Once, FASTCash ran only on Unix. Then came Windows. Now it can target Linux, too. In the beginning, North Korean hackers compromised the banking infrastructure running AIX, IBM’s proprietary version of Unix. Nex
Published: 2024-10-15T21:16:05
31 million records containing email addresses and password hashes exposed. Archive.org, one of the only entities to attempt to preserve the entire history of the World Wide Web and much of the broader Internet, was recently compromised in a hack that revealed data on roughly 31 million users. A little after 2...
Published: 2024-10-10T00:12:56
The secret to improving workload performance is to stop bottlenecking your AI Commissioned In the fast-paced world of AI, GPUs are often hailed as the quiet powerhouse driving innovation.
Published: 2024-10-16T15:22:49
Less than a year to go is your enterprise ready for the change? Office and Exchange Server have joined Windows 10 in a march to obsolescence, with less than a year until support is cut for 2016 and 2019 versions.
Published: 2024-10-16T13:15:15
Microsoft's hardware compatibility gamble still hasn't paid off Windows 10 is now just a year from its end of support date, and it is clear that Microsoft's hardware compatibility gamble has yet to pay off.
Published: 2024-10-14T17:27:12
AI model safety only goes so far Anthropic's Claude 3.5 Sonnet, despite its reputation as one of the better behaved generative AI models, can still be convinced to emit racist hate speech and malware.
Published: 2024-10-12T10:30:07
Claims its models aren't making threat actors more sophisticated - but is helping debug their code OpenAI has alleged the company disrupted a spear-phishing campaign that saw a China-based group target its employees through both their personal and co
Published: 2024-10-10T04:05:39
Activision says it has “disabled a workaround to a detection system” in Modern Warfare III and Call of Duty: Warzone that led to legitimate players getting banned by the Ricochet anti-cheat system. The company says the problem “impacted a s...
Published: 2024-10-17T17:47:53
The Federal Police of Brazil announced the arrest of the hacker linked to a breach that leaked 2.9 billion records that included sensitive personal information, including some Social Security numbers. The data from that hack, which came to ...
Published: 2024-10-17T15:10:09
The FBI has arrested an Alabama man who is accused of hacking the Securities and Exchange Commission’s X account in January. The indictment (PDF) alleges that 25-year-old Eric Council Jr. worked with co-conspirators to take control of the a...
Published: 2024-10-17T12:32:33
The FIDO Alliance, the organization that’s helping shepherd passkey adoption, announced a draft of new specifications that would let users securely move their passkeys across different password managers. Passkeys are great it’s nice to be...
Published: 2024-10-15T14:13:22
Arlo is releasing a new floodlight security camera that connects directly to your home’s Wi-Fi and power source. That allows the Arlo Wired Floodlight Camera to monitor and illuminate outdoor spaces 24/7 without interruption, unlike battery...
Published: 2024-10-15T08:00:00
The Internet Archive is back online in a read-only state after a cyberattack brought down the digital library and Wayback Machine last week. A data breach and DDoS attack kicked the site offline on October 9th, with a user authentication da...
Published: 2024-10-14T04:55:32
Someone gained access to Ecovacs Deebot X2 Omni robotic vacuums across several US cities earlier this year and used them to chase pets and yell racist slurs at their owners, reported ABC News in Australia this week. The outlet spoke with m...
Published: 2024-10-12T13:23:49
The Internet Archive will come back within “days” following a cyberattack that brought down the organization’s vast digital library and the Wayback Machine, according to an update from founder Brewster Kahle. It’s been struggling due to a d...
Published: 2024-10-11T16:10:27
When visiting the Internet Archive (www.archive.org) on Wednesday afternoon, The Verge was greeted with a pop-up claiming the site had been hacked. Just after 9PM ET, Internet Archive founder Brewster Kahle confirmed the breach and said the...
Published: 2024-10-09T17:26:08
Finally, there’s password sharing here, too. To share a password with someone else via AirDrop, select any password stored in the app, then click the share button (the square with an arrow). To share with a group of people: Click the + butto...
Published: 2024-10-09T10:30:00
Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorized activity. [...]
Published: 2024-10-17T18:17:29
A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake connectivity errors that deliver info-stealing malware for Windows and macOS operating systems. [...]
Published: 2024-10-17T17:00:27
An Alabama man was arrested today by the FBI for his suspected role in hacking the SEC's X account to make a fake announcement that Bitcoin ETFs were approved. [...]
Published: 2024-10-17T14:21:35
The BianLian ransomware group has claimed the cyberattack on Boston Children's Health Physicians (BCHP) and threatens to leak stolen files unless a ransom is paid. [...]
Published: 2024-10-17T11:37:48
Insurance giant Globe Life says an unknown threat actor attempted to extort money in exchange for not publishing data stolen from the company's systems earlier this year. [...]
Published: 2024-10-17T10:32:25
Learn about 5 powerful cloud security automations with Blink Ops to simplify security operations like S3 bucket monitoring, subdomain takeover detection and failed EC2 login detection. [...]
Published: 2024-10-17T10:02:12
Iranian hackers are breaching critical infrastructure organizations to collect credentials and network data that can be sold on cybercriminal forums to enable cyberattacks from other threat actors. [...]
Published: 2024-10-16T19:16:17
Google Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software. [...]
