account for 61 percent of all data breaches.

Published: 2024-10-14T09:00:10



The Register - Security

Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption

With an off-the-shelf D-Wave machine, but only against very short keys Chinese researchers claim they have found a way to use D-Wave's quantum annealing systems to develop a promising attack on classical encryption.

Published: 2024-10-14T06:30:09



The Register - Security

Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between

Reading, writing, and cyber mayhem, amirite? If we were to draw an infosec Venn diagram, with one circle representing "sensitive info that attackers would want to steal" and the other "limited resources plus difficult-to-secure IT environments," education would sit in the overlap.

Published: 2024-10-13T13:00:05



The Register - Security

US and UK govts warn: Russia scanning for your unpatched vulnerabilities

Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more in brief If you need an excuse to improve your patching habits, a joint advisory from the US and UK governments about a massive, ongoing Russian campaign exploiting known vulnerabilities should do the trick.

Published: 2024-10-12T03:05:11



The Register - Security

INC ransomware rebrands to Lynx same code, new name, still up to no good

Researchers point to evidence that scumbags visited the strategy boutique Researchers at Palo Alto's Unit 42 believe the INC ransomware crew is no more and recently rebranded itself as Lynx over a three-month period.

Published: 2024-10-11T23:00:14



The Register - Security

US lawmakers seek answers on alleged Salt Typhoon breach of telecom giants

Cyberspies abusing a backdoor? Groundbreaking Lawmakers are demanding answers about earlier news reports that China's Salt Typhoon cyberspies breached US telecommunications companies Verizon, AT&T, and Lumen Technologies, and hacked their wiretapping systems. They also urge federal regulators to hold these companies accountable for their infosec practices - or lack thereof.

Published: 2024-10-11T21:30:13



The Register - Security

RAC duo busted for stealing and selling crash victims' data

Roadside assistance biz praised for deploying security monitoring software and reporting workers to cops Two former workers at roadside assistance provider RAC were this week given suspended sentences after illegally copying and selling tens of thousands of lines of personal data on people involved in accidents.

Published: 2024-10-11T11:45:16



The Register - Security

Keir Starmer hands ex-Darktrace boss investment minister gig

What's harder? Convincing people to invest in a beleaguered security business or a tiny island everybody hates? Keir Starmer's decision to appoint Poppy Gustafsson as the UK's new investment minister is being resoundingly praised despite the former Darktrace boss spending years failing to fully rebuild investor confidence in the embattled company.

Published: 2024-10-11T11:13:42



The Register - Security

FBI created a cryptocurrency so it could watch it being abused

It worked alleged pump and dump schemers arrested in UK, US and Portugal this week The FBI created its own cryptocurrency so it could watch suspected fraudsters use it an idea that worked so well it produced arrests in three countries.

Published: 2024-10-11T05:28:09



The Register - Security

Healthcare attacks spread beyond US just ask India's Star Health

Acknowledges bulk customer data leak weeks after Telegram channels dangled it online Updated Leading Indian health insurance provider Star Health has admitted to being the victim of a cyber attack after criminals claimed they had posted records of 30-milion-plus clients online.

Published: 2024-10-11T02:57:43



The Register - Security

Crooks stole personal info of 77k Fidelity Investments customers

But hey, no worries, the firm claims no evidence of data misuse Fidelity Investments has notified 77,099 people that their personal information was stolen in an August data breach.

Published: 2024-10-10T21:30:06



The Register - Security

Secure your AI initiatives

Unlock the power of generative AI with AWS Webinar Generative AI (GenAI) has quickly transitioned from an emerging concept to a core driver of innovation across lots of different industries.

Published: 2024-10-10T14:16:16



The Register - Security

Fore-get about privacy, golf tech biz leaves 32M data records on the fairway

Researcher spots 110 TB of sensitive info sitting in unprotected database Nearly 32 million records belonging to users of tech from Trackman were left exposed to the internet, sitting in a non-password protected database, for an undetermined amount of time, according to researcher Jeremiah Fowler.

Published: 2024-10-10T14:14:10



The Register - Security

CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame

Usual three-week window to address significant risks to federal agencies applies The US Cybersecurity and Infrastructure Security Agency (CISA) says vulnerabilities in Fortinet and Ivanti products are now being exploited, earning them places in its Known Exploited Vulnerabilities (KEV) catalog.

Published: 2024-10-10T13:34:14



The Register - Security

Mozilla patches critical Firefox vuln that attackers are already exploiting

Firefixed: It's maintenance time for low-complexity, high-impact security flaw It's patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser.

