SecurityWeek
Exploitation of Critical ownCloud Vulnerability Begins
Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure.
SecurityWeek
Critical Vulnerability Found in Ray AI Framework
A critical issue in open source AI framework Ray could provide attackers with operating system access to all nodes.
Security Affairs
Daixin Team group claimed the hack of North Texas Municipal Water District
The Daixin Team group claims to have hacked the North Texas Municipal Water District (US) and threatened to leak the stolen data.
Infosecurity News
CISA Warns Congress on Chemical Industry Terror Attacks
Security agency wants to resume critical CFATS inspections
Cyber Security News
CISA & NCSC Discloses Guidelines for Secure AI System Development
New security flaws in AI systems must be taken into account in addition to the usual cyber security risks,security is frequently neglected.
Bleeping Computer
Slovenia's largest power provider HSE hit by ransomware attack
Slovenian power company Holding Slovenske Elektrarne (HSE) has suffered a ransomware attack that compromised its systems and encrypted files, yet the company says the incident did not disrupt electric power production.
SecurityWeek
US, UK Cybersecurity Agencies Publish AI Development Guidance
New guidance from US and UK cybersecurity agencies provides recommendations for secure AI system development.
SecurityWeek
UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws
UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks.
Latest Hacking News
New Alerts Issued For CitrixBleed Flaw Following Active Exploits
Given the continuous rise in active exploitation of the now-known CitrixBleed flaw, governments issued new alerts to patch unpatched Netscaler systems. The recent alerts originate from the Government of Australia and the United States, alongside
SecurityWeek
Hackers Hijack Industrial Control System at US Water Utility
Municipal Water Authority of Aliquippa confirms that hackers took control of a booster station, but says no risk to water supply.
Infosecurity News
UK Publishes First Guidelines on Safe AI Development
NCSC and CISA effort endorsed by 18 countries
The Hacker News
U.S., U.K., and Global Partners Release Secure AI System Development Guidelines
U.K., U.S., and 16 other international partners have released new guidelines for the development of secure artificial intelligence (AI) systems.
The Record
AI systems ‘subject to new types of vulnerabilities,’ British and US cyber agencies warn
British and U.S. cybersecurity authorities published guidance on Monday about how to develop artificial intelligence systems in a way that will minimize the risks they face from mischief-makers through to state-sponsored hackers.
Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Rhysida ransomware gang claimed China Energy hack
The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation.
Bleeping Computer
UK and South Korea: Hackers use zero-day in supply-chain attack
A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou
Infosecurity News
CISA Launches Project to Assess Effectiveness of Security Controls
Relaunched working group aims to tackle scourge of ransomware
Infosecurity News
InfectedSlurs Botnet Resurrects Mirai With Zero-Days
The investigation conducted by Akamai in late October 2023 revealed a specific HTTP exploit path
Cyber Security News
Citrix Warns Admin to Kill Active or Persistent Sessions to Thwart Hackers
This vulnerability affected Citrix NetScaler Gateway and ADC devices. Following this, AssetNote published a proof-of-concept for this vulnerability named “CitrixBleed.”
Security Affairs
New InfectedSlurs Mirai-based botnet exploits two zero-days
Mirai-based botnet InfectedSlurs has been spotted exploiting two zero-day RCE flaws to compromise routers and video recorder (NVR) devices.
CyberScoop
Researchers want more detail on industrial control system alerts
A vulnerability in an industrial control system exploited by a state-backed hacking group illustrate problems in how vendors share data.
Infosecurity News
LockBit Affiliates Exploiting Citrix Bleed, Government Agencies Warn
Multiple threat actor groups are found to be exploiting a vulnerability in Citrix NetScaler gateway appliances, government agencies have warned
SecurityWeek
Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability
Administrators are urged to patch the recent CitrixBleed NetScaler vulnerability as LockBit starts exploiting it.
Security Affairs
CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog
US CISA added Looney Tunables Linux vulnerability (tracked as CVE-2023-4911) to its Known Exploited Vulnerabilities catalog.
Security Affairs
Citrix provides additional measures to address Citrix Bleed
Citrix urges admins to kill NetScaler user sessions after patching their appliances against the CVE-2023-4966 Citrix Bleed vulnerability.
CSO
Flaw in Citrix software led to the recent cyberattack on Boeing: Report
Malicious elements, including LockBit 3.0, managed to exploit vulnerabilities in Citrix software even after they were fixed.
The Hacker News
LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In
LockBit ransomware affiliates are exploiting the Citrix NetScaler flaw ("Citrix Bleed") to hijack user sessions and gain unauthorized access.
