The United States State Department has recently revealed a $10 million reward for any valuable information that could lead to the detection or whereabouts of the principal members of the Hive ransomware gang. Following that, the State Department has announced a $5 million reward for providing any information that leads to the arrest or conviction […]
The post U.S. Offers $10 Million Reward for Information on Hive Ransomware appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform .
Protect Your Network From Data Breach Prevent malware from infecting your network at the delivery stage by intercepting malicious files in transit from their source to the target device’s web browser.
Source: gbHackers
Source Link:
https://gbhackers.com/hive-ransomware-10-million-reward/ CVE mentions by industry news FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT New Attack Against Self-Driving Car AI Russia-linked APT28 targets government Polish institutions Citrix warns customers to update PuTTY version installed on their XenCenter system manually The Pentagon says it worked with Ukraine and SpaceX to successfully block Russian military use of Starlink; some Russian users complain of connectivit The Post Millennial - 26,818,266 breached accounts ElevenLabs previews a music-generating AI model, showing samples of songs with lyrics generated from text prompts (Ken Yeung VentureBeat) A new alert system from CISA seems to be effective now we just need companies to sign up CrowdStrike Enhances Cloud Asset Visualization to Accelerate Risk Prioritization Alibaba releases Qwen2.5, says its Qwen models are used by 90K+ companies; OpenCompass: Qwen2.5 beats GPT-4 in language, creation but not knowledge, r Russia-Linked CopyCop Uses LLMs to Weaponize Influence Content at Scale Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs Some Stack Overflow users say their account was suspended after they attempted to alter their posts in protest of its OpenAI partnership to supply dat Top spy official releases principles on intel agency use of info bought from data brokers New TunnelVision technique can bypass the VPN encapsulation #RSAC: CISA Launches Vulnrichment Program to Address NVD Challenges Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution How an Iranian-linked influence campaign pivoted after Oct. 7 attack on Israel Google launches Google Wallet for Android in India and partners with 20+ brands to let users store boarding passes, loyalty cards, event tickets, and Sources: BigCommerce, provider of software and an e-commerce platform to retailers, is exploring a sale after losing 90% of its market value since its Law enforcement agencies identified LockBit ransomware admin and sanctioned him New Attack on VPNs HYPR and Microsoft Partner on Entra ID External Authentication Methods Verizon: Nearly 80% of Data Breaches Involve Phishing and the Misuse of Credentials U.S. Charges Russian Man as Boss of LockBit Ransomware Group OpenAI says it's developing a Media Manager tool, slated for release by 2025, to let content owners identify their works to OpenAI and control ho US, UK authorities unmask Russian national as LockBit administrator China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion - The Hacker News MITRE attributes the recent attack to China-linked UNC5221 China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion The Education Sector Experienced the Highest Number of Data Breaches in 2023 RSAC: Antony Blinken Highlights Urgency in Securing Foundational Tech Citrix NetScaler ADC & Gateway Flaw Lets Attackers Obtain Sensitive Data Remotely Elevating Cybersecurity: How CybeReady Transforms Threat Intelligence for Businesses RSAC: Securing Foundational Tech Critical to Upholding Democratic Values, Says Blinken State Department wants digital solidarity at center of tech diplomacy HYAS Threat Intel Report May 6 2024 UK armed forces personal data hacked in MoD breach UK military personnel s data hacked in MoD payroll breach Sources: China has hacked a payroll system used by the UK's Ministry of Defence, targeting service personnel; names and bank details have been ex The missed opportunities in White House s critical infrastructure directive Why Your VPN May Not Be As Secure As It Claims Best SIEM Tools List For SOC Team – 2024 Stealing cookies: Researchers describe how to bypass modern authentication Finland authorities warn of Android malware campaign targeting bank users Ransomware drama: Law enforcement seized Lockbit group’s website again Job applicant reveals 'foolproof' resume hack she used to land 3 part-time positions - New York Post NATO and the EU formally condemned Russia-linked APT28 cyber espionage Defense lawyers question the accuracy and reliability of Cybercheck, an AI tool used in thousands of US cases to identify suspects' locations and Unlocking SMB Cybersecurity: The Rise of Virtual CISOs in 2024 and Beyond Russia-linked APT28 and crooks are still using the Moobot botnet CrowdStrike Named the Only Customers Choice in 2024 Gartner Voice of the Customer for External Attack Surface Management CrowdStrike Named Overall Leader in Industry s First ITDR Comparative Report Microsoft organizational changes seek to address security failures Dirty stream attack poses billions of Android installs at risk Google Announces Passkeys Adopted by Over 400 Million Accounts UnitedHealth hackers used stolen login credentials to break in, CEO says - Reuters.com Ukrainian REvil gang member sentenced to 13 years in prison Tether partners with Chainalysis to identify risky crypto addresses that could be used for bypassing sanctions or illicit activities, like terrorist f Tether says it is working with Chainalysis to identify crypto wallets that could be used for bypassing sanctions or illicit activities like terrorist Manual LDAP Querying: Part 2 What can we learn from the passwords used in brute-force attacks? Threat actors hacked the Dropbox Sign production environment Karius, which uses AI to help analyze blood tests in 400 hospitals, raised $100M led by Khosla, after raising $165M in early 2020 led by Vision Fund I Google says 400M+ Google Accounts have used passkeys since the rollout, logging 1B+ authentications, and expands passkeys to its Advanced Protection P IAM and Passkeys: 4 Steps Towards a Passwordless Future Iranian hackers impersonate journalists in social engineering campaign Reading the Mandiant M-Trends 2024 Ex-NSA employee sentenced to 262 months in prison for attempting to transfer classified documents to Russia CVE-2024-27322 Vulnerability Found in R Programming Language Cuttlefish malware targets enterprise-grade SOHO routers Ex-NSA employee sentenced to 262 months for attempting to transfer classified documents to Russia A flaw in the R programming language could allow code execution DBIR: Vulnerability Exploits Triple as Initial Access Point for Data Breaches Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall How space exploration benefits life on Earth: Q&A with David Eicher Notorious Finnish Hacker sentenced to more than six years in prison Finding Attack Vectors using API Linting UnitedHealth hackers used stolen login credentials to break in, CEO says - Reuters UnitedHealth hackers used stolen login credentials to break in, CEO says - Yahoo