Published: 2024-10-16T18:12:50
A notorious hacker named USDoD, who is linked to the National Public Data and InfraGard breaches, has been arrested by Brazil's Pol cia Federal in "Operation Data Breach". [...]
Published: 2024-10-16T17:47:48
CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024. [...]
Published: 2024-10-16T15:53:25
In what might be described as a real-life Black Mirror episode, a Harvard student uses facial recognition with $379 Meta Ray-Ban 2 smart sunglasses - to dig up personal data on every face he sees in real time.Continue ReadingCategory: TechnologyTags:...
Published: 2024-10-02T22:10:52
Written by: Casey Charrier, Robert Weiner We note that the total number of vulnerabilities affecting a vendor does not directly relate to how secure or insecure a vendor's security posture is, nor does it s...
Published: 2024-10-15T14:00:00
The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was bea...
Published: 2024-10-09T17:36:27
Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of produc...
Published: 2024-10-08T22:21:19
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researcher...
Published: 2024-10-03T13:05:52
Propaganda op focuses on anti-West narratives to meddle with elections The US has placed a $10 million bounty on Russian media network Rybar and a number of its key staffers following alleged attempts to sway the upcoming US presidential election.
Published: 2024-10-18T01:00:10
Globe Life claims blackmailers shared stolen into with short sellers US insurance provider Globe Life, already grappling with legal troubles, now faces a fresh headache: an extortion attempt involving stolen customer data.
Published: 2024-10-17T23:30:10
Early stage opsec failures lead to landmark arrest of suspected serial data thief Brazilian police are being cagey with the details about the arrest of a person suspected to be responsible for various high-profile data thefts.
Published: 2024-10-17T14:00:06
No attacks possible, but enough issues to cause concern Messaging giant WeChat uses a network protocol that the app's developers modified and by doing so introduced security weaknesses, researchers claim.
Published: 2024-10-17T08:31:12
Gang said to have developed its evilware on GitHub then DDoSed GitHub Hacktivist gang Anonymous Sudan appears to have lost its anonymity after the US Attorney's Office on Wednesday unsealed an indictment identifying two of its alleged operators.
Published: 2024-10-17T07:27:08
Resolves allegations it improperly stored screenshots containing PII that were later snaffled A US government contractor will settle claims it violated cyber security rules prior to a breach that compromised Medicare beneficiaries' personal data.
Published: 2024-10-16T23:15:11
It's called leaving the door wide open especially in Proxmox A critical bug in Kubernetes Image Builder could allow unauthorized SSH access to virtual machines (VMs) thanks to default credentials being enabled during the image build process.
Published: 2024-10-16T21:58:12
The German car giant appears to be unconcerned The 8Base ransomware crew claims to have stolen a huge data dump of Volkswagen files and is threatening to publish them, but the German car giant appears to be unconcerned.
Published: 2024-10-16T21:30:12
Another blow for IT software house and its customers A critical, hardcoded login credential in SolarWinds' Web Help Desk line has been exploited in the wild by criminals, according to the US Cybersecurity and Infrastructure Security Agency, which has added the security blunder to its Known Exploited Vulnerabilities (KEV) Catalog.
Published: 2024-10-16T20:00:14
Uncle Sam having a secret way into US tech? Say it ain't so A Chinese industry group has accused Intel of backdooring its CPUs, in addition to other questionable security practices while calling for an investigation into the chipmaker, claiming its products pose "serious risks to national security."
Published: 2024-10-16T18:30:15
Find out how to enhance efficiency using Google Security Operations Webinar In an era of ever-evolving cyber threats, staying ahead of potential security risks is essential.
Published: 2024-10-16T08:38:14
DDoS detectives deduce Mirai used to do the deed, using home entertainment boxes in Korea, China, and Brazil The Internet Archive has come back online, in slightly degraded mode, after repelling an October 9 DDoS attack and then succumbing to a raid on users' data.
Published: 2024-10-16T07:28:10
Also: Crypto-hub Binance helps Delhi police shut down solar power scam IBM announced on Tuesday it has acquired Prescinto a Bangalore-based provider of asset performance management software for renewable energy.
Published: 2024-10-16T05:25:08
Meta knows messaging service creates persistent user IDs that have different qualities on each device Updated An analysis of Meta's WhatsApp messaging software reveals that it may expose which operating system a user is running, and their device setup information including the number of linked devices.
Published: 2024-10-16T04:26:10
Networking giant says 'no evidence' of impact on its systems but will tell customers if their info has been stolen UPDATED Cisco has confirmed it is investigating claims of stealing and now selling data belonging to the networking giant.
Published: 2024-10-15T22:30:12
Volume of attacks still surging though, according to Digital Defense Report Microsoft says ransomware attacks are up 2.75 times compared to last year, but claims defenses are actually working better than ever.
Published: 2024-10-15T16:45:11
Who also worries misinformation on social media could threaten liquidity The governor of India's Reserve Bank, Shri Shaktikanta Das, yesterday warned that AI and the platforms that provide it could worsen systemic risk to the nation's financial system.
Published: 2024-10-15T03:42:10
Enough with the racist-sounding 'dragons' and 'pandas', Beijing complains then points the finger at koalas Chinese authorities have published another set of allegations that assert the Volt Typhoon cyber-crew is an invention of the US and its allies, and not a crew run by Beijing.