The Record
Federal agencies investigating data breach at nuclear research lab
Idaho National Laboratory, a prominent nuclear research lab within the U.S. Department of Energy, is investigating the breach after a hacktivist group claimed to infiltrate its systems.
Bleeping Computer
CISA orders federal agencies to patch Looney Tunables Linux bug
Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions.
Bleeping Computer
Citrix warns admins to kill NetScaler user sessions to block hackers
Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks.
Cyber Security News
CISA Releases Cyber Attack Mitigation for Healthcare Organizations
CISA has released a Cyber Attack Mitigation Guide specifically tailored for the Healthcare and Public Health (HPH) Sector.
SecurityWeek
CISA Offering Free Cybersecurity Services to Non-Federal Critical Infrastructure Entities
New CISA pilot program brings cutting-edge cybersecurity services to critical infrastructure entities that need support.
The Record
‘Citrix Bleed’ vulnerability targeted by nation-state and criminal hackers: CISA
The bug has caused alarm for weeks as cybersecurity experts warned that many government agencies and major companies were leaving their appliances exposed to the internet — opening themselves up to attacks.
The Record
Navy unveils its first cyber strategy
The U.S. Navy on Tuesday released its long-awaited cyber strategy, as the service tries to revamp its efforts in the digital domain after years of personnel and readiness issues.
CyberScoop
Detailed data on employees of U.S. national security lab leak online
The hacking group SiegedSed released personal data on thousands of employees at the Idaho National Laboratory, the nuclear research lab.
CyberNews
British Library ransom attack claimed, data leak confirmed
The British Library confirms data has been leaked as it struggles to recover from a November 6 ransomware attack claimed by the e Rhysida ransom gang.
Security Affairs
Rhysida ransomware gang is auctioning data stolen from the British Library
The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage.
Infosecurity News
CISA Unveils Healthcare Cybersecurity Guide
The guide outlines mitigation strategies and best practices to counteract prevalent cyber-threats
Bleeping Computer
Rhysida ransomware gang claims British Library cyberattack
The Rhysida ransomware gang has claimed responsibility for a cyberattack on the British Library in October, which has caused a major ongoing IT outage.
SecurityWeek
CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations
New CISA guidance details cyber threats and risks to healthcare and public health organizations and recommends mitigations.
SecurityWeek
Johnson Controls Patches Critical Vulnerability in Industrial Refrigeration Products
Johnson Controls patches a critical vulnerability that can be exploited to take complete control of Frick industrial refrigeration products
CyberSecurity Dive
CISA explains how to apply secure-by-design principles
The focus should be on what manufacturers are doing to keep their customers safe, not the damage attackers might be inflicting, CISA’s Bob Lord said.
SecurityWeek
US Announces $70 Million Cybersecurity Boost for Rural, Municipal Utilities
The US Department of Energy is offering $70 million in funding to improve the cybersecurity of rural and municipal utilities.
The Record
CISA launches pilot program offering ‘cutting-edge’ services to critical infrastructure orgs
The U.S. government is offering “cutting-edge cybersecurity shared services” to critical infrastructure organizations that need it most.
Security Affairs
Security Affairs newsletter Round 446 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Weekly Cyber Security News Roundup for the Week of November 13th to 18th
Welcome to the Cyber Security News Recap, a weekly publication by Cyber Writes. Our aim is to bring you up-to-date information on the latest developments in the field of cybersecurity.
Bleeping Computer
The Week in Ransomware - November 17th 2023 - Citrix in the Crosshairs
Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files.
DarkReading
Scattered Spider Casino Hackers Evade Arrest in Plain Sight
The feds seem to know all about the hacking group brazenly breaking into corporate networks; so why are enterprise teams left on their own to stop their cybercrimes?
SecurityWeek
In Other News: Major Law Firm Hacked, Chinese Bank Pays Ransom, PyPI Security Audit
Noteworthy stories that might have slipped under the radar: top law firm hacked, Chinese bank pays ransom, PyPI conducts first security audit
Bleeping Computer
CISA warns of actively exploited Windows, Sophos, and Oracle bugs
The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle.
Cyber Security News
FBI Shares Tactics & Techniques Used by Scattered Spider Hacker Group
Recently, the FBI and CISA issued a joint Cybersecurity Advisory (CSA) on Scattered Spider threat actors targeting commercial facilities.
SecurityWeek
CISA Warns of Attacks Exploiting Sophos Web Appliance Vulnerability
CISA adds Sophos, Oracle and Microsoft product security holes to its Known Exploited Vulnerabilities (KEV) catalog.