Published: 2024-10-10T11:30:10



The Register - Security

How to enable secure use of AI

Let the SANS AI Toolkit promote secure and responsible use of AI tools in the workplace Sponsored Post It's Cybersecurity Awareness Month again this October - a timely reminder for public and private sector organisations to work together and raise awareness about the importance of cybersecurity.

Published: 2024-10-10T07:46:57



The Register - Security

How should CISOs respond to the rise of GenAI?

Apply comprehensive security with access control, secure coding, infrastructure protection and AI governance Partner Content As generative AI (GenAI) becomes increasingly integrated into the corporate world, it is transforming everyday operations across various industries.

Published: 2024-10-10T07:24:43



The Register - Security

Dutch cops reveal takedown of 'world's largest dark web market'

Two arrested after allegedly trying to make off with their ill-gotten gains The alleged administrators of the infamous Bohemia and Cannabia dark web marketplaces have been arrested after apparently shuttering the sites and trying to flee with their earnings.

Published: 2024-10-10T06:30:14



The Register - Security

Internet Archive user info stolen in cyberattack, succumbs to DDoS

31M folks' usernames, email addresses, salted-encrypted passwords now out there The Internet Archive had a bad day on the infosec front, after being DDoSed and having had its user account data stolen in a security breach.

Published: 2024-10-10T01:33:05



The Register - Security

Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware

USB sticks help, but it's unclear how tools that suck malware from them are delivered A cyberespionage APT crew named GoldenJackal hacked air-gapped PCs belonging to government and diplomatic entities at least twice using two sets of custom malware, according to researchers from antivirus vendor ESET.

Published: 2024-10-09T23:31:08



The Register - Security

Smart TVs are spying on everyone

Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change Smart TVs are watching their viewers and harvesting their data to benefit brokers using the same ad technology that denies privacy on the internet.

Published: 2024-10-09T22:15:08



The Register - Security

Marriott settles for a piddly $52M after series of breaches affecting millions

Intruders stayed for free on the network between 2014 and 2020 Marriott has agreed to pay a $52 million penalty and develop a comprehensive infosec program following a series of major data breaches between 2014 and 2020 that affected more than 344 million people worldwide.

Published: 2024-10-09T21:08:19



The Register - Security

National Public Data files for bankruptcy, admits 'hundreds of millions' potentially affected

One-man-band faces a mountain of lawsuits but has few assets The Florida business behind data brokerage National Public Data has filed for bankruptcy, admitting "hundreds of millions" of people were potentially affected in one of the largest information leaks of the year.

Published: 2024-10-09T19:30:15



The Register - Security

Microsoft cleans up hot mess of Patch Tuesday preview

Go forth and install your important security fixes Microsoft says that the problems with the Windows 11 Patch Tuesday preview have now been resolved.

Published: 2024-10-09T15:14:13



The Register - Security

Ransomware gang Trinity joins pile of scumbags targeting healthcare

As if hospitals and clinics didn't have enough to worry about At least one US healthcare provider has been infected by Trinity, an emerging cybercrime gang with eponymous ransomware that uses double extortion and other "sophisticated" tactics that make it a "significant threat," according to the feds.

Published: 2024-10-09T13:45:08



The Register - Security

Microsoft issues 117 patches some for flaws already under attack

Plus: SAP re-patches a failed patch for critical-rated flaw Patch Tuesday It's the second Tuesday of the month, which means Patch Tuesday, bringing with it fixes for numerous flaws, bugs and vulnerabilities in major software. And this one is a doozy.

Published: 2024-10-08T23:30:11



The Register - Security

Qualcomm urges device makers to push patches after 'targeted' exploitation

Given Amnesty's involvement, it's a safe bet spyware is in play Qualcomm has issued 20 patches for its chipsets' firmware, including one Digital Signal Processor (DSP) software flaw that has been exploited in the wild.

Published: 2024-10-08T21:30:09



The Register - Security

Using iPhone Mirroring at work? You might have just overshared to your boss

What does IT glimpse but a dating app on your wee little screen If you're using iPhone Mirroring at work: It's time to stop, lest you give your employer's IT department the capability to snoop through the list of apps you have on your phone dating apps, those tracking medical conditions or sexual history, or any other NSFW apps that you might want to keep to yourself.

Published: 2024-10-08T18:30:14



Security Latest

GPS Jamming Is Screwing With Norwegian Planes

So much jamming is taking place in northeastern Norway, regulators no longer want to know.

Published: 2024-10-17T10:32:52



Security Latest

This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats

Security researchers created an algorithm that turns a malicious prompt into a set of hidden instructions that could send a user's personal information to an attacker.