Published: 2024-10-15T01:15:08
It waited till just before Columbus Day weekend to make mandated filing, but don't worry, we saw it A Houston-based services provider to healthcare organizations says a crook may have grabbed up to 400,000 people's information after the miscreant accessed the systems of one of its customers.
Published: 2024-10-14T22:03:07
Technologies that help SOCs detect, analyze, and respond to emerging threats faster and more accurately Partner Content This article discusses some of the challenges traditional SOCs face and how integrating artificial intelligence/machine learning (AI/ML) modules could help solve the challenges faced by security professionals and organizations.
Published: 2024-10-14T14:43:05
Florida man gets his hands on 'the best ever' With less than a month to go before American voters head to the polls to choose their next president, the Trump campaign has been investing in secure tech to make sure it doesn't get compromised again.
Published: 2024-10-14T14:28:05
No excuses for not patching this nine-month-old issue More than 86,000 Fortinet instances remain vulnerable to the critical flaw that attackers started exploiting last week, according to Shadowserver's data.
Published: 2024-10-14T12:30:10
Let Okta lift the lid on customer identity in this series of webinars Sponsored Post Recent reports suggest that stolen identity and privileged access credentials now account for 61 percent of all data breaches.
Published: 2024-10-14T09:00:10
With an off-the-shelf D-Wave machine, but only against very short keys Chinese researchers claim they have found a way to use D-Wave's quantum annealing systems to develop a promising attack on classical encryption.
Published: 2024-10-14T06:30:09
Reading, writing, and cyber mayhem, amirite? If we were to draw an infosec Venn diagram, with one circle representing "sensitive info that attackers would want to steal" and the other "limited resources plus difficult-to-secure IT environments," education would sit in the overlap.
Published: 2024-10-13T13:00:05
Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more in brief If you need an excuse to improve your patching habits, a joint advisory from the US and UK governments about a massive, ongoing Russian campaign exploiting known vulnerabilities should do the trick.
Published: 2024-10-12T03:05:11
Researchers point to evidence that scumbags visited the strategy boutique Researchers at Palo Alto's Unit 42 believe the INC ransomware crew is no more and recently rebranded itself as Lynx over a three-month period.
Published: 2024-10-11T23:00:14
Cyberspies abusing a backdoor? Groundbreaking Lawmakers are demanding answers about earlier news reports that China's Salt Typhoon cyberspies breached US telecommunications companies Verizon, AT&T, and Lumen Technologies, and hacked their wiretapping systems. They also urge federal regulators to hold these companies accountable for their infosec practices - or lack thereof.
Published: 2024-10-11T21:30:13
Roadside assistance biz praised for deploying security monitoring software and reporting workers to cops Two former workers at roadside assistance provider RAC were this week given suspended sentences after illegally copying and selling tens of thousands of lines of personal data on people involved in accidents.
Published: 2024-10-11T11:45:16
What's harder? Convincing people to invest in a beleaguered security business or a tiny island everybody hates? Keir Starmer's decision to appoint Poppy Gustafsson as the UK's new investment minister is being resoundingly praised despite the former Darktrace boss spending years failing to fully rebuild investor confidence in the embattled company.
Published: 2024-10-11T11:13:42
It worked alleged pump and dump schemers arrested in UK, US and Portugal this week The FBI created its own cryptocurrency so it could watch suspected fraudsters use it an idea that worked so well it produced arrests in three countries.
Published: 2024-10-11T05:28:09
Acknowledges bulk customer data leak weeks after Telegram channels dangled it online Updated Leading Indian health insurance provider Star Health has admitted to being the victim of a cyber attack after criminals claimed they had posted records of 30-milion-plus clients online.
Published: 2024-10-11T02:57:43
But hey, no worries, the firm claims no evidence of data misuse Fidelity Investments has notified 77,099 people that their personal information was stolen in an August data breach.
Published: 2024-10-10T21:30:06
Unlock the power of generative AI with AWS Webinar Generative AI (GenAI) has quickly transitioned from an emerging concept to a core driver of innovation across lots of different industries.
Published: 2024-10-10T14:16:16
Researcher spots 110 TB of sensitive info sitting in unprotected database Nearly 32 million records belonging to users of tech from Trackman were left exposed to the internet, sitting in a non-password protected database, for an undetermined amount of time, according to researcher Jeremiah Fowler.
Published: 2024-10-10T14:14:10
Usual three-week window to address significant risks to federal agencies applies The US Cybersecurity and Infrastructure Security Agency (CISA) says vulnerabilities in Fortinet and Ivanti products are now being exploited, earning them places in its Known Exploited Vulnerabilities (KEV) catalog.
Published: 2024-10-10T13:34:14
Firefixed: It's maintenance time for low-complexity, high-impact security flaw It's patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser.
Published: 2024-10-10T11:30:10
Let the SANS AI Toolkit promote secure and responsible use of AI tools in the workplace Sponsored Post It's Cybersecurity Awareness Month again this October - a timely reminder for public and private sector organisations to work together and raise awareness about the importance of cybersecurity.
Published: 2024-10-10T07:46:57
Apply comprehensive security with access control, secure coding, infrastructure protection and AI governance Partner Content As generative AI (GenAI) becomes increasingly integrated into the corporate world, it is transforming everyday operations across various industries.
