SecurityWeek
Exploitation of Critical ownCloud Vulnerability Begins
Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure.
The Hacker News
How Hackers Phish for Your Users' Credentials and Sell Them
Did you know that a single stolen credential can jeopardize your entire network? Protect your organization against sophisticated phishing attacks. Lea
The Hacker News
Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens
A vulnerability in Microsoft Access that could be exploited to leak a Windows user’s NTLM tokens.
Bleeping Computer
Ransomware attack on indie game maker wiped all player accounts
A ransomware attack on the "Ethyrial: Echoes of Yore" MMORPG last Friday destroyed 17,000 player accounts, deleting their in-game items and progress in the game.
SecurityWeek
Hacktivism: What’s in a Name… It May be More Than You Expect
Hacktivists should be treated as malicious hackers because the distance between hacking/activism, malevolence, and damage is too small and too vague.
SecurityWeek
UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws
UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks.
Security Affairs
Lazarus is using a MagicLine4NX zero-day in supply chain attack
UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in a supply-chain attack.
Cyber Security News
PolarDNS - A Free DNS Server For Vulnerability Research & Pentesting
Oryxlabs recently launched a free DNS server that is written in Python 3.x for vulnerability research and pentesting, dubbed as "PolarDNS."
Bleeping Computer
UK and South Korea: Hackers use zero-day in supply-chain attack
A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou
Security Affairs
Exposed Kubernetes secrets can fuel supply chain attacks
Researchers warn of publicly exposed Kubernetes configuration secrets that could pose a threat of supply chain attack for organizations.
The Hacker News
Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel
Researchers found a Rust version of SysJoker, a cross-platform backdoor used by Hamas-affiliated threat actor targeting Israel during ongoing conflict
The Record
How one Russian nonprofit is trying to crack through the Kremlin’s censorship wall
A decade after its founding, the internet freedom organization Roskomsvoboda finds itself adjusting to harsh political and social realities within Russia, where a wartime regime continues to expand its authority over the internet.
Cyber Security News
Hackers using Weaponized Office Document to Exploit Windows Search RCE
A new attack chain campaign has been discovered which involves the exploitation of CVE-2023-36884 and CVE-2023-36584. CVE-2023-36884.
Cyber Security News
WailingCrab Malware Abuse Messaging Protocol for C2 Communications
WailingCrab's backdoor component has been in contact with the C2 since the middle of 2023 via the lightweight IoT message protocol MQTT.
CyberNews
DDoS has evolved in 2023: longer, more frequent, and more sophisticated
Novel approaches allow cyberattackers to bypass geoblocking defenses, flooding servers more frequently and for longer.
Cyber Security News
Citrix Warns Admin to Kill Active or Persistent Sessions to Thwart Hackers
This vulnerability affected Citrix NetScaler Gateway and ADC devices. Following this, AssetNote published a proof-of-concept for this vulnerability named “CitrixBleed.”
Ars Technica
Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet
Internet scans show 7,000 devices may be vulnerable. The true number could be higher.
DarkReading
Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack
The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more.
Bleeping Computer
Open-source Blender project battling DDoS attacks since Saturday
Blender has confirmed that recent site outages have been caused by ongoing DDoS (distributed denial of service) attacks that started on Saturday.
Cyber Security News
Hackers Exploiting 0-day RCE Flaws in the Wild to Deploy Mirai Malware
The Mirai botnet is a malicious network of infected computers, routers, and IoT devices harnessed by cybercriminals to launch large-scale DDoS attacks.
The Hacker News
AI Solutions Are the New Shadow IT
AI Solutions Are the New Shadow IT - Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks
Ars Technica
USB worm unleashed by Russian state hackers spreads worldwide
LitterDrifter's means of self-propagation are simple. So why is it spreading so widely?
Trend Micro
Packet Reflection Threats in Private 5G Networks
Dive into the world of private 5G networks and learn about a critical security vulnerability that could expose IoT devices to attacks from external networks.
Trend Micro
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
.webp)
Cyber Security News
Rhysida Ransomware Attacking Windows Machine Through VPN Devices and RDP
Rhysida, a new ransomware group, hit its first victim in May 2023. They use their ransomware, offered as RaaS (Ransomware-as-a-Service), with at least 50 global victims listed on their website.
Bleeping Computer
Criminal IP Becomes VirusTotal IP and URL Scan Contributor
The Criminal IP Threat Intelligence (CTI) search engine has integrated its IP address and URL scans into VirusTotal. Learn more from Criminal IP about how this integration can help you.