Finance Marriott quietly admits to not encrypting certain user data impacted by a 2018 breach, after arguing in court it used encryption so the case should be How New College Graduates Can Avoid Increasingly Personalized Job Scams Eight daily newspapers owned by Alden, the second-largest US newspaper operator, sue OpenAI and Microsoft for allegedly using copyrighted articles to Marriott quietly admits it did not encrypt certain user data impacted by a 2018 breach, after arguing in court encryption was used so lawsuits should Eight daily papers owned by Alden, the second-largest US newspaper operator, sue OpenAI and Microsoft, claiming copyrighted articles were used to trai Eight daily newspapers owned by Alden sue OpenAI and Microsoft, accusing them of using copyrighted articles without permission to train generative AI SSH vs. SSL TLS: What s The Difference? Man Who Mass-Extorted Psychotherapy Patients Gets Six Years UnitedHealth hackers used Citrix vulnerability to break in - iTnews Agencies to turn toward skill-based hiring for cyber and tech jobs, ONCD says FCC takes $200 million bite out of wireless carriers for sharing location data Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023 Tether says it invested $200M in brain-computer interface company Blackrock Neurotech, via its newly established VC arm Tether Evo (Philip Lagerkranse Multiple Brocade SANnav SAN Management SW flaws allow device compromise Okta warns of unprecedented scale in credential stuffing attacks on online services Security Affairs newsletter Round 469 by Pierluigi Paganini INTERNATIONAL EDITION Targeted operation against Ukraine exploited 7-year-old MS Office bug The US IRS says it spent $10.5M to develop and $2.4M to run its free tax filing website, used by 140K+ taxpayers in 12 states, and claims high user sa The IRS says it spent $10.5M to develop and $2.4M to run its free tax filing website, used by 140K+ households in 12 states, and claims high user sati Brokewell Android malware supports an extensive set of Device Takeover capabilities Bogus npm Packages Used to Trick Software Developers into Installing Malware Filing: FTC says Jeff Bezos, Andy Jassy, and other Amazon execs used Signal's disappearing messages to conceal evidence in FTC's antitrust c Ensuring the Security and Efficiency of Web Applications and Systems Cryptocurrencies and cybercrime: A critical intermingling Kaiser Permanente data breach may have impacted 13.4 million patients New 'Brokewell' Android Malware Spread Through Fake Browser Updates Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug Piping Rock - 2,103,100 breached accounts AI Data Poisoning: How Misleading Data Is Evading Cybersecurity Protections New rules that allow UK law enforcement agencies to seize, destroy, or transfer crypto holdings used for crime before making an arrest take effect (Ca Developing countries are being used by hackers to try out new ransomware strains - TechRadar Nemesis 1.0.0 CISA ransomware warning program has sent out more than 2,000 alerts CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog Earnings Release FY24 Q3 (Microsoft) Cisco reveals zero-day attacks used by hackers to attack government networks in major threat campaign - TechRadar The private sector probably isn t coming to save the NVD Salt Security Addresses Critical OAuth Vulnerabilities Enhancing API Security with OAuth Protection Package CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog Sources: a Huawei-led consortium, backed by Chinese government funding, aims to compete with Nvidia by making high-bandwidth memory chips, used in GPU Campaigns and political parties are in the crosshairs of election meddlers CISA ransomware warning program set to fully launch by end of 2024 Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks FCC wants rules for most important part of the internet you ve probably never heard of US says Iranian group used 'spearphishing' tactics to hack defense contractors - Stars and Stripes Hackers hijacked the eScan Antivirus update mechanism in malware campaign Multiple Squid Vulnerabilities Fixed in Ubuntu NIST Cybersecurity Framework: A Cheat Sheet for Professionals (Free PDF) Microsoft issues warning over 'GooseEgg' tool used in Russian hacking campaigns - ITPro SQL Server 2012 End of Life – What You Need To Know Russian state-sponsored hacker used GooseEgg malware to steal Windows credentials - CSO Online OpenAI announces new enterprise-grade features for API customers, including enhanced security, administrative controls, and new Assistants API capabil Iranian nationals charged with hacking U.S. companies, Treasury and State departments PuTTY SSH Client Vulnerability Allows Private Key Recovery North Korea-linked APT groups target South Korean defense contractors Democratic operative behind Biden AI robocall says lawsuit won t get anywhere AI: Friend or Foe? Unveiling the Current Landscape with MixMode s State of AI in Cybersecurity Report US Imposes Visa Restrictions on Alleged Spyware Figures The Boosters: Don t Get Used to the Boost Suspected CoralRaider continues to expand victimology using three information stealers U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme CrowdStrike Falcon Wins Best EDR Annual Security Award in SE Labs Evaluations CVE-2024-3400: What You Need to Know About the Critical PAN-OS Zero-Day Porter Airlines Consolidates Its Cloud, Identity and Endpoint Security with CrowdStrike Secure Your Staff: How to Protect High-Profile Employees’ Sensitive Data on the Web 5 Best Practices to Secure AWS Resources Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities - Security Affairs Kudos! CEO Reveals He Got Phished The Essential KVM Cheat Sheet for System Administrators TA547 Phishing Attack: German Companies Hit With Infostealer Akira ransomware received $42M in ransom payments from over 250 victims DuneQuixote campaign targets the Middle East with a complex backdoor Security Affairs newsletter Round 468 by Pierluigi Paganini INTERNATIONAL EDITION Critical CrushFTP zero-day exploited in attacks in the wild FISA reauthorization heads to Biden s desk after Senate passage US cyber agency says Russian hackers used Microsoft access to steal government emails - Reuters.com Baby ASO: A Minimal Viable Transformation for Your SOC MITRE revealed that nation-state actors breached its systems via Ivanti zero-days Hacking group GhostR claims it stole 5.3M records from World-Check screening database, used for KYC checks for sanctions and financial crime links, in Breakthrough in Quantum Cloud Computing Ensures its Security and Privacy Hacking group GhostR claims it stole 5.3M records from World-Check's screening database, used for KYC checks for sanctions and financial crime li Hacking group GhostR claims it stole 5.3M records from World-Check screening database used for KYC checks for sanctions and financial crime links (Zac Treasury official: Small financial institutions have growth to do in using AI against threats What s the deal with the massive backlog of vulnerabilities at the NVD? How Attackers Can Own a Business Without Touching the Endpoint FBI chief says China is preparing to attack US critical infrastructure FIN7 targeted a large U.S. carmaker with phishing attacks FIN7 targeted a large U.S. carmaker