Security Affairs
CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog
US CISA added 3 vulnerabilities (tracked as CVE-2023-36584, CVE-2023-1671, and CVE-2023-2551) to its Known Exploited Vulnerabilities catalog.
CyberSecurity Dive
Threat actors behind Las Vegas casino attacks are social-engineering mavens
Scattered Spider threat actors are attacking large companies and their IT help desks to steal data for extortion, according to federal cyber authorities.
Infosecurity News
FBI Lifts the Lid on Notorious Scattered Spider Group
Security advisory details TTPs of prolific threat actors
The Hacker News
27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts
Beware of fake Python libraries! 27 malicious packages found on PyPI, disguised as legitimate ones.
The Hacker News
CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
U.S. CISA has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation in the wild.
The Record
CISA, FBI warn of Scattered Spider expertise with social engineering, SIM swapping
The leading cybersecurity officials in the U.S. published a stark warning on Thursday about a group of hackers who have disrupted some of the largest companies in the country through social engineering and other tactics.
Bleeping Computer
FBI shares tactics of notorious Scattered Spider hacker collective
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation..
CyberNews
FBI warning on MGM hacker group Scattered Spider, urges victims to come forward
The FBI is warning organizations to guard against the Scattered Spider ransom group, responsible for the MGM and Caesars hacks, plus dozens more US attacks this year.
Infosecurity News
CSA Launches First Zero Trust Certification
The CCZT program incorporates foundational principles from leading sources such as CISA and NIST
SecurityWeek
Zimbra Zero-Day Exploited to Hack Government Emails
Google says a Zimbra zero-day from earlier this year, CVE-2023-37580, was exploited in several campaigns to hack government emails.
The Hacker News
CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks
U.S. agencies warn of Rhysida ransomware double extortion attacks on multiple industries, including education, manufacturing and IT.
Security Affairs
FBI and CISA warn of attacks by Rhysida ransomware gang
The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors.
Bleeping Computer
FBI and CISA warn of opportunistic Rhysida ransomware attacks
The FBI and CISA warned today of Rhysida ransomware gang's opportunistic attacks targeting organizations across multiple industry sectors.
Infosecurity News
US Government Unveils First AI Roadmap For Cybersecurity
The initiative aligns with President Biden’s recent Executive Order
SecurityWeek
CISA Outlines AI-Related Cybersecurity Efforts
CISA details its efforts to promote the use of AI in cybersecurity and guide critical infrastructure in adopting AI.
CyberSecurity Dive
5 Juniper CVEs actively exploited in the wild
The vendor warned the Junos OS vulnerabilities can be chained to remotely execute code.
The Hacker News
Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities
Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023.
CyberNews
LockBit ransom gang behind mass exploitation of Citrix bug, researchers say
Security researchers are blaming a now-patched Citrix zero-day vulnerability for a recent spate of ransomware attacks said to be carried out by the LockBit gang.
The Record
CISA adds three Microsoft Patch Tuesday bugs to vulnerability list
The top cybersecurity agency in the U.S. warned that hackers are exploiting three vulnerabilities disclosed by Microsoft on Tuesday.
The Record
Chairman of House cybersecurity panel wants to overturn SEC disclosure rules
Rep. Andrew Garbarino proposed legislation that would block the Securities and Exchange Commission (SEC) from requiring companies that it regulates to quickly disclose “material” cybersecurity incidents.
The Record
CISA's Goldstein: Ukrainian response to Viasat hack proves need for redundancy, resilience
The Ukrainian military’s ability to recover from the Russian attack on satellite company Viasat is an example of the need for redundant systems and resilient organizations, according to a top U.S. government cybersecurity official.
SecurityWeek
Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion
Adobe patches 72 security bugs and calls special attention to code-execution defects in the widely deployed Acrobat and Reader software.
.jpg)
DarkReading
Royal Ransom Demands Exceed $275M, Rebrand in Offing
The swift-moving ransomware crew continues to evolve quickly and has already attacked more than 350 victims since it was first detected just over a year ago.
Cyber Security News
10 Best Network Security Companies For CISO - 2024
Best Network Security Companies for CISO: 1. Perimeter81 2. Palo Alto Networks 3. Cisco 4. Check Point 5. IBM 6. Crowdstrike 7. Trend Micro.
SecurityWeek
MySQL Servers, Docker Hosts Infected With DDoS Malware
Researchers warn attackers are targeting MySQL servers and Docker hosts to plant malware capable of launching distributed DDoS attacks.