CyberNews
Ransomware that all the script kiddies want to Play with
The Russian-affiliated threat actor Play ransomware gang is now a service for sale, according to cybersecurity analyst Adlumin.
Bleeping Computer
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine
A recently discovered worm that researchers call LittleDrifter has been spreading over USB drives infecting systems in multiple countries as part of a campaign from the Gamaredon state-sponsored espionage group.
DarkReading
Amid Military Buildup, China Deploys Mustang Panda in the Philippines
China pairs cyber and kinetic attacks in the South Pacific as it continues to wrangle control of the South China Sea.
.webp)
Cyber Security News
LitterDrifter Powershell Worm Rapidly Spreads on USB Drives by Itself
Gamaredon (aka Primitive Bear, ACTINIUM, and Shuckworm), stands out in Russian espionage by exclusively targeting Ukrainian entities.
SecurityWeek
Russia's LitterDrifter USB Worm Spreads Beyond Ukraine
Russian Gamaredon’s self-propagating LitterDrifter USB worm spreads from Ukraine to the US and other countries.
Security Affairs
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB.
Bleeping Computer
Exploit for CrushFTP RCE chain released, patch now
A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
DarkReading
Actions to Take to Defeat Initial Access Brokers
Initial access brokers (IAB) are often difficult to track. This Tech Tip spells out some countermeasures enterprises need to defend against stolen credentials.
Bleeping Computer
British Library: Ongoing outage caused by ransomware attack
The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations.
The Hacker News
27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts
Beware of fake Python libraries! 27 malicious packages found on PyPI, disguised as legitimate ones.
Infosecurity News
British Library: Ransomware Recovery Could Take Months
Famed institution warns of ongoing disruption
Infosecurity News
Sandworm Linked to Attack on Danish Critical Infrastructure
A report described the coordinated attack, in which 22 critical infrastructure firms were targeted
The Hacker News
CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks
U.S. agencies warn of Rhysida ransomware double extortion attacks on multiple industries, including education, manufacturing and IT.
The Hacker News
Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure
Denmark's energy sector hit by massive cyberattack! In May 2023, 22 Danish energy sector companies were simultaneously targeted.
Bleeping Computer
The OWASP Top 10: What They Are and How to Test Them
This article takes a deep dive into the OWASP Top 10 and advises on how to test your web applications for susceptibility to these security risks.
Infosecurity News
ALPHV/BlackCat Ransomware Gang Targets Businesses Via Google Ads
Nitrogen serves as initial-access malware, using obfuscated Python libraries for stealth
Security Affairs
Gamblers’ data compromised after casino giant Strendus fails to set password
Mexican online casino Strendus has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling.
Bleeping Computer
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks
The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site's database.
SecurityWeek
Zip Raises $7.7 Million to Expand SMB Cybersecurity Business
Zip Security raised $7.7 million in funding led by General Catalyst, co-led by Human Capital, and with participation from Box Group.
.jpg)
DarkReading
Royal Ransom Demands Exceed $275M, Rebrand in Offing
The swift-moving ransomware crew continues to evolve quickly and has already attacked more than 350 victims since it was first detected just over a year ago.
Cyber Security News
10 Best Network Security Companies For CISO - 2024
Best Network Security Companies for CISO: 1. Perimeter81 2. Palo Alto Networks 3. Cisco 4. Check Point 5. IBM 6. Crowdstrike 7. Trend Micro.
SecurityWeek
Hacker Conversations: Chris Wysopal, AKA Weld Pond
Chris Wysopal (AKA Weld Pond) founder and CTO of Veracode and member of the hacker collective L0pht Heavy Industries.
CyberNews
Gamblers’ data compromised after casino giant fails to set password
One of the biggest online casinos in Mexico has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling.
Trend Micro
A Closer Look at ChatGPT's Role in Automated Malware Creation
This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models.
Infosecurity News
Python Malware Poses DDoS Threat Via Docker API Misconfiguration
Cado Security Labs said the bot agent exhibited various methods for conducting DDoS attacks
Bleeping Computer
Criminal IP & Cisco SecureX/XDR: Enhanced Cyber Threat Analysis
The Criminal IP threat intelligence search engine by AI SPERA has recently integrated with Cisco SecureX/XDR, empowering organizations to stay ahead of malicious actors. Learn more about this integration from Criminal IP in this article.