phishing attacks A US jury finds Avraham Eisenberg, a crypto trader who stole $110M on the Mango Markets exchange in 2022, guilty of fraud despite his "code is la Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation? Large volume of data stolen from UN agency after ransomware attack Stale Accounts in Active Directory Police smash LabHost international fraud network, 37 arrested Police take down $249-a-month global phishing service used by 2,000 hackers - CNN Apex Legends hacker says game developers patched exploit used on streamers - Yahoo Life Apex Legends hacker says game developers patched exploit used on streamers - TechCrunch LastPass Warns of Deepfake Phishing Attempt A Pandora’s Box: Unpacking 5 Risks in Generative AI Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide Previously unknown Kapeka backdoor linked to Russian Sandworm APT Data Encryption Policy After Forbes found 120+ YouTube videos and 27 Google ads promoting AI deepfake porn tools and "nudifier" Telegram bots, Google took them dow After Forbes found 120+ YouTube videos and 27 Google ads promoting AI deepfake porn tools and "nudifier" Telegram bots, the company took the Linux variant of Cerber ransomware targets Atlassian servers Hackers tried to breach, disable widely used open-source Java tools, groups warn - Nextgov FCW After a sleepy primary season, Russia enters 2024 U.S. election fray How GitHub Copilot became responsible for a significant percentage of coding, despite its limitations; Stack Overflow: 54.8% of developers used Copilo OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal Decade-old malware haunts Ukrainian police Researchers released exploit code for actively exploited Palo Alto PAN-OS bug Cisco warns of large-scale brute-force attacks against VPN and SSH services Congress rails against UnitedHealth Group after ransomware attack New Vulnerability “LeakyCLI” Leaks AWS and Google Cloud Credentials A renewed espionage campaign targets South Asia with iOS spyware LightSpy Apple, Amazon, Google and 7 other favourite brands of scammers used for hacking your account online - HT Tech Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials In High Demand – How Thales and DigiCert Protect Against Software Supply Chain Attacks Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack The Open Source Security Foundation and the OpenJS Foundation say the attempt to insert a secret backdoor into XZ Utils "may not be an isolated i Russia is trying to sabotage European railways, Czech minister said Cisco Duo warns telephony supplier data breach exposed MFA SMS logs Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets HYAS Threat Intel Report April 15 2024 Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw Crickets from Chirp Systems in Smart Lock Key Leak Congressional privacy bill looks to rein in data brokers Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor Singapore-based used car marketplace Carro raised $100M in pre-IPO funding at a $1.5B+ valuation and reports its first annual operating profit (Olivi Another CVE (PAN-OS Zero-Day), Another Reason to Consider Zero Trust An overview of Bureau of Labor Statistics data, which shows California's percentage of US tech jobs has continued to steadily decline since 2020 Crooks manipulate GitHub’s search results to distribute malware House passes extension of expiring surveillance authorities Roku disclosed a new security breach impacting 576,000 accounts U.S. Department of Health Alert: Hackers are Targeting IT Help Desks at Healthcare Organizations US says Russian hackers used Microsoft access to steal government emails - Verdict Adobe used images created by tools like Midjourney and uploaded to its stock marketplace by users, to train Firefly; Adobe says 5% of images were AI- Berachain, a bear-themed crypto project building a Layer 1 blockchain, raised a $100M Series B through a SAFT, a simple agreement for future tokens (H What keeps CISOs up at night? Mandiant leaders share top cyber concerns LastPass employee targeted via an audio deepfake call TA547 targets German organizations with Rhadamanthys malware Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns Russian hackers used Microsoft to access govt emails: US cyber agency - WION Hackers used stolen passwords to access thousands of BenefitsCal accounts - Sacramento Bee US cyber agency says Russian hackers used Microsoft access to steal government emails - Reuters US Cyber Agency Says Russian Hackers Used Microsoft Access to Steal Government Emails - Claims Journal Six-year old bug will likely live forever in Lenovo, Intel products Why CISA is Warning CISOs About a Breach at Sisense US CISA published an alert on the Sisense data breach The internet is already scary enough without April Fool s jokes DragonForce ransomware – what you need to know Facebook ads used by hackers to promote fake versions of AI tools Sora, Dall-E, Midjourney: Report - The Indian Express Sisense breach exposes customers to potential supply chain attack Apple says owners of the iPhone 15 or newer will be able to fix broken devices with used parts, including screens, batteries, and cameras, starting in TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer Microsoft fixed two zero-day bugs exploited in malware attacks Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks Apple Expands Spyware Alert System to Warn Users of Mercenary Attacks Group Health Cooperative data breach impacted 530,000 individuals Renewal of controversial surveillance law screeches to a halt in the House Personal information of millions of AT&T customers leaked online Rep. Adam Schiff introduced a bill that would require companies training generative AI models to disclose all of the copyrighted work they used to do Vulnerability in some TP-Link routers could lead to factory reset Multiplying Security Research: How Eclypsium Automates Binary Analysis at Scale Improving Dark Web Investigations with Threat Intelligence Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues How to Stop Your Data From Being Used to Train AI Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel Cybersecurity in the Evolving Threat Landscape Google introduces two Gemma variants: CodeGemma to help with code completion, and RecurrentGemma to provide researchers faster inference at higher bat How to Fix OpenRGB Not Detecting Devices Google introduces two Gemma variants, CodeGemma to help with code completion and RecurrentGemma to provide researchers faster inference at higher batc 100 Days of YARA 2024: It's a Wrap. Meta's Nick Clegg says it's surprising how infrequently AI tools are being used to subvert elections and confirms Llama's next version Extortion group threatens to sell Change Healthcare data Over 91,000 LG smart TVs running webOS are vulnerable to hacking Researchers found an exposed Azure server with credentials used by Microsoft staff to access internal systems; Microsoft was told Feb. 6 and secured i The Essential Tools and Plugins for WordPress Development New Phishing-as-a-Service (PhaaS) platform, 'Tycoon 2FA', Targets Microsoft 365 and Gmail Accounts ScrubCrypt used to drop VenomRAT along with many malicious plugins In London, Meta execs downplayed the negative impact of AI on elections, touted open-source AI, and confirmed