SecurityWeek
Royal Ransomware Possibly Rebranding After Targeting 350 Organizations Worldwide
CISA says Royal ransomware has targeted 350 organizations to date, demanding over $275 million in ransoms.
SecurityWeek
Hacker Conversations: Chris Wysopal, AKA Weld Pond
Chris Wysopal (AKA Weld Pond) founder and CTO of Veracode and member of the hacker collective L0pht Heavy Industries.
Infosecurity News
Royal Ransomware Gang Demands $275m in a Year
CISA highlights links to newer Blacksuit variant
CyberNews
Royal Ransomware has a new name after demanding $275M from 350 victims
Royal Ransomware, which emerged in early 2022, already has at least 350 known victims under its belt, added since September 2022.
The Hacker News
CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17
Juniper Junos OS vulnerabilities can lead to remote code execution. CISA has set a Nov 17, 2023 deadline to secure against Juniper Junos OS vulnerabil
The Record
CISA, FBI warn that Royal ransomware gang may rebrand as ‘BlackSuit’
The leading cybersecurity agencies in the U.S. released startling new data on the Royal ransomware gang on Monday, confirming previous reports that the gang may be preparing for a rebrand.
The Record
Cyber incident reports hit ‘all-time high,’ warns UK NCSC
The National Cyber Security Centre said that it received 2,005 voluntary reports over the past year, a 64% increase on last year’s figures. Nearly 400 of those were so serious that the agency's incident management team had to triage the response.
Bleeping Computer
FBI: Royal ransomware asked 350 victims to pay $275 million
The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022.
Security Affairs
CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog
US CISA added four vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog.
CSO
ACSC and CISA launch step-by-step business continuity instructions for SMBs
Business Continuity in a Box is a set of instructions to help businesses maintain communications and continuity of critical applications following a cyber incident.
Bleeping Computer
CISA warns of actively exploited Juniper pre-auth RCE exploit chain
CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution (RCE) attacks as part of a pre-auth exploit chain.
CyberNews
South Korea exposes 38 Chinese-run fake news websites
The South Korean spy agency has identified a network of 38 fake news websites Chinese firms operated within the country to influence public opinion.
SecurityWeek
2.2 Million Impacted by Data Breach at McLaren Health Care
McLaren Health Care is informing roughly 2.2 million individuals of a data breach impacting their personal information.
Cyber Security News
SentinelOne Set to Acquire a Cybersecurity Consulting Firm, Krebs Stamos Group
In a strategic move aimed at addressing the escalating challenges posed by cyber threats in today's interconnected world, SentinelOne, a global leader in AI security, has unveiled the PinnacleOne Strategic Advisory Group.
DarkReading
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank
Meanwhile, CISA joins the call to patch CVE-2023-4966 immediately amid reports of mass-exploit activity; at least 5,000 orgs remain exposed.
SecurityWeek
In Other News: EU Government Surveillance, Rewards for Iranian Hackers, Evolution of Chinese Spying
EU regulation enables government surveillance, US offering rewards for Iranian hackers, evolution of Chinese spying.
CyberSecurity Dive
As Congress weighs budget priorities, top cyber execs urge CISA funding support
The group, led by Tenable CEO Amit Yoran, raised concerns that significant cuts to the agency would undermine efforts to combat rising threats to critical infrastructure and federal systems.
CyberNews
Allen & Overy law firm breached, LockBit takes credit
Top global law firm Allen & Overy (A&O) said some of its systems have been impacted due to a “data incident” claimed by the LockBit ransomware group.
The Hacker News
CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation
CISA adds high-severity flaw in Service Location Protocol (SLP) to Known Exploited Vulnerabilities list.
The Record
SentinelOne to acquire cybersecurity consulting firm Krebs Stamos Group
Cybersecurity giant SentinelOne said it is acquiring advisory firm Krebs Stamos Group and creating a new entity called PinnacleOne Strategic Advisory Group.
CSO
US launches “Shields Ready” campaign to secure critical infrastructure
Shields Ready initiative outlines strategies for preparing critical infrastructure organizations for potential disruption and building more resilience into systems, facilities, and processes.
Infosecurity News
FBI Warns of Emerging Ransomware Initial Access Techniques
The FBI notification advises how to protect against the growing targeting of third-party vendors and services
CyberSecurity Dive
CitrixBleed sparks race to patch, hunt for malicious activity
CISA urged organizations to patch, mitigate and report any positive findings as Citrix NetScaler ADC and NetScaler Gateway users remain exposed to session hijack.