Latest Hacking News
WhatsApp Enhances Call Security With Location Hiding, Unknown Call Block
Stepping ahead to enhance users’ privacy, WhatsApp improvises its call feature security by launching two new features. These features facilitate users in hiding their location during calls and block calls from unknown numbers. WhatsApp Rolls Out
Latest Hacking News
Multiple Vulnerabilities Found In PureVPN – One Remains Unpatched
Researchers spotted a couple of security vulnerabilities in PureVPN Desktop clients for Linux that impact users’ privacy. While PureVPN patched one flaw, another RCE vulnerability remains unpatched. Numerous PureVPN Vulnerabilities Affected Linux Clients Security researchers Rafay Baloch
Bleeping Computer
Iranian hackers launch malware attacks on Israel’s tech sector
Security researchers have tracked a new campaign from Imperial Kitten targeting transportation, logistics, and technology firms.
Cyber Security News
Best Security Solutions for Marketers - 2024
Best security solutions for Marketers: 1. Perimeter 81 2. Surfshark3. Private Internet Access 4. Malwarebytes 5. CyberGhost 6. GoodAccess
Bleeping Computer
Microsoft fixes Outlook Desktop bug causing slow saving issues
Microsoft has resolved a known issue causing significant delays for Microsoft 365 customers when saving attachments in Outlook Desktop.
.webp)
Cyber Security News
Hackers Trick Windows Users With Malicious Ads to Deliver Malware
Cybersecurity researchers at Malwarebytes recently identified a malicious campaign that mimics the WindowsReport.com portal.
Cyber Security News
Hackers Exploit Microsoft Access Feature to Steal Windows User’s NTLM Tokens
Microsoft Access is a relational database management system which is developed by Microsoft that allows users to store and manage data.
Cyber Security News
MOVEit Hackers Turn to SysAid Servers Zero-Day Vulnerability
SysAid disclosed a zero-day which was affecting on-premises SysAid servers. The vulnerability was found to be a path traversal vulnerability.
DarkReading
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank
Meanwhile, CISA joins the call to patch CVE-2023-4966 immediately amid reports of mass-exploit activity; at least 5,000 orgs remain exposed.
CyberNews
New malvertising campaign targets Windows geeks
A threat actor copied a legitimate Windows news website to deliver an infostealer for the CPU-Z processor tool.
Cyber Security News
Hackers Weaponize PDF Files to Deliver Multiple Ransomware Variants
PDF files are commonly used for their versatility, making them a prime target for malware delivery because they can embed malicious scripts or links.
Cyber Security News
Chinese Hackers Expanding Cyber Capabilities to Exploit Zero-Day Vulnerabilities
State-sponsored hackers or threat actors and their cyber operations are evolving at an alarming pace, leveraging advanced techniques and constantly adapting to exploit emerging vulnerabilities.
The Hacker News
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors
Iranian hacker group Imperial Kitten launches cyberattacks on transportation, logistics, and tech sectors, including Israel.
Trend Micro
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
Bleeping Computer
Microsoft: SysAid zero-day flaw exploited in Clop ransomware attacks
Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware.
Cyber Security News
ChatGPT-Powered Malware Attacking Cloud Platforms to Steal Login Credentials
Threat actors can ChatGPT to generate convincing phishing emails or deceptive content that encourages users to download malware.
Infosecurity News
OpenAI Reveals ChatGPT Is Being DDoS-ed
OpenAI has admitted DDoS attacks are the cause of intermittent ChatGPT outages since November 8
The Record
Iranian Charming Kitten hackers targeted Israeli organizations in October
The Iranian hacking group targeted organizations in Israel’s transportation, logistics and technology sectors amid an uptick in Iranian cyber activity since the start of Israel’s war with Hamas.
Bleeping Computer
WhatsApp now lets users hide their location during calls
WhatsApp is rolling out a new privacy feature that helps Android and iOS users hide their location during calls by relaying the connection through WhatsApp servers.
The Hacker News
WhatsApp Introduces New Privacy Feature to Protect IP Address in Calls
WhatsApp is rolling out a new privacy feature: 'Protect IP Address in Calls' making it harder for bad actors to infer location & enabling an anonymity
Cyber Security News
What is Crowdsourced Threat Intelligence?
Crowdsourced threat intelligence is a type of threat intelligence that is gathered and analyzed from a variety of sources.
Bleeping Computer
BlueNoroff hackers backdoor Macs with new ObjCShellz malware
The North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices.
DarkReading
North Korea's BlueNoroff APT Debuts 'Dumbed Down' macOS Malware
Kim Jong-Un's hackers are scraping the bottom of the barrel, using script kiddie-grade malware to steal devalued digital assets.