Published: 2024-10-10T07:24:43
Two arrested after allegedly trying to make off with their ill-gotten gains The alleged administrators of the infamous Bohemia and Cannabia dark web marketplaces have been arrested after apparently shuttering the sites and trying to flee with their earnings.
Published: 2024-10-10T06:30:14
31M folks' usernames, email addresses, salted-encrypted passwords now out there The Internet Archive had a bad day on the infosec front, after being DDoSed and having had its user account data stolen in a security breach.
Published: 2024-10-10T01:33:05
USB sticks help, but it's unclear how tools that suck malware from them are delivered A cyberespionage APT crew named GoldenJackal hacked air-gapped PCs belonging to government and diplomatic entities at least twice using two sets of custom malware, according to researchers from antivirus vendor ESET.
Published: 2024-10-09T23:31:08
Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change Smart TVs are watching their viewers and harvesting their data to benefit brokers using the same ad technology that denies privacy on the internet.
Published: 2024-10-09T22:15:08
Intruders stayed for free on the network between 2014 and 2020 Marriott has agreed to pay a $52 million penalty and develop a comprehensive infosec program following a series of major data breaches between 2014 and 2020 that affected more than 344 million people worldwide.
Published: 2024-10-09T21:08:19
One-man-band faces a mountain of lawsuits but has few assets The Florida business behind data brokerage National Public Data has filed for bankruptcy, admitting "hundreds of millions" of people were potentially affected in one of the largest information leaks of the year.
Published: 2024-10-09T19:30:15
Go forth and install your important security fixes Microsoft says that the problems with the Windows 11 Patch Tuesday preview have now been resolved.
Published: 2024-10-09T15:14:13
As if hospitals and clinics didn't have enough to worry about At least one US healthcare provider has been infected by Trinity, an emerging cybercrime gang with eponymous ransomware that uses double extortion and other "sophisticated" tactics that make it a "significant threat," according to the feds.
Published: 2024-10-09T13:45:08
Plus: SAP re-patches a failed patch for critical-rated flaw Patch Tuesday It's the second Tuesday of the month, which means Patch Tuesday, bringing with it fixes for numerous flaws, bugs and vulnerabilities in major software. And this one is a doozy.
Published: 2024-10-08T23:30:11
Given Amnesty's involvement, it's a safe bet spyware is in play Qualcomm has issued 20 patches for its chipsets' firmware, including one Digital Signal Processor (DSP) software flaw that has been exploited in the wild.
Published: 2024-10-08T21:30:09
What does IT glimpse but a dating app on your wee little screen If you're using iPhone Mirroring at work: It's time to stop, lest you give your employer's IT department the capability to snoop through the list of apps you have on your phone dating apps, those tracking medical conditions or sexual history, or any other NSFW apps that you might want to keep to yourself.
Published: 2024-10-08T18:30:14
So much jamming is taking place in northeastern Norway, regulators no longer want to know.
Published: 2024-10-17T10:32:52
Security researchers created an algorithm that turns a malicious prompt into a set of hidden instructions that could send a user's personal information to an attacker.
Published: 2024-10-17T10:30:00
The US has accused two brothers of being part of the hacker group Anonymous Sudan, which allegedly went on a wild cyberattack spree that hit hundreds of targets and, for one of the two men, even put lives at risk.
Published: 2024-10-16T17:44:44
Global Intelligence claims its Cybercheck technology can help cops find key evidence to nail a case. But a WIRED investigation reveals the smoking gun often appears far less solid.
Published: 2024-10-15T11:00:00
Bots that “remove clothes” from images have run rampant on the messaging app, allowing people to create nonconsensual deepfake images even as lawmakers and tech companies try to crack down.
Published: 2024-10-15T10:30:00
“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.
Published: 2024-10-14T14:00:00
Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.
Published: 2024-10-12T13:30:00
Plus: New details emerge in the National Public Data breach, Discord gets blocked in Russia and Turkey over alleged illegal activity on the platform, and more.
Published: 2024-10-12T10:30:00
Scammers in Southeast Asia are increasingly turning to AI, deepfakes, and dangerous malware in a way that makes their pig butchering operations even more convincing.
Published: 2024-10-12T10:00:00
It's hard enough creating one air-gap-jumping tool. Researchers say the group GoldenJackal did it twice in five years.
Published: 2024-10-12T09:30:00
The hack exposed the data of 31 million users as the embattled Wayback Machine maker scrambles to stay online and contain the fallout of digital and legal attacks.
Published: 2024-10-10T02:00:19
The $4.4 billion in crypto is set to be the largest pile of criminal proceeds ever sold off by the US. The former IRS agent who seized the record-breaking sum, meanwhile, languishes in a Nigerian jail cell.
Published: 2024-10-09T16:02:20
Earlier this year, Google ditched its plans to abolish support for third-party cookies in its Chrome browser. While privacy advocates called foul, the implications for users is not so clear cut.
Published: 2024-10-08T15:39:49
Perfctl malware is hard to detect, persists after reboots, and can perform a breadth of malicious activities.
Published: 2024-10-05T13:30:00
Plus: Harvard students pack Meta’s smart glasses with privacy-invading face-recognition tech, Microsoft and the DOJ seize Russian hackers’ domains, and more.