Llama's next version will arrive by Civil society groups press platforms to step up election integrity work FCC looks to limit how domestic violence abusers use connected cars 2023 Threat Analysis and 2024 Predictions PyPI Malicious Package Uploads Used To Target Developers Defusing the threat of compromised credentials Google announces V8 Sandbox to protect Chrome users In some US schools, boys have used AI "nudification" apps to create and share deepfakes of clothed female classmates, leading districts to s Vista Equity Partners acquires Model N, a public company focusing on helping health companies automate pricing and compliance decisions, for $1.25B (P China is using generative AI to carry out influence operations D-Link RCE Vulnerability That Affects 92,000 Devices Exploited in Wild Model N, a public company focusing on helping health companies automate pricing and compliance decisions, is being acquired by Vista Equity Partners f Crowdfense is offering a larger 30M USD exploit acquisition program XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor Ukrainian hackers destroy data center used by Russian defense industry enterprises, Gazprom, Rosneft - Ukrinform Secrets Management in the Age of AI Cybercrime: Safeguarding Enterprises from Emerging Threats Sources: Ukrainian hackers destroy data center used by Russian military industry - Kyiv Independent U.S. Department of Health warns of attacks against IT help desks Multiple Cisco Small Business Routers Vulnerable to XSS Attacks Report: Google changed its privacy policy on July 1, 2023, to more broadly cover its use of publicly available content, like in Google Docs, to train A look at Huawei's efforts to make HarmonyOS a formidable rival to iOS and Android; Counterpoint: 16% of smartphones sold in China in Q4 2023 use Report: Google changed its privacy policy in June 2022 to more broadly cover its use of publicly available content, including Google Docs, to train AI Sources: OpenAI transcribed 1M+ hours of YouTube videos through Whisper and used the text to train GPT-4; Google also transcribed YouTube videos to ha Supply chain attack sends shockwaves through open-source community Magento flaw exploited to deploy persistent backdoor hidden in XML ALPHV steps up laundering of Change Healthcare ransom payments How your business should deal with negative feedback on social media Oxycorat Android RAT Spotted on Dark Web Stealing Wi-Fi Passwords From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware Cyberattack disrupted services at Omni Hotels & Resorts Testing in Detection Engineering (Part 8) Chinese hackers turn to AI to meddle in elections HTTP 2 CONTINUATION Flood technique can be exploited in DoS attacks Google Books is indexing low quality, AI-generated books, which may impact Google Ngram viewer, an important tool used by researchers to track languag New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware Asia-Pacific Ransomware Threats Depend on Country and Sector, Says Rapid7 FBI seeks to balance risks, rewards of artificial intelligence Fake Lawsuit Threat Exposes Privnote Phishing Sites Multiple Puma Vulnerabilities Fixed in Ubuntu Considerations for Operational Technology Cybersecurity Sources: Israel's bombing campaign in Gaza used Lavender, an AI system that identified 37,000 potential human targets based on their apparent lin Google addressed another Chrome zero-day exploited at Pwn2Own in March Data-driven decision-making: The power of enhanced event logging New Report Shows Phishing Links and Malicious Attachments Are The Top Entry Points of Cyber Attacks A look at XZ Utils attacker "Jia Tan", a persona experts say nation-state hackers used that left little trace after working on the project s A look at XZ Utils attacker "Jia Tan", a persona experts say was used by a nation state group and that left little trace after working on th ‘The Manipulaters’ Improve Phishing, Still Fail at Opsec Cyber review board blames cascading Microsoft failures for Chinese hack George Carlin's estate settles with the makers of Dudesy, who agree to remove their YouTube video and podcast they originally claimed used an &qu xz Utils Backdoor XSS flaw in WordPress WP-Members Plugin can lead to script injection Getting Intune with Bugs and Tokens: A Journey Through EPM Trusted Contributor Plants Sophisticated Backdoor in Critical Open-Source Library Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution Sources: Microsoft is testing a new AI-powered Xbox chatbot that can automate support tasks via an "embodied AI character", as part of large Google agreed to erase billions of browser records to settle a class action lawsuit Chinese hackers used Swedish routers - ScandAsia Alert: Connectwise F5 Software Flaws Used To Breach Networks HYAS Threat Intel Report April 1 2024 Space is essential for infrastructure. Why isn’t it considered critical? Interviews and Telegram messages detail how Russian middlemen used Tether to avoid US sanctions and procure parts for drones and other high-tech equip Info stealer attacks target macOS users Security Affairs newsletter Round 465 by Pierluigi Paganini INTERNATIONAL EDITION DinodasRAT Linux variant targets users worldwide A look at AI's impact on video game actors, as some fear their voices might be misused while others hope to collect extra payments on top of a ba AT&T resets millions of account passcodes after it was told that data dumped online has encrypted passcodes that could be used to access its custo Researchers say they achieved fiber-optic data transfer speeds of 301 Tbps by using the E-band, a spectral band that has never been used in commercial Researchers find malicious code in versions of the compression tool XZ Utils that were incorporated into Linux distributions from Red Hat, Debian, and Researchers find malicious code in versions of the Linux compression tool XZ Utils that were incorporated into unstable distributions from Red Hat and Ivanti-linked breach of CISA potentially affected more than 100,000 individuals OpenAI debuts Voice Engine, which lets users generate synthetic copy of a voice from a 15-second sample, available to around 100 partners, including H OpenAI debuts Voice Engine that lets users generate synthetic copy of a voice from a 15-second voice sample, available to a small group of partners li Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds Cisco warns of password-spraying attacks targeting Secure Firewall devices American fast-fashion firm Hot Topic hit by credential stuffing attacks What is Threat Management? Thread Hijacking: Phishes That Prey on Your Curiosity Enter the substitute teacher Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework Using Generative AI to Understand How an Obfuscated Script Works Zero Trust Meets Insider Risk Management Oregon's governor signs the first US right-to-repair law that bans manufacturers from using "parts pairing" to dictate what replacement Anthropic's Claude 3 Opus surpassed OpenAI's GPT-4 for the first time on Chatbot Arena, a crowdsourced leaderboard used by AI researchers fo Treasury report calls out cyber risks to financial sector fueled by AI A survey of 10,133 US adults: 43% of those aged 18-29 used ChatGPT in February 2024, up from 33% in July 2023, compared to 27% of 30-49 