Cyber Security News
RedLine Malware Steals Sensitive Data and Installs More Malware
Researchers from Any Run saw again its active activity intended to develop to steal, cause financial loss, and data, targeting both enterprise and personal devices.
Infosecurity News
New BlueNoroff Malware Variant Targets Cryptocurrency Exchanges
Jamf Threat Labs found a Mach-O universal binary communicating with an identified malicious domain
The Hacker News
Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws
Ransomware groups are actively exploiting critical flaws in Atlassian Confluence & Apache ActiveMQ.
Ars Technica
Critical vulnerability in Atlassian Confluence server is under “mass exploitation”
Atlassian's senior management is all but begging customers to take immediate action.
Cyber Security News
Okta Employee's Use of Personal Google Account Leads to Security Breach
A threat actor obtained unauthorized access to files connected to 134 Okta customers, or less than 1% of Okta customers.
Infosecurity News
Okta Breach Hit Over 130 Customers
Several suffered follow-on session hijacking attacks
Bleeping Computer
Socks5Systemz proxy service infects 10,000 systems worldwide
A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices.
Cyber Security News
Threat and Vulnerability Roundup for the week of October 29th to November 4th
welcome to Cyber Writes' weekly publication - the Threat and Vulnerability Roundup! Get ready to dive into the latest and greatest in cybersecurity, as we bring you the most up-to-date information each week.
Ars Technica
No, Okta, senior management, not an errant employee, caused you to get hacked
If a transgression by a single employee breaches your network, you're doing it wrong.
DarkReading
Critical Atlassian Bug Exploit Now Available; Immediate Patching Needed
In-the-wild exploit activity from dozens of cyberattacker networks is ramping up for the security vulnerability in Confluence, tracked as CVE-2023-22518.
Bleeping Computer
Google Play adds security audit badges for Android VPN apps
Google Play, Android's official app store, is now tagging VPN apps with an 'independent security reviews' badge if they conducted an independent security audit of their software and platform.
The Record
Okta defends 2-week gap in response to identity token theft, says 134 customers affected
The identity management company said that from September 28, to October 17, a threat actor “gained unauthorized access to files inside Okta’s customer support system associated with 134 Okta customers.”
CSO
Red Sift adds protection against phishing, BEC, and brand abuse
The new capabilities will bolster a company’s cyber resilience, especially in the areas of brand impersonation, BEC, and PKI certificates.
Bleeping Computer
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide
Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region.
Bleeping Computer
Hackers exploit recent F5 BIG-IP flaws in stealthy attacks
F5 is warning BIG-IP admins that devices are being breached by "skilled" hackers exploiting two recently disclosed vulnerabilities to erase signs of their access and achieve stealthy code execution.
SecurityWeek
Mass Exploitation of 'Citrix Bleed' Vulnerability Underway
Multiple threat actors are exploiting CVE-2023-4966, aka Citrix Bleed, a critical vulnerability in NetScaler ADC and Gateway.
SecurityWeek
DPI: Still Effective for the Modern SOC?
DPI can still be useful in a modern SOC, but its effectiveness and relevance depend on the specific security needs of the organization.
The Hacker News
Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability
F5 warns of active exploitation of a critical flaw (CVE-2023-46747) in BIG-IP, enabling attackers to execute system commands.
DarkReading
'Prolific Puma' Hacker Gives Cybercriminals Access to .us Domains
Cybercriminals are upping their phishing with shortened links and showing that coveted, regulated top-level domains aren't as exclusive as you'd think.
Bleeping Computer
Massive cybercrime URL shortening service uncovered via DNS data
A threat actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected.
SecurityWeek
Attackers Exploiting Critical F5 BIG-IP Vulnerability
Exploitation vulnerability (CVE-2023-46747) in F5’s BIG-IP began less than five days after public disclosure and PoC exploit code was published.
The Hacker News
PentestPad: Platform for Pentest Teams
Pen test team up with PentestPad to supercharge your performance & achieve exceptional results with automated report generation, real-time collaborati
Bleeping Computer
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked
Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices.
DarkReading
Google Dynamic Search Ads Abused to Unleash Malware 'Deluge'
An advanced feature of Google targeted ads can allow a rarely precedented flood of malware infections, rendering machines completely useless.
Ars Technica
“This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard
By some estimates, 20,000 devices have already been hacked.