Published: 2024-10-05T10:30:00
After decades of relying on buttons, switches, and toggles, the Pentagon has embraced simple, ergonomic video-game-style controllers already familiar to millions of potential recruits.
Published: 2024-10-04T11:30:00
From Trump campaign signs to Planned Parenthood bumper stickers, license plate readers around the US are creating searchable databases that reveal Americans’ political leanings and more.
Published: 2024-10-03T10:30:00
The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies and unknown Polish entities since at least late 2023. The intrusions are characterized by the use of a variant of the RomCom RAT dubbed SingleCamper (aka SnipBot or RomCom 5.0), said Cisco Talos, which is monitoring the activity cluster under the moniker UAT-5647. "This
Published: 2024-10-17T21:43:00
Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after successfully gaining access to the group's affiliate panel on the dark web. Singapore-headquartered Group-IB said it contacted the threat actor behind the Cicada3301 persona on the RAMP cybercrime forum via the Tox messaging service after the latter put out an
Published: 2024-10-17T19:24:00
As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised
Published: 2024-10-17T15:49:00
An advanced persistent threat (APT) actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and T-APT-04. "
Published: 2024-10-17T15:45:00
Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft's services in June 2023. The attacks, which were facilitated by Anonymous Sudan's "powerful DDoS tool," singled out critical infrastructure, corporate networks,
Published: 2024-10-17T14:33:00
A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), has been addressed in version 0.1.38. The project maintainers acknowledged Nicolai Rybnikar for discovering and reporting the vulnerability. "A security issue
Published: 2024-10-17T10:48:00
Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions and hide malicious activity. Trend Micro said it detected "threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading detection." EDRSilencer, inspired by the NightHawk FireBlock tool from MDSec, is
Published: 2024-10-16T21:51:00
The FIDO Alliance said it's working to make passkeys and other credentials more easier to export across different providers and improve credential provider interoperability, as more than 12 billion online accounts become accessible with the passwordless sign-in method. To that end, the alliance said it has published a draft for a new set of specifications for secure credential exchange,
Published: 2024-10-16T18:53:00
AI from the attacker’s perspective: See how cybercriminals are leveraging AI and exploiting its vulnerabilities to compromise systems, users, and even other AI applications Cybercriminals and AI: The Reality vs. Hype “AI will not replace humans in the near future. But humans who know how to use AI are going to replace those humans who don't know how to use AI,” says Etay Maor, Chief Security
Published: 2024-10-16T16:55:00
The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser in Internet Explorer Mode.
Published: 2024-10-16T16:20:00
To defend your organization against cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge about new and ongoing threats. There are many techniques analysts can use to collect crucial cyber threat intelligence. Let’s consider five that can greatly improve your threat investigations. Pivoting on 2 IP addresses to pinpoint malware
Published: 2024-10-16T14:58:00
A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails. "The spear-phishing campaign's impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected," Trend Micro said in a new analysis. "
Published: 2024-10-16T12:50:00
GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0 "An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing
Published: 2024-10-16T10:36:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gain
Published: 2024-10-16T10:24:00
New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week. First spotted in the wild in 2019, TrickMo is so named for
Published: 2024-10-15T21:17:00
Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan (RAT) called DarkVision RAT. The activity, observed by Zscaler ThreatLabz in July 2024, involves a multi-stage process to deliver the RAT payload. "DarkVision RAT communicates with its command-and-control (C2) server using a custom network
Published: 2024-10-15T20:50:00
North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is "installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs," a security researcher who goes by HaxRob said.
Published: 2024-10-15T20:13:00
In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit these flaws before any defensive measures can be implemented, making zero-days a potent weapon for
Published: 2024-10-15T16:30:00
China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as Volt Typhoon is a fabrication of the U.S. and its allies. The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S. federal government, intelligence agencies, and Five Eyes countries of
Published: 2024-10-15T13:33:00
Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an information stealer known as Lumma. Hijack Loader, also known as DOILoader, IDAT Loader, and
Published: 2024-10-15T12:13:00
The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site. Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive suite of tools to improve site safety, performance, and traffic growth. It's used on 27 million
Published: 2024-10-15T10:26:00
A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That's according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the
Published: 2024-10-14T17:05:00
The link between detection and response (DR) practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on "shift-left" practices securing code, ensuring proper cloud posture, and fixing misconfigurations. However, this approach has led to an over-reliance on a multitude of DR tools spanning
Published: 2024-10-14T16:39:00
Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. "Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape," Checkmarx researchers Yehuda
Published: 2024-10-14T16:38:00