and 23% of all Google researchers observed 97 zero-day exploits in the wild in 2023, up 50% from 62 in 2022; 48 were used by espionage actors and 10 were financially DarkGate Malware Campaign Exploits Patched Microsoft Flaw Spyware and zero-day exploits increasingly go hand-in-hand, researchers find The DDR Advantage: Real-Time Data Defense Security Vulnerability in Saflok s RFID-Based Keycard Locks Israeli officials detail an expansive and experimental facial recognition program in Gaza to catalog Palestinians without their knowledge, starting in Chinese Hackers Target ASEAN Entities in Espionage Campaign Finnish police linked APT31 to the 2021 parliament attack BEC Scammers Adventures on the Run One More Time on SIEM Telemetry Log Sources Chinese hackers target family members to surveil hard targets TheMoon bot infected 40,000 devices in January and February Complex Supply Chain Attack Targets GitHub Developers HIPAA Compliance: Why It Matters and How to Obtain It It s Official: Cyber Insurance is No Longer Seen as a 'Safety Net' Recent ‘MFA Bombing’ Attacks Targeting Apple Users UK, New Zealand against China-linked cyber operations The BBC has "no plans" to use AI again to promote Doctor Who, after the marketing team used AI "as part of a small trial" to help US Treasury Dep announced sanctions against members of China-linked APT31 US Targets Crypto Firms Aiding Russia Sanctions Evasion U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog US and UK accuse China of cyber operations targeting domestic politics The US and the UK sanction a Wuhan-based company linked to the Chinese state-backed hacking group APT31 for targeting critical infrastructure organiza Iran-Linked APT TA450 embeds malicious links in PDF attachments Tax Scams Ramping Up as the April 15 Deadline Approaches Cybersecurity Threats in Global Satellite Internet Key Lesson from Microsoft s Password Spray Hack: Secure Every Account Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others FBI: Losses Due to Cybercrime Jump to $12.5 Billion as Phishing Continues to Dominate StrelaStealer targeted over 100 organizations across the EU and US New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys GoFetch side-channel attack against Apple systems allows secret keys extraction 0ch BBS Script (0ch) vulnerable to cross-site scripting Fortnite: When Dollars and Cents Trumps Security! Having The Security Rug Pulled Out From Under You Long Term Security Attitudes and Practices Study Exploring Legacy Unix Security Issues Russia-linked APT29 targeted German political parties with WINELOADER backdoor Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties Unsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic locks Mozilla Drops Onerep After CEO Admits to Running People-Search Networks Why SSH Certificates Can Be A Better Option For Remote Access Than SSH Keys German political party targeted by SVR-linked group in spearphishing campaign, Mandiant says German political party targeted by SVR in spearphishing campaign, Mandiant says Google plans to remove the ability to download third-party apps and watch faces for all Fitbit smartwatches in the EU in June, citing "regulatory Researchers reveal a hotel keycard hacking technique that can let a hacker almost instantly open RFID-based Saflok locks used in 3M doors across 13K p China relaxes security review rules for some data exports, exempting data used in activities such as international trade from declaration (Reuters) Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days Researchers reveal a hotel keycard hacking technique that lets a hacker almost instantly open RFID-based Saflok locks used in 3M doors across 13K pro Multiple vulnerabilities in home gateway HGW BL1500HM Critical Fortinet’s FortiClient EMS flaw actively exploited in the wild Pig butchering is an evolution of a social engineering tactic we ve seen for years Used car marketplace Carvana, whose stock fell from $360 to $4 and since rallied to $86, has avoided a financial abyss after restructuring its $9B deb 2023 Annual Report March Product Update Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials CVE-2023-48788: Fortinet FortiClientEMS SQL Injection Deep Dive Used car marketplace Carvana, whose stock fell from $360 to $4, has now rallied to $86, avoiding a financial abyss after restructuring its $9B debt in The Not-so-True People-Search Network from China Neuralink shows its first brain implant patient, a 29-year-old man paralyzed from the shoulders down, playing online chess using the Neuralink device Controversial Clearview AI Added to US Government’s Tech Marketplace Neuralink shows its first brain implant patient, a 29-year-old man paralyzed from the shoulders down, play online chess using the Neuralink device (Em 7 ways to put your code on a diet and improve AppSec in the process Linux Supply Chain Validation Cheat Sheet Pwned by the Mail Carrier Netgear wireless router open to code execution after buffer overflow vulnerability 9 SSH Key Management Best Practices You Need to Know Cheating Automatic Toll Booths by Obscuring License Plates Attributing I-SOON: Private Contractor Linked to Multiple Chinese State-sponsored Groups BunnyLoader 3.0 surfaces in the threat landscape Kubernetes 1.30: A Security Perspective Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word Quick Glossary: Cybersecurity Attack Response and Mitigation Navigating the EU compliance landscape: How Detectify helps support customers in their NIS2 Directive, CER, and DORA compliance challenges Sources: the Biden admin is considering blacklisting a number of Chinese chip firms linked to Huawei, after the company used an advanced 7nm chip in M Ukraine cyber police arrested crooks selling 100 million compromised accounts Phishing Tops 2023 s Most Common Cyber Attack Initial Access Method New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon? Adversarial Intelligence: Red Teaming Malicious Use Cases for AI WordPress Brute-Force Attacks: Sites Used As Staging Ground From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks NCSC Publishes Security Guidance for Cloud-Hosted SCADA Safeguarding Customer Information Policy Earth Krahang APT breached tens of government organizations worldwide Protecting Against Attacks on NTLM Authentication Robot Talk Episode 77 – Patricia Shaw Defining coercion at heart of Supreme Court case on government jawboning platforms Researchers spot updated version of malware that hit Viasat PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released 5 Best Practices to Secure Azure Resources New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics Searches for "As of my last knowledge update", a phrase used by ChatGPT, return 115 results on Google Scholar, suggesting the use of AI-gene Searches for "As of my last knowledge update", a phrase often used by ChatGPT, return 115 results on Google Scholar, suggesting the use of A TikTok launches Creator Rewards, a creator monetization program that has payouts based on "search value", originality, play duration, and au TikTok launches a new creator monetization program called Creator Rewards, which will use four core metrics to determine payout, including "searc FCC Agrees to Cyber Trust Mark for IoT Products Three New Critical