Infosecurity News
US Urges Critical Infrastructure Firms to Get “Shields Ready”
Government campaign aims to promote cyber-resilience
CyberSecurity Dive
Atlassian Confluence customers confront pair of critical vulnerabilities
Back-to-back vulnerabilities in the enterprise content collaboration and management workspace remain under active attack by threat actors.
Bleeping Computer
Critical Atlassian Confluence bug exploited in Cerber ransomware attacks
Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware.
CyberScoop
CISA sees increase in zero-day exploitation, official says
Michael Duffy, an official in CISA’s cybersecurity division, says zero-day exploits are “really affecting the federal government networks.”
CSO
Boeing systems hit in reported Lockbit cyberattack
Boeing has confirmed that an "incident" has occurred, after reports surfaced that the Lockbit ransomware group has claimed to have exfiltrated sensitive data from the aerospace giant.
The Record
Cyber experts and officials raise alarms about exploits against Citrix and Apache products
The zero-day bugs affecting products from Citrix and Apache have critical severity scores and require immediate attention, experts warned.
Bleeping Computer
Atlassian warns of exploit for Confluence data wiping bug, get patching
Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances.
SecurityWeek
Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware
A recently patched Apache ActiveMQ vulnerability tracked as CVE-2023-46604 is being exploited to deliver ransomware.
Bleeping Computer
Hackers exploit recent F5 BIG-IP flaws in stealthy attacks
F5 is warning BIG-IP admins that devices are being breached by "skilled" hackers exploiting two recently disclosed vulnerabilities to erase signs of their access and achieve stealthy code execution.
SecurityWeek
MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile
MITRE announces the release of ATT&CK v14, which brings enhancements related to detections, ICS, and mobile.
Infosecurity News
Forty Countries Agree Not to Pay Cybercrime Ransoms
Initiative announced at International Counter Ransomware Initiative
Bleeping Computer
Atlassian warns of critical Confluence flaw leading to data loss
Australian software company Atlassian warned admins to immediately patch Internet-exposed Confluence instances against a critical security flaw that could lead to data loss following successful exploitation.
DarkReading
20 Years Later, Is Patch Tuesday Enough?
Microsoft's longstanding practice isn't enough to handle its vulnerability problem.
Cyber Security News
Boeing Breached by LockBit Ransomware Gang? Investigation Inprogress
Boeing, a major player in the aerospace industry, says it is "assessing" claims made by the LockBit ransomware group that it has taken a "tremendous amount" of confidential information from the company.
CyberSecurity Dive
Boeing assessing ransomware group’s claim of ‘sensitive’ data theft
A prolific Russia-affiliated group threatened to leak data if the aerospace company doesn't make contact by Nov. 2.
Infosecurity News
Boeing Investigates LockBit Ransomware Breach Claims
Group alleges it stole large volume of sensitive data
Cyber Security News
CISA Announces New Logging Tool for Windows-based Devices
CISA has launched a new version of Logging Made Easy (LME), a free and simple log management solution for Windows-based devices.
The Record
Dallas County confirms cybersecurity 'incident' after ransomware gang claims attack
On Saturday, the Play ransomware gang posted the county to its leak site, claiming to have stolen an undisclosed amount of data.
SecurityWeek
In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding
Noteworthy stories that might have slipped under the radar: Ex-NSA employee spying for Russia, EU threat landscape, cyber education funding
CyberSecurity Dive
High-profile summer attacks linked to same aggressive ransomware group
Microsoft researchers described Octo Tempest, or Oktapus, as one of the most dangerous financial criminal groups currently in operation.
CyberSecurity Dive
CISA targets software identification in push to boost supply chain security
The plan is part of a wider effort to boost software security using vulnerability management and SBOMs.
The Record
FTC approves rule giving non-banking financial institutions 30 days to report data breaches
The amendment to the Safeguards Rule will go into effect in April, requiring non-banking financial institutions to report security incidents involving the information of at least 500 customers to the FTC.
SecurityWeek
CISA, HHS Release Cybersecurity Healthcare Toolkit
CISA and the HHS have released resources for healthcare and public health organizations to improve their security.
SecurityWeek
Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack
Japanese watchmaking giant Seiko has confirmed that personal information was stolen in a recent ransomware attack.
Infosecurity News
CISA Releases Cybersecurity Toolkit For Healthcare
Resources could help to stem the tide of breaches
The Record
CISA: Agencies seeing steep decrease in known exploited vulnerabilities on federal networks
A catalog of exploited vulnerabilities run by the top cybersecurity agency in the U.S. is having a significant effect on the security of federal civilian agencies, according to Congressional testimony from a senior official.