Hey there, it's your weekly dose of "what the heck is going on in cybersecurity land" and trust me, you NEED to be in the loop this time. We've got everything from zero-day exploits and AI gone rogue to the FBI playing crypto kingpin it's full of stuff they don't want you to know. So let's jump in before we get FOMO. Threat of the Week GoldenJackal Hacks Air-Gapped Systems: Meet
Published: 2024-10-14T16:13:00
Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos said it has been tracking a series of attacks in the past month leveraging compromised VPN credentials and CVE-2024-40711 to create a local account and deploy the ransomware. CVE-2024-40711, rated 9.8 out of 10.0 on the
Published: 2024-10-14T14:25:00
The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. "The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting vulnerabilities
Published: 2024-10-13T15:10:00
The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action codenamed Operation Token Mirrors is the result of the U.S. Federal Bureau of Investigation (FBI) taking the "unprecedented step" of creating its own
Published: 2024-10-12T10:36:00
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and InlandRevenue were
Published: 2024-10-11T22:43:00
Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process. In this post, we’ll explore hybrid attacks what they are
Published: 2024-10-11T16:30:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who
Published: 2024-10-11T14:04:00
GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10. "An issue was discovered in GitLab EE
Published: 2024-10-11T11:59:00
The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the Politie said. The marketplace
Published: 2024-10-11T11:31:00
OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating AI-generated profile pictures for fake accounts on X. "Threat
Published: 2024-10-10T18:57:00
Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck. "A vulnerability in the Nortek Linear eMerge E3 allows remote
Published: 2024-10-10T17:40:00
The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and incidents. As a result, SOC analysts often leave in search of better pay, the opportunity to move beyond
Published: 2024-10-10T16:30:00
Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented characters," Jscrambler researchers said in an analysis. "The heavy use of Unicode characters, many
Published: 2024-10-10T12:48:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to a case of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb. "A
Published: 2024-10-10T11:14:00
Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680 (CVSS score: 9.8), has been described as a use-after-free bug in the Animation timeline component. "An attacker was able to achieve code execution in the content process by exploiting a
Published: 2024-10-10T09:54:00
Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams. The initiative, which has been codenamed the Global Signal Exchange (GSE), is designed to create real-time insights into scams, fraud, and other forms of cybercrime pooling together threat signals from different data sources in order to create
Published: 2024-10-09T22:30:00
Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution," Claroty researchers Mashav Sapir and Vera
Published: 2024-10-09T21:03:00
Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview that Palo Alto Networks Unit 42 first disclosed in November 2023. "The threat actor behind CL-STA-0240
Published: 2024-10-09T19:03:00
Social media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access a situation no organization wants as
Published: 2024-10-09T16:30:00
Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based
Published: 2024-10-09T12:23:00
Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities and devices and conduct business email compromise (BEC) attacks, which ultimately result
Published: 2024-10-09T09:52:00
Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an authenticated
Published: 2024-10-08T22:08:00
Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. "These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community," Morphisec researcher Shmuel Uzan said in a new report published today, adding "this malware
Published: 2024-10-08T21:56:00
Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. "The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems," Kaspersky said, detailing a new campaign that began in June 2024 and continued at least until
Published: 2024-10-08T16:47:00
A little-known threat actor tracked as GoldenJackal has been linked to a series of cyber attacks targeting embassies and governmental organizations with an aim to infiltrate air-gapped systems using two disparate bespoke toolsets. Victims included a South Asian embassy in Belarus and a European Union (E.U.) government organization, Slovak cybersecurity company ESET said. "The ultimate goal of
Published: 2024-10-08T16:28:00
Is your store at risk? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life case study here. The Invisible Threat in Online Shopping When is a checkout page, not a checkout page? When it's an “evil twin”! Malicious redirects can send unsuspecting shoppers to these perfect-looking
Published: 2024-10-08T16:28:00
The DoJ charged Anonymous Sudan members and disrupted their DDoS infrastructure, halting its cyber operations. The US Justice Department charged two Sudanese brothers (Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27) with operating and controlling the cybercrime collective Anonymous Sudan that launched tens of thousands of Distributed Denial of Service (DDoS) attacks […]
Published: 2024-10-18T00:01:04
Russia-linked threat actor RomCom targeted Ukrainian government agencies and Polish entities in cyber attacks since late 2023. Cisco Talos researchers observed Russia-linked threat actor RomCom (aka UAT-5647, Storm-0978, Tropical Scorpius, UAC-0180, UNC2596) targeting Ukrainian government agencies and Polish entities in a new wave of attacks since at least late 2023. In the recent attacks, RomCom […]
Published: 2024-10-17T21:13:56
A critical flaw in Kubernetes Image Builder could allow attackers to gain root access if exploited under specific conditions. A critical, Kubernetes Image Builder vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), could allow attackers to gain root access if exploited under specific conditions. Only Kubernetes clusters with nodes using VM images from the Image Builder project and […]