Latest Hacking News
Critical F5 BIG-IP Flaw Allows Remote Code Execution Attacks
A critical security flaw existed in the F5 BIG-IP Configuration utility that allows an adversary to execute arbitrary commands. In worst-case exploits, an attacker having prior access to the target network may easily exploit the
The Hacker News
ServiceNow Data Exposure: A Wake-Up Call for Companies
ServiceNow exposes sensitive data due to misconfigurations. Learn how this could've jeopardized your business and the steps to ensure your data is sec
Computerworld
‘Data poisoning’ anti-AI theft tools emerge — but are they ethical?
New tools that can corrupt digitized artwork and other copyrighted materials are emerging to thwart generative AI models that scrape the internet to learn and provide content.
The DFIR Report
Netsupport Intrusion Results in Domain Compromise - The DFIR Report
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report … Read More
The Record
Russian hacking tool floods social networks with bots, researchers say
Low-skill cybercriminals are using a new tool to create hundreds of fake social media accounts in just a few seconds.
Cyber Security News
BIG-IP Vulnerability Allows Attackers to Execute Remote Code
A critical security flaw that might allow for unauthenticated BIG-IP has been identified and is categorized as CVE-2023-46747 with a 9.8 CVSS score.
Ars Technica
Microsoft profiles new threat group with unusual but effective practices
Octo Tempest employs tactics that many of its targets aren't prepared for.
Cyber Security News
11 Best Cloud Access Security Broker Software (CASB) - 2023
Best Cloud Access Security Broker (CASB) Software: 1. DoControl CASB 2. Microsoft Cloud App Security 3. Forcepoint 4. Palo Alto Networks.
Bleeping Computer
F5 fixes BIG-IP auth bypass allowing remote code execution attacks
A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution.
SecurityWeek
In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding
Noteworthy stories that might have slipped under the radar: Ex-NSA employee spying for Russia, EU threat landscape, cyber education funding
SecurityWeek
F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP
A critical-severity vulnerability in F5 BIG-IP CVE-2023-46747 allows unauthenticated attackers to execute code remotely.
The Hacker News
F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution
F5 warns of a critical vulnerability (CVE-2023-46747) in BIG-IP, allowing unauthenticated remote code execution.
Trend Micro
How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime
This report explores the Kopeechka service and gives a detailed technical analysis of the service’s features and capabilities and how it can help cybercriminals to achieve their goals.
SecurityWeek
Key Learnings from “Big Game” Ransomware Campaigns
Steps every organization should take to leverage threat and event data across the lifecycle of a cyber incident.
Cyber Security News
Why Small Businesses Need a Malware Sandbox ? - Top 3 Reasons in 2023
Running a small business can often lead to the misconception that cyber security is not a priority due to the company's size.
Bleeping Computer
Chilean telecom giant GTD hit by the Rorschach ransomware gang
Chile's Grupo GTD warns that a cyberattack has impacted its Infrastructure as a Service (IaaS) platform, disrupting online services.
Bleeping Computer
Microsoft tests Windows 11 encrypted DNS server auto-discovery
Microsoft is testing support for the Discovery of Network-designated Resolvers (DNR) internet standard, which enables automated client-side discovery of encrypted DNS servers on local area networks.
CSO
Citrix urges immediate patching of critically vulnerable product lines
NetScaler ADC and NetScaler Gateway have multiple high-severity vulnerabilities that can allow information disclosure and denial of service (DoS) attacks on affected versions.
Ars Technica
Apple backs national right-to-repair bill, offering parts, manuals, and tools
Repair advocates say Apple's move is beneficial, but also strategic.
CSO
Businesses face “silent infiltration” of generative AI as use spirals out of control
Business leaders appear to have lost control over the deployment of generative AI despite just 28% of organizations expressly permitting its use.
SecurityWeek
Mandiant Intelligence Chief Raises Alarm Over China's 'Volt Typhoon' Hackers in US Critical Infrastructure
Critical infrastructure defenders should urgently work to find and remove traces of Volt Typhoon, a Chinese government-backed hacking team.
SecurityWeek
Hackers Earn $400k on First Day at Pwn2Own Toronto 2023
NAS devices, printers, IP cameras, speakers, and mobile phones were hacked on the first day at Pwn2Own Toronto 2023.
Latest Hacking News
Google Plans To Roll Out IP Protection Feature In Chrome Browser
Taking a step ahead to protect users’ privacy, Google has now decided to test a new IP protection feature in its Chrome browser. This feature will hide users’ real IP addresses, allowing them to evade
CSO
Cisco patches IOS XE vulnerabilities actively being exploited
CVE-2023-20198 and CVE-2023-20273 affect Cisco IOS XE software if the web UI feature is enabled.
Bleeping Computer
VMware warns admins of public exploit for vRealize RCE flaw
VMware warned customers on Monday that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs).