The Hacker News
Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities
Proof-of-concept (PoC) exploits have been publicly released for the recently discovered vulnerabilities in VMware Aria Operations, Citrix NetScaler.
SecurityWeek
Rockwell Automation Warns Customers of Cisco Zero-Day Affecting Stratix Switches
Rockwell Automation has warned customers about the impact of the actively exploited Cisco IOS XE zero-day on its Stratix industrial switches.
The Record
Cybersecurity regulations for passenger and freight railroads renewed by TSA
“The renewal is the right thing to do to keep the nation’s railroad systems secure against cyber threats, and these updates sustain the strong cybersecurity measures already in place for the railroad industry,” TSA Administrator David Pekoske said.
Bleeping Computer
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately
Citrix warned admins today to secure all NetScaler ADC and Gateway appliances immediately against ongoing attacks exploiting the CVE-2023-4966 vulnerability.
SecurityWeek
Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops
Cisco has found a second zero-day vulnerability that has been exploited in recent attacks as the number of hacked devices has dropped.
CyberSecurity Dive
Microsoft extends security log retention following State Department hacks
Government and private sector customers will be able to search cloud data records for malicious threat activity by default.
The Record
CISA working on updated National Cyber Incident Response Plan
The Cybersecurity and Infrastructure Security Agency (CISA) is working with industry stakeholders and government agencies on a new version of the National Cyber Incident Response Plan (NCIRP) — the framework that outlines the country’s response to significant cyber incidents.
The Hacker News
Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices
🚨 Cisco issued an alert about a new zero-day vulnerability in IOS XE (CVE-2023-20273). Attackers are actively exploiting it to install malware.
-1.webp)
Cyber Security News
U.S. Government Releases Popular Phishing Technique Used by Hackers
Phishing is a cyberattack that uses deception to trick people into giving away sensitive information or taking actions that compromise security.
The Record
Cisco identifies another IOS XE vulnerability, with patches coming this weekend
The networking giant has identified a second issue connected to a popular software line after it was revealed that tens of thousands of devices were recently infected via a zero-day vulnerability.
Bleeping Computer
Microsoft extends Purview Audit log retention after July breach
Microsoft is extending Purview Audit log retention as promised after the Chinese Storm-0558 hacking group breached dozens of Exchange and Microsoft 365 corporate and government accounts in July.
ZDNet
What is ransomware? Everything you need to know and how to reduce your risk
The ransomware business is booming, and really anyone can be the next victim. Here's how to protect yourself and your organization from an attack. Too late for prevention? We'll show you what to do next.
SecurityWeek
US Government Releases Anti-Phishing Guidance
CISA, NSA, FBI, and MS-ISAC have released guidance and prevention recommendations on common phishing techniques.
CyberSecurity Dive
CISA launches new phase of Secure by Design to push global industry on software security
The agency plans an RFI on secure engineering, while adding guidance on AI security and emphasizing default security that does not require customer configurations.
Cyber Security News
CISA, FBI Warns of Critical Atlassian Zero-Day Flaw Under Active Attack
A serious security flaw in some versions of Atlassian Confluence Data Center and Server has been exploited by hackers.
SecurityWeek
Prove Identity Snags $40M Funding for ID Verification Tech
Startup with roots in the ecommerce mobile payments space raises $40 million for digital identity verification and authentication technology.
SecurityWeek
Critical Vulnerabilities Expose Weintek HMIs to Attacks
Weintek has patched critical and high-severity vulnerabilities found in its cMT series HMIs by industrial cybersecurity firm TXOne.
SecurityWeek
NSA Publishes ICS/OT Intrusion Detection Signatures and Analytics
NSA has released Elitewolf, a repository of intrusion detection signatures and analytics for OT environments.
SecurityWeek
US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability
CISA, FBI, and MS-ISAC warn of potential widespread exploitation of CVE-2023-22515, a critical vulnerability in Atlassian Confluence.
SecurityWeek
Cisco Devices Hacked via IOS XE Zero-Day Vulnerability
Cisco is warning customers that a new IOS XE zero-day vulnerability tracked as CVE-2023-20198 is being exploited to hack devices.
The Hacker News
Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild
Cisco alerts about a critical unpatched zero-day security vulnerability in its IOS XE software that's under active exploitation.
DarkReading
Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit
No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication.
Bleeping Computer
CISA, FBI urge admins to patch Atlassian Confluence immediately
CISA, FBI, and MS-ISAC warned network admins today to immediately patch their Atlassian Confluence servers against a maximum severity flaw actively exploited in attacks.