Published: 2024-10-17T10:30:00



Security Latest

Hacker Charged With Seeking to Kill Using Cyberattacks on Hospitals

The US has accused two brothers of being part of the hacker group Anonymous Sudan, which allegedly went on a wild cyberattack spree that hit hundreds of targets and, for one of the two men, even put lives at risk.

Published: 2024-10-16T17:44:44



Security Latest

This AI Tool Helped Convict People of Murder. Then Someone Took a Closer Look

Global Intelligence claims its Cybercheck technology can help cops find key evidence to nail a case. But a WIRED investigation reveals the smoking gun often appears far less solid.

Published: 2024-10-15T11:00:00



Security Latest

Millions of People Are Using Abusive AI ‘Nudify’ Bots on Telegram

Bots that “remove clothes” from images have run rampant on the messaging app, allowing people to create nonconsensual deepfake images even as lawmakers and tech companies try to crack down.

Published: 2024-10-15T10:30:00



Security Latest

The War on Passwords Is One Step Closer to Being Over

“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.

Published: 2024-10-14T14:00:00



Security Latest

How to Stop Your Data From Being Used to Train AI

Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.

Published: 2024-10-12T13:30:00



Security Latest

The FBI Made a Crypto Coin Just to Catch Fraudsters

Plus: New details emerge in the National Public Data breach, Discord gets blocked in Russia and Turkey over alleged illegal activity on the platform, and more.

Published: 2024-10-12T10:30:00



Security Latest

Pig Butchering Scams Are Going High Tech

Scammers in Southeast Asia are increasingly turning to AI, deepfakes, and dangerous malware in a way that makes their pig butchering operations even more convincing.

Published: 2024-10-12T10:00:00



Security Latest

A Mysterious Hacking Group Has 2 New Tools to Steal Data From Air-Gapped Machines

It's hard enough creating one air-gap-jumping tool. Researchers say the group GoldenJackal did it twice in five years.

Published: 2024-10-12T09:30:00



Security Latest

Internet Archive Breach Exposes 31 Million Users

The hack exposed the data of 31 million users as the embattled Wayback Machine maker scrambles to stay online and contain the fallout of digital and legal attacks.

Published: 2024-10-10T02:00:19



Security Latest

69,000 Bitcoins Are Headed for the US Treasury While the Agent Who Seized Them Is in Jail

The $4.4 billion in crypto is set to be the largest pile of criminal proceeds ever sold off by the US. The former IRS agent who seized the record-breaking sum, meanwhile, languishes in a Nigerian jail cell.

Published: 2024-10-09T16:02:20



Security Latest

What Google's U-Turn on Third-Party Cookies Means for Chrome Privacy

Earlier this year, Google ditched its plans to abolish support for third-party cookies in its Chrome browser. While privacy advocates called foul, the implications for users is not so clear cut.

Published: 2024-10-08T15:39:49



Security Latest

Stealthy Malware Has Infected Thousands of Linux Systems for Years

Perfctl malware is hard to detect, persists after reboots, and can perform a breadth of malicious activities.

Published: 2024-10-05T13:30:00



Security Latest

The FBI Still Hasn’t Cracked NYC Mayor Eric Adams’ Phone

Plus: Harvard students pack Meta’s smart glasses with privacy-invading face-recognition tech, Microsoft and the DOJ seize Russian hackers’ domains, and more.

Published: 2024-10-05T10:30:00



Security Latest

This Video Game Controller Has Become the US Military’s Weapon of Choice

After decades of relying on buttons, switches, and toggles, the Pentagon has embraced simple, ergonomic video-game-style controllers already familiar to millions of potential recruits.

Published: 2024-10-04T11:30:00



Security Latest

License Plate Readers Are Creating a US-Wide Database of More Than Just Cars

From Trump campaign signs to Planned Parenthood bumper stickers, license plate readers around the US are creating searchable databases that reveal Americans’ political leanings and more.

Published: 2024-10-03T10:30:00



The Hacker News

Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant

The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies and unknown Polish entities since at least late 2023. The intrusions are characterized by the use of a variant of the RomCom RAT dubbed SingleCamper (aka SnipBot or RomCom 5.0), said Cisco Talos, which is monitoring the activity cluster under the moniker UAT-5647. "This

Published: 2024-10-17T21:43:00



The Hacker News

Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after successfully gaining access to the group's affiliate panel on the dark web. Singapore-headquartered Group-IB said it contacted the threat actor behind the Cicada3301 persona on the RAMP cybercrime forum via the Tox messaging service after the latter put out an