CSO
Okta support system breach highlights need for strong MFA policies
Breach was detected and blocked before it granted access to attackers due to the enforcement of multifactor authentication.
The Record
Delete-your-data laws have a perennial problem: Data brokers who fail to register
Laws requiring data brokers to register with state governments are not protecting the public the way they should, experts say, because enforcement has been inadequate.
DarkReading
Freelance Market Flooded With North Korean IT Actors
Organizations should be careful that the workers they hire on a freelance and temporary basis are not operatives working to funnel money to North Korea's WMD program, US DOJ says.
DarkReading
Freelance Market Flooded With North Korean IT Actors
US DoJ: Beware of hiring freelance and temporary workers that could be operatives working to funnel money to North Korea's WMD program.
Bleeping Computer
Cisco patches IOS XE zero-days used to hack over 50,000 devices
Cisco has addressed the two vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that hackers exploited to compromise tens of thousands of IOS XE devices over the past week.
Cyber Security News
Over 50K Cisco IOS XE Devices Hacked Exploiting Zero-day
Cisco discovered active exploitation of a new vulnerability (CVE-2023-20198) in Cisco IOS XE software's Web UI, impacting more than 50K devices.
Bleeping Computer
Google Chrome's new "IP Protection" will hide users' IP addresses
Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers.
Ars Technica
Okta says hackers breached its support system and viewed customer files
Hackers obtained valid credentials, but Okta doesn't say how.
Bleeping Computer
Cisco discloses new IOS XE zero-day exploited to deploy malware implant
Cisco disclosed a new high-severity zero-day (CVE-2023-20273) today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week.
SecurityWeek
Okta Support System Hacked, Sensitive Customer Data Stolen
Okta warns that hackers broke into its support case management system and stole sensitive data that can be used to impersonate valid users.
Bleeping Computer
Okta says its support system was breached using stolen credentials
Okta says attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials.
SecurityWeek
In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack
Summary of notable cybersecurity news stories that may be top headlines, but are important for the week of October 16, 2023.
The Hacker News
Malvertisers Using Google Ads to Target Users Searching for Popular Software
Beware of fake software ads on Google Search! Hackers use Google Ads to direct users searching for popular software to malicious copycats.
Bleeping Computer
Fake Corsair job offers on LinkedIn push DarkGate malware
A threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair to lure people into downloading info-stealing malware like DarkGate and RedLine.
Bleeping Computer
Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day
More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability tracked as CVE-2023-20198.
Trend Micro
Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores
In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane.
Ars Technica
The latest high-severity Citrix vulnerability under attack isn’t easy to fix
If you run a Netscaler ADC or Gateway, assume it's compromised and take action ... fast.
DarkReading
Patch Now: APTs Continue to Pummel WinRAR Bug
State-sponsored cyberespionage actors from Russia and China continue to target WinRAR users with various info-stealing and backdoor malware, as a patching lag plagues the software's footprint.
Cyber Security News
Hackers Use Discord for C&C to Exploit Jupyter Notebooks & SSH
Jupyter Notebooks that are exposed to the internet are targeted by a crypto jacking campaign called Qubit Strike, discovered by Cado Security Labs.
The Hacker News
Vulnerability Scanning: How Often Should I Scan?
Discover the importance of continuous vulnerability scanning in 2023 and how it can protect your business from emerging threats.
SecurityWeek
Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000
The number of Cisco devices hacked via the CVE-2023-20198 zero-day has reached 40,000, including many in the US.
SecurityWeek
North Korean Hackers Exploiting Recent TeamCity Vulnerability
Multiple North Korean hacking groups have exploited a recent TeamCity vulnerability and Microsoft warns of potential supply chain attacks.
CyberScoop
Unidentified attackers breach tens of thousands of Cisco devices
Attackers are actively exploiting vulnerable Cisco software to primarily target telecommunications companies, researchers say.
Cyber Security News
Best Unified Network Security Solutions for Small Businesses
Best Unified Network Security Solutions for Small Businesses. 1. Perimeter 81, 2. Snort, 3. OSSEC, 4. Wireshark, 5. Burp Suite, 6. Splunk.
Infosecurity News
ISACA CEO Hails Europe as a Lighthouse of Capability
ISACA's new CEO highlights growth of its European membership as the Association works on an aggressive growth strategy
CyberNews
DDoS attacks trending upwards: multiple EU websites under siege
DDoS attacks are currently on the rise.