Vulnerabilities Uncovered in Argo gitgub malware campaign targets Github users with RisePro info-stealer Security Affairs newsletter Round 463 by Pierluigi Paganini INTERNATIONAL EDITION Dark Web Market Admin Gets 42 Months Prison for Selling Login Passwords RAF plane used by Royal Family 'had no protection from Russian hackers' - Irish Star Lazarus APT group returned to Tornado Cash to launder stolen funds Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer Some Democrats warn that a ban of TikTok, used by nearly two-thirds of Americans under 30, could imperil Biden's reelection by depressing young v Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case NIST National Vulnerability Database Disruption Sees CVE Enrichment on Hold Researchers detail how a side channel can be used to read encrypted responses from AI assistants, except Google's Gemini; OpenAI and Cloudflare m UK Defence Secretary jet hit by an electronic warfare attack in Poland North Korean Hackers Used Tornado Cash Bitcoin Mixer to Launder $12 Million - CCN.com Researchers detail a side channel that can be used to read encrypted responses from AI assistants, except Google Gemini; OpenAI and Cloudflare impleme Zephyr AI, which uses AI to generate insights into improving patient care and research in oncology and cardiometabolic diseases, raised a $111M Series Recent DarkGate campaign exploited Microsoft Windows zero-day CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms How to share sensitive files securely online Training days: How officials are using AI to prepare election workers for voting chaos North Korean Hackers Used Tornado Cash to Launder $12M From Heco Bridge Hack: Elliptic - CoinDesk New Report Suggests Surge in SaaS Assets, Employee Data Sharing Nissan Oceania data breach impacted roughly 100,000 people CrowdStrike and Intel Research Collaborate to Advance Endpoint Security Through AI and NPU Acceleration The Anatomy of an ALPHA SPIDER Ransomware Attack Montage Health Consolidates Its Cybersecurity Strategy with CrowdStrike CrowdStrike to Acquire Flow Security, Sets the Standard for Modern Cloud Data Security CrowdStrike a Research Participant in Two Latest Center for Threat-Informed Defense Projects Meta plans to shut down CrowdTangle in August 2024 and replace it with Meta Content Library, available to academic and nonprofit researchers, not news Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software Summoning RAGnarok With Your Nemesis Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS SVG Files Abused in Emerging Campaigns Threat Intelligence for Financial Services Cloud Account Attacks Surged 16-Fold in 2023 AI-Driven Voice Cloning Tech Used in Vishing Campaigns Threat actors leverage document publishing sites for ongoing credential and session token theft Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack Tweaks Stealer Targets Roblox Users Through YouTube and Discord How Scalpers Scored Thousands of Fred again.. Tickets Patch Tuesday, March 2024 Edition Unveiling The Applications and Distinctions of Machine Learning and Artificial Intelligence in Cybersecurity Discord plans to launch an Embedded App SDK on March 18 that will let developers "build new games and experiences that can be played directly on Discord plans to launch an Embedded App SDK on March 18 that will let developers build new games and apps that can be "played directly on the pla Malicious Python Packages Target Crypto Wallet Recovery Passwords Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets French Government Hit with Severe DDoS Attack Insurance scams via QR codes: how to recognise and defend yourself SBOMs and medical devices: An essential step but no security cureall Airbnb will no longer let hosts use indoor security cameras, starting April 30, citing renters' privacy; previously, cameras in common areas had GUEST ESSAY: A DIY guide to recognizing and derailing Generative AI voice scams Magnet Goblin hackers used Ivanti bugs to drop custom Linux malware - CSO Online Four Reasons Why SSH Key Management Is Challenging Airbnb will no longer let hosts use indoor security cameras, staring April 30, citing renters' privacy; previously, cameras in common areas had b Authors Brian Keene, Abdi Nazemian, and Stewart O'Nan sue Nvidia over allegedly using their work to train NeMo, saying the company "admitted Experts released PoC exploit for critical Progress Software OpenEdge bug Magnet Goblin group used a new Linux variant of NerbianRAT malware Authors Brian Keene, Abdi Nazemian, and Stewart O'Nan sue Nvidia over allegedly using their work to train NeMo, and say Nvidia "admitted&quo Lithuania security services warn of China’s espionage against the country Q&A with ex-PlayStation boss Shawn Layden about his support for Web3 gaming company Readygg, blockchain games, mass layoffs, AI, controlling costs Security Affairs newsletter Round 462 by Pierluigi Paganini INTERNATIONAL EDITION Microsoft Office 2019 Professional Free Download Full Version Threat actors breached two crucial systems of the US CISA Sources: Klarna co-founder Victor Jacobsson, who left in 2012 and owns 4% directly, may have an 8%+ stake via special purpose vehicles ahead of an ex Hackers Compromised Ivanti Devices Used by CISA - BankInfoSecurity.com Over 100 scientists sign an agreement that seeks to prevent their AI-aided research for designing new proteins from being used for the development of Over 90 scientists sign an agreement that seeks to prevent their AI-aided research for designing new proteins from being used for the development of b Jason Palmer, who beat Joe Biden in American Samoa's Democratic caucus, used AI-generated texts, emails, and an avatar to communicate with voters Hackers Compromised Ivanti Devices Used by CISA - GovInfoSecurity.com Report: Hackers used Ivanti vulnerabilities to breach two CISA systems - SiliconANGLE News Russian hackers accessed Microsoft source code Russia-linked Midnight Blizzard breached Microsoft systems again CISA confirms it took down two systems in February, after discovering signs of exploitation via vulnerabilities in Ivanti products that the agency use Out of the kernel, into the tokens Sources say SMIC used equipment from California-based Applied Materials and Lam Research to manufacture an advanced 7nm chip in China for Huawei in 20 Dropbox Used to Steal Credentials and Bypass MFA in Novel Phishing Campaign A Close Up Look at the Consumer Data Broker Radaris WhatDR or What Detection Domain Needs Its Own Tools? QEMU Emulator Exploited as Tunneling Tool to Breach Company Network Top 4 Essential Strategies for Securing APIs To Block Compromised Tokens Sources say SMIC used equipment from California-based Applied Materials and Lam Research to manufacture an advanced 7nm chip for Huawei in 2023 (Bloom Around We Go: Planet Stealer Emerges How Public AI Can Strengthen Democracy The 3 most common post-compromise tactics on network infrastructure Women s History Month: Celebration of Inspiration and Commitment Snake, a new Info Stealer spreads through Facebook messages National intelligence agency of Moldova warns of Russia attacks ahead of the presidential election Hacked WordPress Sites Using Visitors’ Browsers For Distributed Brute Force Attacks Streamlining KVM Operations: A Comprehensive