Published: 2024-10-17T19:24:00



The Hacker News

5 Ways to Reduce SaaS Security Risks

As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised

Published: 2024-10-17T15:49:00



The Hacker News

SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

An advanced persistent threat (APT) actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and T-APT-04. "

Published: 2024-10-17T15:45:00



The Hacker News

U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks

Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft's services in June 2023. The attacks, which were facilitated by Anonymous Sudan's "powerful DDoS tool," singled out critical infrastructure, corporate networks,

Published: 2024-10-17T14:33:00



The Hacker News

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), has been addressed in version 0.1.38. The project maintainers acknowledged Nicolai Rybnikar for discovering and reporting the vulnerability. "A security issue

Published: 2024-10-17T10:48:00



The Hacker News

Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity

Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions and hide malicious activity. Trend Micro said it detected "threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading detection." EDRSilencer, inspired by the NightHawk FireBlock tool from MDSec, is

Published: 2024-10-16T21:51:00



The Hacker News

FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms

The FIDO Alliance said it's working to make passkeys and other credentials more easier to export across different providers and improve credential provider interoperability, as more than 12 billion online accounts become accessible with the passwordless sign-in method. To that end, the alliance said it has published a draft for a new set of specifications for secure credential exchange,

Published: 2024-10-16T18:53:00



The Hacker News

From Misuse to Abuse: AI Risks and Attacks

AI from the attacker’s perspective: See how cybercriminals are leveraging AI and exploiting its vulnerabilities to compromise systems, users, and even other AI applications Cybercriminals and AI: The Reality vs. Hype “AI will not replace humans in the near future. But humans who know how to use AI are going to replace those humans who don't know how to use AI,” says Etay Maor, Chief Security

Published: 2024-10-16T16:55:00



The Hacker News

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser in Internet Explorer Mode.

Published: 2024-10-16T16:20:00



The Hacker News

5 Techniques for Collecting Cyber Threat Intelligence

To defend your organization against cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge about new and ongoing threats. There are many techniques analysts can use to collect crucial cyber threat intelligence. Let’s consider five that can greatly improve your threat investigations. Pivoting on 2 IP addresses to pinpoint malware

Published: 2024-10-16T14:58:00



The Hacker News

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails. "The spear-phishing campaign's impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected," Trend Micro said in a new analysis. "

Published: 2024-10-16T12:50:00



The Hacker News

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0 "An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing

Published: 2024-10-16T10:36:00



The Hacker News

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gain

Published: 2024-10-16T10:24:00



The Hacker News

TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week. First spotted in the wild in 2019, TrickMo is so named for

Published: 2024-10-15T21:17:00



The Hacker News

New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT

Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan (RAT) called DarkVision RAT. The activity, observed by Zscaler ThreatLabz in July 2024, involves a multi-stage process to deliver the RAT payload. "DarkVision RAT communicates with its command-and-control (C2) server using a custom network

Published: 2024-10-15T20:50:00



The Hacker News

New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists

North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is "installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs," a security researcher who goes by HaxRob said.

Published: 2024-10-15T20:13:00



The Hacker News

The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short

In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit these flaws before any defensive measures can be implemented, making zero-days a potent weapon for

Published: 2024-10-15T16:30:00



The Hacker News

China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns

China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as Volt Typhoon is a fabrication of the U.S. and its allies. The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S. federal government, intelligence agencies, and Five Eyes countries of

Published: 2024-10-15T13:33:00



The Hacker News

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates

Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an information stealer known as Lumma. Hijack Loader, also known as DOILoader, IDAT Loader, and

Published: 2024-10-15T12:13:00



The Hacker News

WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites

The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site. Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive suite of tools to improve site safety, performance, and traffic growth. It's used on 27 million

Published: 2024-10-15T10:26:00



The Hacker News

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That's according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the

Published: 2024-10-14T17:05:00



The Hacker News

5 Steps to Boost Detection and Response in a Multi-Layered Cloud

The link between detection and response (DR) practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on "shift-left" practices securing code, ensuring proper cloud posture, and fixing misconfigurations. However, this approach has led to an over-reliance on a multitude of DR tools spanning

Published: 2024-10-14T16:39:00



The Hacker News

Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems

Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. "Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape," Checkmarx researchers Yehuda

Published: 2024-10-14T16:38:00



The Hacker News

THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 - Oct 13)

Hey there, it's your weekly dose of "what the heck is going on in cybersecurity land" and trust me, you NEED to be in the loop this time. We've got everything from zero-day exploits and AI gone rogue to the FBI playing crypto kingpin it's full of stuff they don't want you to know. So let's jump in before we get FOMO. Threat of the Week GoldenJackal Hacks Air-Gapped Systems: Meet