The Hacker News
Qubitstrike Targets Jupyter Notebooks with Crypto Mining and Rootkit Campaign
A new cyber threat emerges! Discover how Qubitstrike, linked to Tunisia, targets Jupyter Notebooks for crypto mining and cloud breaches.
Bleeping Computer
Recently patched Citrix NetScaler bug exploited as zero-day since August
A critical vulnerability tracked as CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been actively exploited as a zero-day since late August, security researchers announced.
SecurityWeek
Lost and Stolen Devices: A Gateway to Data Breaches and Leaks
Strategies to prevent lost and stolen computers from contributing to data breaches and leaks.
SecurityWeek
Recent NetScaler Vulnerability Exploited as Zero-Day Since August
Mandiant says the recently patched Citrix NetScaler vulnerability CVE-2023-4966 had been exploited as zero-day since August.
Bleeping Computer
Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials
Hackers are scanning for internet-exposed Jupyter Notebooks to breach servers and deploy a cocktail of malware consisting of a Linux rootkit, crypto miners, and password-stealing scripts.
Cyber Security News
CISA, FBI Warns of Critical Atlassian Zero-Day Flaw Under Active Attack
A serious security flaw in some versions of Atlassian Confluence Data Center and Server has been exploited by hackers.
CSO
Critical Cisco IOS XE vulnerability gives attackers control of devices
Active exploits have been seen in the wild for a major vulnerability affecting Cisco’s router software, the company disclosed this week.
Bleeping Computer
Malicious Notepad++ Google ads evade detection for months
A new Google Search malvertizing campaign targets users looking to download the popular Notepad++ text editor, employing advanced techniques to evade detection and analysis.
Cyber Security News
Top 10 Best Insider Risk Management Platforms - 2023
Best Insider Risk Management Platforms. 1. DoControl 2.ActivTrak 3. Elevate Platform 4. Splunk 5.Varonis 6.Forcepoint 7.Securonix 8. Observe It 9. Exabeam 10.LogRhythm
The Hacker News
Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
Two major vulnerabilities in open-source CasaOS personal cloud software could allow attackers to gain full control of your system.
Cyber Security News
Threat Actors Actively Exploiting Cisco IOS XE Zero-day Vulnerability
A new Zero-day vulnerability (CVE-2023-20198) in Cisco IOS XE's Web UI feature that affects devices with exposed HTTP/HTTPS Server functionality.
Infosecurity News
Cisco Warns of Critical Vulnerability in IOS XE Software
The tech giant has issued guidance to mitigate exploitation of the flaw, which has the highest severity rating
CyberSecurity Dive
Cisco’s critical IOS XE software zero day is a ‘bad situation’
Researchers from VulnCheck said they have found thousands of implanted hosts.
The Hacker News
Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers
Milesight's industrial routers risk unauthorized web interface access, while Titan MFT and Titan SFTP servers face remote
SecurityWeek
WordPress Websites Hacked via Royal Elementor Plugin Zero-Day
A critical vulnerability in the Royal Elementor WordPress plugin has been exploited as a zero-day since August 30.
Cyber Security News
EtherHiding: A Novel Technique to Hide Malicious Code Using Binance's Smart Chain
“EtherHiding” which abuses Binance's Smart Chain (BSC) contracts to host parts of a malicious code chain to hide them inside the blockchain.
The Hacker News
Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild
Cisco alerts about a critical unpatched zero-day security vulnerability in its IOS XE software that's under active exploitation.
The Record
Russia wants to isolate its internet, but experts warn it won’t be easy
As Russia’s war with Ukraine drags on, the Kremlin has doubled down on its efforts to take control of the internet on its own turf.
DarkReading
Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit
No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication.
Ars Technica
Actively exploited Cisco 0-day with maximum 10 severity gives full network control
An unknown threat actor is exploiting the vulnerability to create admin accounts.
Bleeping Computer
Hackers exploit critical flaw in WordPress Royal Elementor plugin
A critical severity vulnerability impacting Royal Elementor Addons and Templates up to version 1.3.78 is reported to be actively exploited by two WordPress security teams.
Bleeping Computer
Cisco warns of new IOS XE zero-day actively exploited in attacks
Cisco warned admins today of a new and maximum severity zero-day vulnerability in its IOS XE Software that can let attackers gain full administrator privileges and take complete control of affected routers.
CSO
Cybercriminals register .AI domains of trusted brands for malicious activity
Third parties are registering brands under the .AI domain to launch phishing attacks or other types of brand abuse.
Bleeping Computer
Fake 'RedAlert' rocket alert app for Israel installs Android spyware
Israeli Android users are targeted by a malicious version of the 'RedAlert - Rocket Alerts' app that, while it offers the promised functionality, acts as spyware in the background.