-1.webp)
Cyber Security News
CISA to Flag Vulnerabilities & Misconfigurations Exploited in Ransomware Attacks
CISA launched the Ransomware Vulnerability Warning Pilot (RVWP) in January 2023 to assist organizations in overcoming this possible blind hole.
CyberSecurity Dive
CISA’s top 10 misconfigurations reveal ‘systemic weaknesses’
Common mistakes including poor credential management, weak MFA and lackluster patching continue to harm large enterprises.
SecurityWeek
EPA Withdraws Water Sector Cybersecurity Rules Due to Lawsuits
Environmental Protection Agency (EPA) withdraws recent water sector cybersecurity rules due to lawsuits by states and water associations.
The Record
Cisco: Hackers targeting zero-day found in internet-exposed routers
The vulnerability carries the highest severity score possible of 10 and would “grant an attacker full administrator privileges" of the affected router.
The Record
Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach
Colonial Pipeline said there has been no disruption to pipeline operations or their systems after a ransomware gang made several threats on Friday afternoon.
DarkReading
Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure
CISA and FBI warn the RaaS provider's affiliates are striking critical industries, with more attacks expected to come from additional ransomware groups in the months ahead.
Computerworld
Microsoft addresses three zero-days for October’s Patch Tuesday
Microsoft this week rolled out 103 security updates, including for three zero-day vulnerabilities affecting Windows and Edge.
Bleeping Computer
CISA shares vulnerabilities, misconfigs used by ransomware gangs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled additional details regarding misconfigurations and security vulnerabilities exploited by ransomware gangs, aiming to help critical infrastructure organizations thwart their attacks.
SecurityWeek
CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware
CISA is now flagging vulnerabilities and misconfigurations that are known to be exploited in ransomware attacks.
The Hacker News
FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure
The FBI and CISA issue advisory on AvosLocker ransomware gang. They use open-source tools, leave minimal traces.
CyberSecurity Dive
Microsoft tops CISA’s list of exploited CVEs used in ransomware attacks
CISA updated its Known Exploited Vulnerabilities Catalog to alert organizations to CVEs linked to ransomware.
The Record
CISA plans to share more information on ransomware actors in its exploited vulnerability alerts
The U.S.’s top cybersecurity agency said it plans to add a section dedicated to ransomware gangs to its list of vulnerabilities being exploited by hackers.
The Record
EPA says litigation from Republicans, water companies forced withdrawal of cybersecurity memo
The U.S. Environmental Protection Agency (EPA) has decided to rescind a memorandum establishing new cybersecurity guidelines for water systems across the country after Republican lawmakers and water companies filed a lawsuit against the measure.
Bleeping Computer
FBI shares AvosLocker ransomware technical details, defense tips
The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along with custom PowerShell, and batch scripts.
Bleeping Computer
Apple fixes iOS Kernel zero-day vulnerability on older iPhones
Apple has published security updates for older iPhones and iPads to backport patches released one week ago, addressing two zero-day vulnerabilities exploited in attacks.
Infosecurity News
US Government Issues Open-Source Security Guidance for Critical Infras
The recommendations are designed to reduce the life-safety implications of cyber incidents in ICS environments
SecurityWeek
Citrix Patches Critical NetScaler ADC, Gateway Vulnerability
Citrix has released patches for a critical information disclosure vulnerability in NetScaler ADC and NetScaler Gateway.
SecurityWeek
US Government Releases Security Guidance for Open Source Software in OT, ICS
CISA, FBI, NSA, and US Treasury published new guidance on improving the security of open source software in OT and ICS.
The Hacker News
U.S. Cybersecurity Agency Warns of Actively Exploited Adobe Acrobat Reader Vulnerability
Adobe Acrobat Reader users, beware! CISA adds high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities list.
SecurityWeek
Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks
Organizations respond to HTTP/2 Rapid Reset zero-day vulnerability exploited to launch the largest DDoS attacks seen to date.
SecurityWeek
CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability
CISA has added five bugs to its Known Exploited Vulnerabilities catalog, including the recent WordPad, Skype, and HTTP/2 zero-days.
CyberSecurity Dive
CISA urges security upgrades as DDoS continues to target Rapid Reset zero day
Microsoft released guidance on mitigation steps, while F5 warned about denial of service attack risk against Nginx Open Source.
Cyber Security News
Hackers Exploiting Citrix NetScaler Vulnerability to Steal User Credentials
Threat actors were attacking unpatched NetScaler Gateways using the vulnerability classified as CVE-2023-3519, to inject malicious script.