Published: 2024-10-14T16:13:00



The Hacker News

Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware

Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos said it has been tracking a series of attacks in the past month leveraging compromised VPN credentials and CVE-2024-40711 to create a local account and deploy the ransomware. CVE-2024-40711, rated 9.8 out of 10.0 on the

Published: 2024-10-14T14:25:00



The Hacker News

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. "The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting vulnerabilities

Published: 2024-10-13T15:10:00



The Hacker News

FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation

The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action codenamed Operation Token Mirrors is the result of the U.S. Federal Bureau of Investigation (FBI) taking the "unprecedented step" of creating its own

Published: 2024-10-12T10:36:00



The Hacker News

GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks

A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and InlandRevenue were

Published: 2024-10-11T22:43:00



The Hacker News

How Hybrid Password Attacks Work and How to Defend Against Them

Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process.  In this post, we’ll explore hybrid attacks what they are

Published: 2024-10-11T16:30:00



The Hacker News

CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who

Published: 2024-10-11T14:04:00



The Hacker News

New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution

GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10. "An issue was discovered in GitLab EE

Published: 2024-10-11T11:59:00



The Hacker News

Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation

The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the Politie said. The marketplace

Published: 2024-10-11T11:31:00



The Hacker News

OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation

OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating AI-generated profile pictures for fake accounts on X. "Threat

Published: 2024-10-10T18:57:00



The Hacker News

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems

Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck. "A vulnerability in the Nortek Linear eMerge E3 allows remote

Published: 2024-10-10T17:40:00



The Hacker News

6 Simple Steps to Eliminate SOC Analyst Burnout

The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and incidents. As a result, SOC analysts often leave in search of better pay, the opportunity to move beyond

Published: 2024-10-10T16:30:00



The Hacker News

Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms

Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented characters," Jscrambler researchers said in an analysis. "The heavy use of Unicode characters, many

Published: 2024-10-10T12:48:00



The Hacker News

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to a case of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb. "A

Published: 2024-10-10T11:14:00



The Hacker News

Firefox Zero-Day Under Attack: Update Your Browser Immediately

Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680 (CVSS score: 9.8), has been described as a use-after-free bug in the Animation timeline component. "An attacker was able to achieve code execution in the content process by exploiting a

Published: 2024-10-10T09:54:00



The Hacker News

Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale

Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams. The initiative, which has been codenamed the Global Signal Exchange (GSE), is designed to create real-time insights into scams, fraud, and other forms of cybercrime pooling together threat signals from different data sources in order to create

Published: 2024-10-09T22:30:00



The Hacker News

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution," Claroty researchers Mashav Sapir and Vera

Published: 2024-10-09T21:03:00



The Hacker News

N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware

Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview that Palo Alto Networks Unit 42 first disclosed in November 2023. "The threat actor behind CL-STA-0240

Published: 2024-10-09T19:03:00



The Hacker News

Social Media Accounts: The Weak Link in Organizational SaaS Security

Social media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access a situation no organization wants as

Published: 2024-10-09T16:30:00



The Hacker News

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based

Published: 2024-10-09T12:23:00



The Hacker News

Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks

Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities and devices and conduct business email compromise (BEC) attacks, which ultimately result

Published: 2024-10-09T09:52:00



The Hacker News

Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an authenticated

Published: 2024-10-08T22:08:00



The Hacker News

Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines

Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. "These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community," Morphisec researcher Shmuel Uzan said in a new report published today, adding "this malware

Published: 2024-10-08T21:56:00



The Hacker News

Cyberattack Group 'Awaken Likho' Targets Russian Government with Advanced Tools

Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. "The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems," Kaspersky said, detailing a new campaign that began in June 2024 and continued at least until

Published: 2024-10-08T16:47:00



The Hacker News

GoldenJackal Target Embassies and Air-Gapped Systems Using Malware Toolsets

A little-known threat actor tracked as GoldenJackal has been linked to a series of cyber attacks targeting embassies and governmental organizations with an aim to infiltrate air-gapped systems using two disparate bespoke toolsets. Victims included a South Asian embassy in Belarus and a European Union (E.U.) government organization, Slovak cybersecurity company ESET said. "The ultimate goal of

Published: 2024-10-08T16:28:00



The Hacker News

New Case Study: The Evil Twin Checkout Page

Is your store at risk? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life case study here. The Invisible Threat in Online Shopping When is a checkout page, not a checkout page? When it's an “evil twin”! Malicious redirects can send unsuspecting shoppers to these perfect-looking