Published: 2024-10-17T09:49:48
VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager. VMWare warns to address a remote code execution vulnerability, tracked as CVE-2024-38814 (CVSS score of 8.8), in its HCX application mobility platform. The vulnerability is an authenticated SQL injection vulnerability in HCX, it was privately […]
Published: 2024-10-17T07:00:43
Brazil’s Pol cia Federal has arrested hacker USDoD, the hacker behind the National Public Data and InfraGard breaches. Brazil’s Pol cia Federal (PF) announced the arrest in Belo Horizonte/MG of the notorious hacker USDoD. In August, a CrowdStrike investigation revealed that the hacker USDoD (aka EquationCorp), who is known for high-profile data leaks, is a man from Brazil. The […]
Published: 2024-10-16T23:09:18
Finnish Customs shut down the Tor darknet marketplace Sipulitie and seized the servers hosting the platform. Finnish Customs, with the help of Europol, Swedish and Polish law enforcement authorities and researchers at Bitdefender, shut down the Tor marketplace Sipulitie. “Finnish customs has closed the web servers of the Sipulitie marketplace, which has been operating on […]
Published: 2024-10-16T19:32:18
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: An attacker could exploit the vulnerability CVE-2024-30088 to gain SYSTEM privileges. Successful exploitation of […]
Published: 2024-10-16T10:48:56
GitHub addressed a critical vulnerability in Enterprise Server that could allow unauthorized access to affected instances. Code hosting platform GitHub addressed a critical vulnerability, tracked as CVE-2024-9487 (CVSS score of 9.5), in GitHub Enterprise Server that could lead to unauthorized access to affected instances. An attacker could exploit a cryptographic signature verification flaw in GitHub Enterprise Server […]
Published: 2024-10-16T06:45:00
North Korea-linked actors deploy a new Linux variant of FASTCash malware to target financial systems, researcher HaxRob revealed. The cybersecurity researcher HaxRob analyzed a new variant of the FASTCash “payment switch” malware which targets Linux systems. The variant discovered by the researcher was previously unknown and targets Ubuntu 22.04 LTS distributions. In November 2018, Symantec […]
Published: 2024-10-15T17:57:50
WordPress Jetpack plugin issued an update to fix a critical flaw allowing logged-in users to view form submissions by others on the same site. The maintainers of the WordPress Jetpack plugin have addressed a critical vulnerability that could allow logged-in users to access forms submitted by other users on the same site. Jetpack is a […]
Published: 2024-10-15T09:43:04
Deepfake Lovers Swindle Victims Out Of $46M In Hong Kong AI Scam
F5 BIG-IP Updates Patch High Severity Privilege Escalation
Anonymous Sudan DDoS Service Disrupted, Members Charged By US
Critical Bug In Kubernetes Image Builder Allows SSH Root Access
WeChat Devs Introduced Security Flaws When They Modded TLS
The Crusade To Replace Passwords With Passkeys Just Intensified
Varsity Brands Data Breach Impacts 65,000 People
Cisco Investigating Breach And Sale Of Data
Firm Hacked After Accidentally Hiring North Korean Cyber Criminal
Jetpack Patches Critical Bug That Exposed Data On 27 Million WordPress Sites
North Korean Hackers Use Newly Discovered Linux Malware To Raid ATMs
CISA Flags Critical SolarWinds Web Help Desk Bug
Internet Archive Wobbles Back Online, With Limited Functionality
Iranian Cyberspies Exploiting Recent Windows Kernel Vuln
Splunk Enterprise Update Patches Remote Code Execution Vulns
Log4j Still Being Exploited Nearly 3 Years Later
New CounterSEVeillance And TDXDown Attacks Target AMD And Intel TEEs
Ward Christensen, BBS Inventor And Architect Of Our Online Age, Dies At 78
Pentagon Shares New Cybersecurity Rules For Gov't Contractors
Lynx Ransomware Analyses Reveal Similarities To INC Ransom
Thousands Of Fortinet Instances Vulnerable To Actively Exploited Flaw
Hacked Robot Vacuums Across The U.S. Started Yelling Slurs
OpenAI Says Iranian Hackers Used ChatGPT To Plan ICS Attacks
Recent Veeam Vulnerability Exploited In Ransomware Attacks
Fidelity Investments Data Breach Impacts 77,000 Customers
Be Aware of These Eight Underrated Phishing TechniquesIndustry Moves for the week of October 14, 2024 - SecurityWeek
CISA, FBI Seek Public Comment on Software Security Bad Practices Guidance
F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability
Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters
Iranian Hackers Use Brute Force in Critical Infrastructure Attacks
Brazilian Police Arrest Notorious Hacker USDoD
Anonymous Sudan DDoS Service Disrupted, Members Charged by US
Code Execution, Data Tampering Flaw in Nvidia NeMo Gen-AI Framework
VMware Patches High-Severity SQL Injection Flaw in HCX Platform
Android 15 Rolling Out With New Theft, Application Protection Features
CISA and FBI Release Product Security Bad Practices for Public Comment
CISA and FBI Warn of Iranian-Backed Cyber Activity to Undermine U.S. Democratic Institutions
CISA Kicks Off 21st Anniversary of Cybersecurity Awareness Month
CISA Releases Anonymous Threat Response Guidance and Toolkit for K-12 Schools
Joint ODNI, FBI, and CISA Statement
CISA Releases Plan to Align Operational Cybersecurity Priorities for Federal Agencies
FBI and CISA Release Joint PSA, Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U.S. Elections
CISA Releases Election Security Focused Checklists for Both Cybersecurity and Physical Security
CISA Launches New Portal to Improve Cyber Reporting
Election Security Partners Host 7th Annual Tabletop the Vote Exercise for 2024
A Message to Election Officials from CISA Director Jen Easterly
Region 8 Invites You to Secure Our World
CISA Director Jen Easterly Remarks at the Election Center 39th Annual National Conference in Detroit
Learn with Region 8’s Webinar Program
Shaping the legacy of partnership between government and private sector globally: JCDC
SAFECOM and NCSWIC Develop Global Positioning System (GPS) for Public Safety Location Services: Use Cases and Best Practices
Region 10 Team Provides Vital Election Security Training for Idaho
SAFECOM Membership Spotlight ft. Red Grasso, North Carolina Department of Information Technology