SecurityWeek
SAP Releases 7 New Notes on October 2023 Patch Day
SAP has released seven new notes as part of its October 2023 Security Patch Day, all rated ‘medium severity’.
SecurityWeek
‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History
A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.
The Hacker News
Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials
Hackers are exploiting the CVE-2023-3519 vulnerability in Citrix NetScaler devices for credential harvesting attacks.
Bleeping Computer
Hackers hijack Citrix NetScaler login pages to steal credentials
Hackers are conducting a large-scale campaign to exploit the recent CVE-2023-3519 flaw in Citrix NetScaler Gateways to steal user credentials.
SecurityWeek
Credential Harvesting Campaign Targets Unpatched NetScaler Instances
Threat actors are targeting Citrix NetScaler instances unpatched against CVE-2023-3519 to steal user credentials.
CyberSecurity Dive
5 ways to help instill a cybersecurity culture within your organization
Educate your workforce on the importance of mitigating cybersecurity threats to help prevent a cyberattack on your organization.
SecurityWeek
In Other News: Funding Increase, Abuse of Smartphone Location Data, Legal Matters
Noteworthy stories that might have slipped under the radar: cybersecurity funding increases and illegal use of smartphone location data.
SecurityWeek
Organizations Warned of Top 10 Cybersecurity Misconfigurations Seen by CISA, NSA
CISA and the NSA are urging network defenders and software developers to address the top ten cybersecurity misconfigurations.
Infosecurity News
CISA and NSA Publish Top 10 Misconfigurations
Data was compiled from real-world read and blue team engagements
SecurityWeek
CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws
CISA has removed from its KEV catalog five Owl Labs video conferencing flaws that require the attacker to be in Bluetooth range.
The Hacker News
GitHub's Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack
GitHub's secret scanning just got even better! Now supporting AWS, Microsoft, Google, and Slack tokens, ensuring your code's safety.
CyberSecurity Dive
Where to invest to close the cyber skills gap
The Cybersecurity and Infrastructure Security Agency is making progress on its effort to more efficiently hire cybersecurity professionals, implementing process changes other organizations can learn from.
Bleeping Computer
NSA and CISA reveal top 10 cybersecurity misconfigurations
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations.
Infosecurity News
CISA and NSA Tackle IAM Security Challenges in New Report
The document is authored by the Enduring Security Framework (ESF)
SecurityWeek
CISA, NSA Publish Guidance on IAM Challenges for Developers, Vendors
New US government guidance details the challenges that application developers and vendors face in identity and access management (IAM).
Infosecurity News
Record Numbers of Ransomware Victims Named on Leak Sites
A new Secureworks report finds that 2023 is on course to be the biggest year on record for victim naming on ‘name and shame’ sites
SecurityWeek
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol
The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security.
SecurityWeek
Addressing the People Problem in Cybersecurity
The people problem in cybersecurity is two-fold: a lack of security awareness among users and a lack of cybersecurity talent.
Infosecurity News
US Government Proposes SBOM Rules for Contractors
Public comment open until December 4
The Hacker News
CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities
CISA has identified 2 active vulnerabilities - CVE-2023-42793 and CVE-2023-28229.
CyberSecurity Dive
CISA pivots focus to China-linked threats against critical infrastructure
The agency now considers China the top nation-state threat, after a heavy emphasis on risks related to the Russia-Ukraine war.
Trend Micro
Exposing Infection Techniques Across Supply Chains and Codebases
This entry delves into threat actors' intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
Bleeping Computer
Atlassian patches critical Confluence zero-day exploited in attacks
Australian software company Atlassian released emergency security updates to fix a maximum severity zero-day vulnerability in its Confluence Data Center and Server software, which has been exploited in attacks.
SecurityWeek
Lyca Mobile Services Significantly Disrupted by Cyberattack
International mobile network operator Lyca Mobile says a cyberattack has significantly disrupted its services in many countries.
SecurityWeek
Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions
A local privilege escalation vulnerability (CVE-2023-4911) in the GNU C Library (glibc) can be exploited to gain full root privileges.
CSO
Google Chrome zero-day jumps onto CISA's known vulnerability list
A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog.
The Record
Atlassian, Apple warn customers of zero-days used in attacks
Two tech giants are warning their customers about zero-day vulnerabilities being exploited in attacks.
CyberSecurity Dive
AWS kicks off cloud race to mandate MFA by default
The cloud giant will start requiring users with the highest level of privileges to use MFA starting in mid-2024. Google, in response, said it will mandate MFA for certain accounts this year.