Published: 2024-10-08T16:28:00



Security Affairs

Two Sudanese nationals indicted for operating the Anonymous Sudan group

The DoJ charged Anonymous Sudan members and disrupted their DDoS infrastructure, halting its cyber operations. The US Justice Department charged two Sudanese brothers (Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27) with operating and controlling the cybercrime collective Anonymous Sudan that launched tens of thousands of Distributed Denial of Service (DDoS) attacks […]

Published: 2024-10-18T00:01:04



Security Affairs

Russia-linked RomCom group targeted Ukrainian government agencies since late 2023

Russia-linked threat actor RomCom targeted Ukrainian government agencies and Polish entities in cyber attacks since late 2023. Cisco Talos researchers observed Russia-linked threat actor RomCom (aka UAT-5647, Storm-0978, Tropical Scorpius, UAC-0180, UNC2596) targeting Ukrainian government agencies and Polish entities in a new wave of attacks since at least late 2023. In the recent attacks, RomCom […]

Published: 2024-10-17T21:13:56



Security Affairs

A critical flaw in Kubernetes Image Builder could allow attackers to gain root access

A critical flaw in Kubernetes Image Builder could allow attackers to gain root access if exploited under specific conditions. A critical, Kubernetes Image Builder vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), could allow attackers to gain root access if exploited under specific conditions. Only Kubernetes clusters with nodes using VM images from the Image Builder project and […]

Published: 2024-10-17T09:49:48



Security Affairs

VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX

VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager. VMWare warns to address a remote code execution vulnerability, tracked as CVE-2024-38814 (CVSS score of 8.8), in its HCX application mobility platform. The vulnerability is an authenticated SQL injection vulnerability in HCX, it was privately […]

Published: 2024-10-17T07:00:43



Security Affairs

Brazil’s Pol cia Federal arrested the notorious hacker USDoD

Brazil’s Pol cia Federal has arrested hacker USDoD, the hacker behind the National Public Data and InfraGard breaches. Brazil’s Pol cia Federal (PF) announced the arrest in Belo Horizonte/MG of the notorious hacker USDoD. In August, a CrowdStrike investigation revealed that the hacker USDoD (aka EquationCorp), who is known for high-profile data leaks, is a man from Brazil. The […]

Published: 2024-10-16T23:09:18



Security Affairs

Finnish Customs dismantled the dark web drugs market Sipulitie

Finnish Customs shut down the Tor darknet marketplace Sipulitie and seized the servers hosting the platform. Finnish Customs, with the help of Europol, Swedish and Polish law enforcement authorities and researchers at Bitdefender, shut down the Tor marketplace Sipulitie. “Finnish customs has closed the web servers of the Sipulitie marketplace, which has been operating on […]

Published: 2024-10-16T19:32:18



Security Affairs

U.S. CISA adds Microsoft Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: An attacker could exploit the vulnerability CVE-2024-30088 to gain SYSTEM privileges. Successful exploitation of […]

Published: 2024-10-16T10:48:56



Security Affairs

GitHub addressed a critical vulnerability in Enterprise Server

GitHub addressed a critical vulnerability in Enterprise Server that could allow unauthorized access to affected instances. Code hosting platform GitHub addressed a critical vulnerability, tracked as CVE-2024-9487 (CVSS score of 9.5), in GitHub Enterprise Server that could lead to unauthorized access to affected instances. An attacker could exploit a cryptographic signature verification flaw in GitHub Enterprise Server […]

Published: 2024-10-16T06:45:00



Security Affairs

A new Linux variant of FASTCash malware targets financial systems

North Korea-linked actors deploy a new Linux variant of FASTCash malware to target financial systems, researcher HaxRob revealed. The cybersecurity researcher HaxRob analyzed a new variant of the FASTCash “payment switch” malware which targets Linux systems. The variant discovered by the researcher was previously unknown and targets Ubuntu 22.04 LTS distributions. In November 2018, Symantec […]

Published: 2024-10-15T17:57:50



Security Affairs

WordPress Jetpack plugin critical flaw impacts 27 million sites

WordPress Jetpack plugin issued an update to fix a critical flaw allowing logged-in users to view form submissions by others on the same site. The maintainers of the WordPress Jetpack plugin have addressed a critical vulnerability that could allow logged-in users to access forms submitted by other users on the same site. Jetpack is a […]