SAFECOM Releases New Resource for Cloud Adoption
With Open Source Artificial Intelligence, Don’t Forget the Lessons of Open Source Software
CISA Adds One Known Exploited Vulnerability to Catalog
Mitsubishi Electric CNC Series
CISA Releases Seven Industrial Control Systems Advisories
Elvaco M-Bus Metering Gateway CMe3100
HMS Networks EWON FLEXY 202
Oracle Releases Quarterly Critical Patch Update Advisory for October 2024
LCDS LAquis SCADA
Kieback&Peter DDC4000 Series
CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force
CISA and FBI Release Joint Guidance on Product Security Bad Practices for Public Comment
Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
Siemens Siveillance Video Camera
Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)
Schneider Electric Data Center Expert
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA Releases Two Industrial Control Systems Advisories
Rockwell Automation Logix Controllers
Delta Electronics CNCSoft-G2
Siemens SIMATIC S7-1500 and S7-1200 CPUs
Siemens SENTRON PAC3200 Devices
Siemens JT2Go
Siemens SIMATIC S7-1500 CPUs
Siemens Tecnomatix Plant Simulation
Rockwell Automation DataMosaix Private Cloud
Rockwell Automation PowerFlex 6000T
CISA Releases Twenty-One Industrial Control Systems Advisories
Siemens Simcenter Nastran
Siemens Questa and ModelSim
Siemens HiMed Cockpit
Siemens RUGGEDCOM APE1808
[webapps] reNgine 2.2.0 - Command Injection (Authenticated)
[webapps] openSIS 9.1 - SQLi (Authenticated)
[webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
[webapps] NoteMark < 0.13.0 - Stored XSS
[webapps] Gitea 1.22.0 - Stored XSS
[webapps] Invesalius3 - Remote Code Execution
[dos] Windows TCP/IP - RCE Checker and Denial of Service
[webapps] Aurba 501 - Authenticated RCE
[webapps] HughesNet HT2000W Satellite Modem - Password Reset
[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure
[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
[webapps] Helpdeskz v2.0.2 - Stored XSS
[webapps] Calibre-web 0.6.21 - Stored XSS
[webapps] Devika v1 - Path Traversal via 'snapshot_path'
[local] Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path
[local] SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path
[local] Oracle Database 12c Release 1 - Unquoted Service Path
[webapps] Ivanti vADC 9.9 - Authentication Bypass
[local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation
[webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection
[webapps] Azon Dominator Affiliate Marketing Script - SQL Injection
[webapps] Microweber 2.0.15 - Stored XSS
[webapps] Customer Support System 1.0 - Stored XSS
[webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)
[webapps] SolarWinds Platform 2024.1 SR1 - Race Condition
[webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
[webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)
[webapps] Boelter Blue System Management 1.3 - SQL Injection
[webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)
[webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)
[webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.
[webapps] AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
[webapps] XMB 1.9.12.06 - Stored XSS
[webapps] Carbon Forum 5.9.0 - Stored XSS
[webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)
[webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)
[webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)
[webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE)
[webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE)
[webapps] Dotclear 2.29 - Remote Code Execution (RCE)
[webapps] Serendipity 2.5.0 - Remote Code Execution (RCE)
[webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS)
[webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated)
[webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI)
[webapps] Check Point Security Gateway - Information Disclosure (Unauthenticated)
[webapps] Aquatronica Control System 5.1.6 - Information Disclosure
[webapps] changedetection < 0.45.20 - Remote Code Execution (RCE)
[webapps] ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)
SEC Consult SA-20241009-0 :: Local Privilege Escalation via MSI installer in Palo Alto Networks GlobalProtect (CVE-2024-9473)
APPLE-SA-10-03-2024-1 iOS 18.0.1 and iPadOS 18.0.1
Some SIM / USIM card security (and ecosystem) info
SEC Consult SA-20240930-0 :: Local Privilege Escalation via MSI Installer in Nitro PDF Pro (CVE-2024-35288)
Backdoor.Win32.Benju.a / Unauthenticated Remote Command Execution
Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH)
Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE)
Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH)
Backdoor.Win32.Boiling / Remote Command Execution
Defense in depth -- the Microsoft way (part 88): a SINGLE command line shows about 20, 000 instances of CWE-73
SEC Consult SA-20240925-0 :: Uninstall Password Bypass in BlackBerry CylanceOPTICS Windows Installer Package (CVE-2024-35214)
Apple iOS 17.2.1 - Screen Time Passcode Retrieval (Mitigation Bypass)
CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204
Submit Exploit CVE-2024-42831
Stored XSS in "Edit Profile" - htmlyv2.9.9
Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so
CVE-2024-9143: OpenSSL: Low-level invalid GF(2^m) parameters lead to OOB memory access
CVE-2024-45217: Apache Solr: ConfigSets created during a backup restore command are trusted implicitly
CVE-2024-45216: Apache Solr: Authentication bypass possible using a fake URL Path ending
Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so
Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so
CVE-2024-45693: Apache CloudStack: Request origin validation bypass makes account takeover possible
CVE-2024-45462: Apache CloudStack: Incomplete session invalidation on web interface logout
CVE-2024-45461: Apache CloudStack Quota plugin: Access checks not enforced in Quota
CVE-2024-45219: Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure
Re: CVE-2024-47191: Local root exploit in the PAM module pam_oath.so
CVE-2023-50780: Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
[kubernetes] CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials
CVE-2024-46911: Apache Roller: Weakness in CSRF protection allows privilege escalation
libarchive 3.7.5 released with security fixes