Infosecurity News
Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict
Hacktivists claim DDoS attacks against Israeli websites as cybersecurity experts urge caution in believing these cyber-criminals’ claims
SecurityWeek
Signal Pours Cold Water on Zero-Day Exploit Rumors
Privacy-focused messaging firm Signal is pouring cold water on widespread rumors of a zero-day exploit in its popular encrypted chat app.
SecurityWeek
Milesight Industrial Router Vulnerability Possibly Exploited in Attacks
A vulnerability affecting Milesight industrial routers, tracked as CVE-2023-4326, may have been exploited in attacks.
Ars Technica
Google will shield AI users from copyright challenges, within limits
New policy covers training data and AI output—but no mention of Bard.
DarkReading
ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic
The botnet — built for DDoS, backdooring, and dropping malware — is evading standard URL signature detections with a novel approach.
Computerworld
Microsoft addresses three zero-days for October’s Patch Tuesday
Microsoft this week rolled out 103 security updates, including for three zero-day vulnerabilities affecting Windows and Edge.
Ars Technica
How DDoSers used the HTTP/2 protocol to deliver attacks of unprecedented size
More than 8 years after the adoption of HTTP/2, DDoSers devise rapid reset attack.
Latest Hacking News
Microsoft October Patch Tuesday Fixes 100+ Flaws, Including Zero-Days
With October Patch Tuesday, Microsoft fixed 104 security vulnerabilities across different products, including three zero-day flaws. While Microsoft ensures automatic roll-out of the updates to all eligible devices, users must still check their systems for
CyberSecurity Dive
Critical Atlassian Confluence CVE under exploit by prolific state-linked actor
Microsoft researchers warn a threat actor with ties to China has been exploiting the vulnerability since mid-September.
The Record
CISA plans to share more information on ransomware actors in its exploited vulnerability alerts
The U.S.’s top cybersecurity agency said it plans to add a section dedicated to ransomware gangs to its list of vulnerabilities being exploited by hackers.
Bleeping Computer
Shadow PC warns of data breach as hacker tries to sell gamers' info
Shadow PC, a provider of high-end cloud computing services, is warning customers of a data breach that exposed customers' private information, as a threat actor claims to be selling the stolen data for over 500,000 customers.
The Hacker News
ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers
Ever heard of an IP address in hexadecimal notation? It's the latest disguise hackers use to deploy DDoS malware on Linux systems.
DarkReading
Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available
Organizations should brace for mass exploitation of CVE-2023-22515, an uber-critical security bug that opens the door to crippling supply chain attacks on downstream victims.
Bleeping Computer
Exchange Online mail delivery issues caused by anti-spam rules
Microsoft is investigating Exchange Online mail delivery issues causing "Server busy" errors and delays when receiving emails from outside organizations.
Cyber Security News
How LLM-like Models like ChatGPT patch the Security Gaps in SoC Functions
The emergence of Large Language Models (LLMs) is transforming NLP, enhancing performance across NLG, NLU, and information retrieval tasks.
Bleeping Computer
Microsoft: State hackers exploiting Confluence zero-day since September
Microsoft says a Chinese-backed threat group tracked as 'Storm-0062' (aka DarkShadow or Oro0lxy) has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023.
SecurityWeek
Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks
Organizations respond to HTTP/2 Rapid Reset zero-day vulnerability exploited to launch the largest DDoS attacks seen to date.
Infosecurity News
October Patch Tuesday Addresses Three Zero-Days
Microsoft issues updates for over 100 flaws
Cyber Security News
Nation-state Hackers Exploiting Confluence Zero-day Vulnerability
Microsoft has detected the nation-state threat actor Storm-0062, also known as DarkShadow or Oro0lxy, exploiting CVE-2023-22515.
The Hacker News
Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits
Microsoft's October 2023 Patch Tuesday: 103 new vulnerabilities addressed, including 2 zero-days and 13 critical ones.
Cyber Security News
HTTP/2 Rapid Reset Zero-day Flaw Exploited to Launch Massive DDoS Attack
Cloudflare was unexpectedly hit by an enormous HTTP attack that peaked at over 201 million requests per second.
SecurityWeek
Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks
An APT group tracked as Storm-0062 has been hacking Confluence installations since mid-September, three weeks before Atlassian’s disclosure.
DarkReading
Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug
October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons.
SecurityWeek
Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business
Microsoft patches more than 100 vulnerabilities across the Windows ecosystem and warned that three are already being exploited in the wild.