Published: 2024-10-15T09:43:04



News Packet Storm

Deepfake Lovers Swindle Victims Out Of $46M In Hong Kong AI Scam

F5 BIG-IP Updates Patch High Severity Privilege Escalation

Anonymous Sudan DDoS Service Disrupted, Members Charged By US

Critical Bug In Kubernetes Image Builder Allows SSH Root Access

WeChat Devs Introduced Security Flaws When They Modded TLS

The Crusade To Replace Passwords With Passkeys Just Intensified

Varsity Brands Data Breach Impacts 65,000 People

Cisco Investigating Breach And Sale Of Data

Firm Hacked After Accidentally Hiring North Korean Cyber Criminal

Jetpack Patches Critical Bug That Exposed Data On 27 Million WordPress Sites

North Korean Hackers Use Newly Discovered Linux Malware To Raid ATMs

CISA Flags Critical SolarWinds Web Help Desk Bug

Internet Archive Wobbles Back Online, With Limited Functionality

Iranian Cyberspies Exploiting Recent Windows Kernel Vuln

Splunk Enterprise Update Patches Remote Code Execution Vulns

Log4j Still Being Exploited Nearly 3 Years Later

New CounterSEVeillance And TDXDown Attacks Target AMD And Intel TEEs

Ward Christensen, BBS Inventor And Architect Of Our Online Age, Dies At 78

Pentagon Shares New Cybersecurity Rules For Gov't Contractors

Lynx Ransomware Analyses Reveal Similarities To INC Ransom

Thousands Of Fortinet Instances Vulnerable To Actively Exploited Flaw

Hacked Robot Vacuums Across The U.S. Started Yelling Slurs

OpenAI Says Iranian Hackers Used ChatGPT To Plan ICS Attacks

Recent Veeam Vulnerability Exploited In Ransomware Attacks

Fidelity Investments Data Breach Impacts 77,000 Customers

SecurityWeek

Be Aware of These Eight Underrated Phishing TechniquesIndustry Moves for the week of October 14, 2024 - SecurityWeek

CISA, FBI Seek Public Comment on Software Security Bad Practices Guidance

F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

Iranian Hackers Use Brute Force in Critical Infrastructure Attacks

Brazilian Police Arrest Notorious Hacker USDoD

Anonymous Sudan DDoS Service Disrupted, Members Charged by US

Code Execution, Data Tampering Flaw in Nvidia NeMo Gen-AI Framework

VMware Patches High-Severity SQL Injection Flaw in HCX Platform

Android 15 Rolling Out With New Theft, Application Protection Features

CISA News

CISA and FBI Release Product Security Bad Practices for Public Comment

CISA and FBI Warn of Iranian-Backed Cyber Activity to Undermine U.S. Democratic Institutions

CISA Kicks Off 21st Anniversary of Cybersecurity Awareness Month

CISA Releases Anonymous Threat Response Guidance and Toolkit for K-12 Schools

Joint ODNI, FBI, and CISA Statement

CISA Releases Plan to Align Operational Cybersecurity Priorities for Federal Agencies

FBI and CISA Release Joint PSA, Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U.S. Elections

CISA Releases Election Security Focused Checklists for Both Cybersecurity and Physical Security

CISA Launches New Portal to Improve Cyber Reporting

Election Security Partners Host 7th Annual Tabletop the Vote Exercise for 2024

CISA Blog

A Message to Election Officials from CISA Director Jen Easterly

Region 8 Invites You to Secure Our World

CISA Director Jen Easterly Remarks at the Election Center 39th Annual National Conference in Detroit

Learn with Region 8’s Webinar Program

Shaping the legacy of partnership between government and private sector globally: JCDC

SAFECOM and NCSWIC Develop Global Positioning System (GPS) for Public Safety Location Services: Use Cases and Best Practices

Region 10 Team Provides Vital Election Security Training for Idaho

SAFECOM Membership Spotlight ft. Red Grasso, North Carolina Department of Information Technology

SAFECOM Releases New Resource for Cloud Adoption

With Open Source Artificial Intelligence, Don’t Forget the Lessons of Open Source Software

All CISA Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

Mitsubishi Electric CNC Series

CISA Releases Seven Industrial Control Systems Advisories

Elvaco M-Bus Metering Gateway CMe3100

HMS Networks EWON FLEXY 202

Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

LCDS LAquis SCADA

Kieback&Peter DDC4000 Series

CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force

CISA and FBI Release Joint Guidance on Product Security Bad Practices for Public Comment

Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations

Siemens Siveillance Video Camera

Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)

Schneider Electric Data Center Expert

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA Releases Two Industrial Control Systems Advisories

Rockwell Automation Logix Controllers

Delta Electronics CNCSoft-G2

Siemens SIMATIC S7-1500 and S7-1200 CPUs

Siemens SENTRON PAC3200 Devices

Siemens JT2Go

Siemens SIMATIC S7-1500 CPUs

Siemens Tecnomatix Plant Simulation

Rockwell Automation DataMosaix Private Cloud

Rockwell Automation PowerFlex 6000T

CISA Releases Twenty-One Industrial Control Systems Advisories

Siemens Simcenter Nastran

Siemens Questa and ModelSim

Siemens HiMed Cockpit

Siemens RUGGEDCOM APE1808

Exploit-DB.com RSS Feed

[webapps] reNgine 2.2.0 - Command Injection (Authenticated)

[webapps] openSIS 9.1 - SQLi (Authenticated)

[webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)

[webapps] NoteMark < 0.13.0 - Stored XSS

[webapps] Gitea 1.22.0 - Stored XSS

[webapps] Invesalius3 - Remote Code Execution

[dos] Windows TCP/IP - RCE Checker and Denial of Service

[webapps] Aurba 501 - Authenticated RCE

[webapps] HughesNet HT2000W Satellite Modem - Password Reset

[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure

[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass

[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config

[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass

[webapps] Helpdeskz v2.0.2 - Stored XSS

[webapps] Calibre-web 0.6.21 - Stored XSS

[webapps] Devika v1 - Path Traversal via 'snapshot_path'

[local] Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path

[local] SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path

[local] Oracle Database 12c Release 1 - Unquoted Service Path

[webapps] Ivanti vADC 9.9 - Authentication Bypass

[local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation

[webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection

[webapps] Azon Dominator Affiliate Marketing Script - SQL Injection

[webapps] Microweber 2.0.15 - Stored XSS

[webapps] Customer Support System 1.0 - Stored XSS

[webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

[webapps] SolarWinds Platform 2024.1 SR1 - Race Condition

[webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)

[webapps] Boelter Blue System Management 1.3 - SQL Injection

[webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)

[webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)

[webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)

[webapps] XMB 1.9.12.06 - Stored XSS

[webapps] Carbon Forum 5.9.0 - Stored XSS

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)

[webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)

[webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

[webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE)

[webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE)

[webapps] Dotclear 2.29 - Remote Code Execution (RCE)

[webapps] Serendipity 2.5.0 - Remote Code Execution (RCE)

[webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS)

[webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated)

[webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI)

[webapps] Check Point Security Gateway - Information Disclosure (Unauthenticated)

[webapps] Aquatronica Control System 5.1.6 - Information Disclosure

[webapps] changedetection < 0.45.20 - Remote Code Execution (RCE)

[webapps] ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)

Full Disclosure

SEC Consult SA-20241009-0 :: Local Privilege Escalation via MSI installer in Palo Alto Networks GlobalProtect (CVE-2024-9473)

APPLE-SA-10-03-2024-1 iOS 18.0.1 and iPadOS 18.0.1

Some SIM / USIM card security (and ecosystem) info

SEC Consult SA-20240930-0 :: Local Privilege Escalation via MSI Installer in Nitro PDF Pro (CVE-2024-35288)

Backdoor.Win32.Benju.a / Unauthenticated Remote Command Execution

Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH)

Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE)

Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH)

Backdoor.Win32.Boiling / Remote Command Execution

Defense in depth -- the Microsoft way (part 88): a SINGLE command line shows about 20, 000 instances of CWE-73

SEC Consult SA-20240925-0 :: Uninstall Password Bypass in BlackBerry CylanceOPTICS Windows Installer Package (CVE-2024-35214)

Apple iOS 17.2.1 - Screen Time Passcode Retrieval (Mitigation Bypass)

CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204

Submit Exploit CVE-2024-42831

Stored XSS in "Edit Profile" - htmlyv2.9.9

Open Source Security

Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so

CVE-2024-9143: OpenSSL: Low-level invalid GF(2^m) parameters lead to OOB memory access

CVE-2024-45217: Apache Solr: ConfigSets created during a backup restore command are trusted implicitly

CVE-2024-45216: Apache Solr: Authentication bypass possible using a fake URL Path ending

Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so

Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so

CVE-2024-45693: Apache CloudStack: Request origin validation bypass makes account takeover possible

CVE-2024-45462: Apache CloudStack: Incomplete session invalidation on web interface logout

CVE-2024-45461: Apache CloudStack Quota plugin: Access checks not enforced in Quota

CVE-2024-45219: Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure

Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so

CVE-2023-50780: Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans

[kubernetes] CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials

CVE-2024-46911: Apache Roller: Weakness in CSRF protection allows privilege escalation

libarchive 3.7.5 released with security fixes






© Segmentation Fault . All rights reserved.

Privacy | Terms of Use | Contact Us