Cheat Sheet New Python-Based Snake Info Stealer Spreading Through Facebook Messages Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog Browserless Entra Device Code Flow A German officer used an unsecured line for a military call. Russian hackers leaked it - CBC News Proactive Intelligence: A Paradigm Shift In Cyber Defense Ukraine claims it hacked Russian Ministry of Defence, stole secrets and encryption ciphers CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG Skype, Google Meet, and Zoom Used in New Trojan Scam Campaign A German officer used an unsecured line for a military call. Russian hackers leaked it - CBC.ca LockBit 3.0 s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage Is Nuclei any good for API hacking? Hackers use Zoom & Google Meet Lures to Attack Android & Windows users Ransomware group behind Change Healthcare attack goes dark US Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacks A Blackcat ransomware gang website shows a takedown notice; the UK NCA denies involvement and experts suggest an exit scam after an alleged UnitedHeal CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG U.S. sanctions maker of Predator spyware South Korean Police Develops Deepfake Detection Tool Ahead of April Elections American Express Warns Credit Card Data Exposed in Third-Party Breach AI Supply Chain Security: Hugging Face Malicious ML Models Phishers Abusing Legitimate but Neglected Domains To Pass DMARC Checks German officer used unsecured line for hacked call - Yahoo News Australia Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes Anthropic's Claude 3 Opus, Sonnet, and Haiku prices, all with a 200K-token context window, seem to range from "super expensive" to &quo Ukraine’s GUR hacked the Russian Ministry of Defense Prices of Anthropic's Claude 3 Opus, Sonnet, and Haiku, all with a 200K-token context window, seem to range from "super expensive" to & Predator spyware infrastructure taken down after exposure LLM Prompt Injection Worm TA577 Exploits NTLM Authentication Vulnerability Predator Spyware Targeted Mobile Phones in New Countries Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the Rocky music New GTPDOOR backdoor is designed to target telecom carrier networks How AI is used to evaluate the authenticity of paintings, as conservators express concerns over whether the tech can account for wear, damage, and oth New Linux variant of BIFROSE RAT uses deceptive domain strategies Security Affairs newsletter Round 461 by Pierluigi Paganini INTERNATIONAL EDITION How AI is being used to evaluate the authenticity of paintings, amid conservators' concerns of whether the tech can account for wear, damage, and U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp U.S. authorities charged an Iranian national for long-running hacking campaign US cyber and law enforcement agencies warn of Phobos ransomware attacks A US judge says Google must face advertisers' antitrust lawsuit, but dismisses some claims, including those focused on ad-buying tools used by la NIST Cybersecurity Framework: A Cheat Sheet for Professionals ALPHV website goes down amid growing fallout from Change Healthcare attack Predator Spyware Operators Rebuild Multi-Tier Infrastructure to Target Mobile Devices Predator spyware endures even after widespread exposure, analysis shows Biden Warns Chinese Cars Could Steal US Citizens' Data CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog Ex-Cybercrime Forum Community Member Runs a Profitable Penetration Testing Business – An Analysis Docs: US federal investigators asked Meta and other tech companies to hand over push alert tokens as part of CSAM and murder cases, prompting privacy An investigation into ClothOff, an app being used to make deepfake porn images of underage girls, finds a brother and sister in Belarus are linked to Security Vulnerabilities Popping Up on Hugging Face s AI Platform Tools of the (Illegitimate) Trade: Mock API Fraud Detection: Time is Not on Our Side A review of court records shows US federal investigators used push alert tokens in at least four cases to arrest suspects in cases related to CSAM and New SPIKEDWINE APT group is targeting officials in Europe The US launches a probe into possible security risks of Chinese-manufactured vehicles, saying modern cars are like smartphones and could be used for e How better key management can close cloud security gaps troubling US government Commerce Dept. to look at privacy, cyber risks from Chinese-sourced connected vehicle equipment Is the LockBit gang resuming its operation? New Backdoor Targeting European Officials Linked to Indian Diplomatic Events Lazarus APT exploited zero-day in Windows driver to gain kernel privileges Notorious ransomware group claims responsibility for attacks roiling US pharmacies Calendar Meeting Links Used to Spread Mac Malware Unmasking 2024’s Email Security Landscape What is Old is New Again: Lessons in Anti-Ransom Policy Researchers Uncover Tools And Tactics Used By Chinese Hackers - GBHackers Enterprise security: Making hot desking secure and accessible on a global scale Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations Biden executive order seeks to cut China off from Americans sensitive data TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat Tangerine - 243,462 breached accounts Iran hacking group impersonates defense firms, hostage campaigners OpenAI to court: New York Times' lawsuit used evidence obtained through hacking - SiliconANGLE News Bitfinex hacker turns government witness, explains tactics used in 2016 theft - crypto.news Feds say AI favors defenders over attackers in cyberspace so far Moscow Military Hackers Used Microsoft Outlook Vulnerability - BankInfoSecurity.com New Vulnerabilities in ConnectWise ScreenConnect Massively Exploited by Attackers OpenAI Says New York Times Used Prompt Hacking for Text in Suit - Bloomberg Law IDAT Loader used to infect a Ukraine entity in Finland with Remcos RAT TimbreStealer campaign targets Mexican users with financial lures Glean, which uses AI to offer unified search across apps used at a company, raised a $200M+ Series D at a $2.2B valuation and says annualized revenue The CTO for US Central Command says ML algorithms developed under Project Maven helped narrow down targets for 85+ air strikes in the Middle East on F The US adds Sandvine to its entity list, banning the networking equipment company from obtaining US tech, for supplying Egypt with equipment used for Russia-linked APT29 switched to targeting cloud services The US adds networking equipment company Sandvine to its entity list, banning it from obtaining US tech, for supplying Egypt with equipment used for c The CTO for US Central Command says AI developed for Project Maven was used to narrow down targets for 85+ air strikes in the Middle East on February Malicious Packages in npm, PyPI Highlight Supply-Chain Threat Researchers detail a spam campaign using hijacked abandoned domains and subdomains from reputable brands like eBay and VMware to send 5M malicious em Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT HP Smart App For Windows: Download, Install, Use, Uninstall Change Healthcare provides update on cyberattack IntelBroker claimed the hack of the Los Angeles International Airport FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. LockBit is back and threatens to target more government organizations A consultant working for Rep. Dean Phillips, who challenged Biden in NH's primary, admits to producing the deepfake robocalls, saying anyone can Crooks stole $10 million from Axie Infinity co-founder Apple created post-quantum cryptographic protocol PQ3 for iMessage After LockBit takedown, police try to sow doubt in cybercrime community Microsoft releases PyRIT, a tool that the company's AI Red Team has been using to more efficiently check for risks in its generative AI systems, Microsoft releases PyRIT, a tool its AI Red Team has been using to check for risks in its generative AI systems like Copilot, to the public (Sabrina O Here Are the Secret Locations of ShotSpotter Gunfire Sensors TikTok s latest actions to combat misinformation shows it s not just a U.S. problem New Leak Shows Business Side of China’s APT Menace Russian Government Software Backdoored to Deploy Konni RAT Malware Dancho Danchev’s Law Enforcement and OSINT Operation "Uncle George" – A 2024 Update New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS Cloud-Native Data Security Posture Management Deployments on AWS with Symmetry Systems SCCM Hierarchy Takeover with High Availability US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES Microsoft rolls out expanded logging six months after Chinese breach QR-Code Attacks Target the C-Suite 42 Times More than Standard Employees Types of SaaS Applications: Categories and Examples HYAS Product Enhancements – Part 1 – February 2024 Over 40% of Firms Struggle With Cybersecurity Talent Shortage New Redis miner Migo uses novel system weakening techniques How CVSS 4.0 changes (or doesn t) the way we see vulnerability severity IR Q4 2023 trends: Significant increase in ransomware activity found in engagements, while education remains one of the most-targeted sectors Apple rolls out quantum-resistant cryptography for iMessage Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS 6 Ways to Simplify SaaS Identity Governance A profile of ElevenLabs, whose AI voice cloning tech is being used to spoof politicians; five of ElevenLabs' 40 employees are dedicated to trust How to protect your machinelearning Models Zoom Announces Critical Vulnerability for Desktop Application Scale AI signs a one-year contract with the Pentagon to provide a means to test and evaluate LLMs that can be used for military planning and decision- Fairwinds Insights Release Notes 15.0-15.2: Aggregated Action Items Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates More details about Operation Cronos that disrupted Lockbit operation Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns Fix Reddit App Not Working on iPhone and Android Maryland Busts $9.5 Million #BEC Money Laundering Ring Report: Manufacturing bears the brunt of industrial ransomware Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric Paris-based Planity, whose SaaS is used by 40K+ small businesses for appointment booking and more, raised a €45M Series C led by InfraVia Cap Law enforcement from 11 countries, including the FBI and UK National Crime Agency, disrupt the LockBit gang and seize 11K domains used to facilitate r FBI, British authorities seize infrastructure of LockBit ransomware group FBI operation seizes infrastructure of LockBit ransomware group FBI: U.S. Government Disrupts Botnet People's Republic Of China Used To Conceal Hacking Of Critical Infrastructure - Los Alamos Daily Post NSO Group and Its MMS Fingerprint Attack A Ukrainian Raccoon Infostealer operator is awaiting trial in the US ChatGPT Used by North Korean Hackers to Scam LinkedIn Users - Tech.co How BRICS Got “Rug Pulled” Cryptocurrency Counterfeiting is on the Rise Ex-Employee's Admin Credentials Used in US Gov Agency Hack - SecurityWeek BounceBack - Stealth Redirector For Your Red Team Operation Security Security Affairs newsletter Round 459 by Pierluigi Paganini INTERNATIONAL EDITION CISA: Cisco ASA FTD bug CVE-2020-3259 exploited in ransomware attacks Tech companies pledge to protect 2024 elections from AI-generated media OpenAI’s Sora Generates Photorealistic Videos Mysterious MMS Fingerprint Hack Used by Spyware Firm NSO Group Revealed - SecurityWeek Ex-Employee s Admin Credentials Used in US Gov Agency Hack - SecurityWeek US crimefighters shut down botnet used by Russian Fancy Bear hackers - TechRadar OpenAI's Sora announcement sparks awe and horror, as the startup continues to be frustratingly secretive about the data used to train the text-to OpenAI's Sora announcement sparks awe and horror, as the company continues to be frustratingly secretive about the data used to train the text-to Israeli NSO Group Suspected of “MMS Fingerprint” Attack on WhatsApp CrowdStrike Named the Only Customers’ Choice: 2024 Gartner Voice of the Customer for Vulnerability Assessment CrowdStrike Is Proud to Sponsor the Mac Admins Foundation U.S. CISA: hackers breached a state government organization PDF Malware on the Rise, Used to Spread WikiLoader, Ursnif and DarkGate Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs New Outlook 0-day RCE Flaw Exploited in the Wild The FTC proposes new rules that would make companies liable if they "know or have reason to know" their AI tech is being used to harmfully i The US and its allies disrupt access by Russia-backed hacking group APT28, or Fancy Bear, to 1,000+ home and small business routers used for criminal U.S. Government Disrupts Botnet Used by Russian GRU Hackers - Duo Security Google announces the AI Cyber Defense Initiative, which includes launching new AI security training and open sourcing Magika, a tool used to protect G Sources: spyware vendor Variston is closing after Google "burned" its name publicly in 2022; source: a disgruntled staffer sent its maliciou Feds Disrupt Botnet Used by Russian APT28 Hackers - Security Boulevard Ukrainian national pleads guilty for roles in Zeus, IcedID malware operations Feds Disrupt Botnet Used by Russian APT28 Hackers US Gov dismantled the Moobot botnet controlled by Russia-linked APT28 Why the toothbrush DDoS story fooled us all FBI disrupts Moobot botnet used by Russian military hackers - BleepingComputer DOJ, FBI disrupt Russian intelligence botnet Number of Data Compromises Affecting U.S. Organizations Rises 77% How to Protect Your Machine Learning Models Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor TinyTurla Next Generation - Turla APT spies on Polish NGOs Number of Data Compromises Affecting U.S. Organizations Rises To 77% Cybercriminals found innovative ways to infect endpoints in 2023 CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog Nation-state actors are using AI services and LLMs for cyberattacks Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks The tangled web of corporations behind the New Hampshire AI robocall How to Analyze the MITRE Engenuity ATT&CK Evaluations: Enterprise A Free Decryptor Tool for Rhysida Ransomware is Available Water Hydra s Zero-Day Attack Chain Targets Financial Traders Meta details actions against eight spyware firms Microsoft Claims Russia, China And Others Used OpenAI s Tools For Hacking - Forbes Russian and North Korean hackers used OpenAI tools to hone cyberattacks - Engadget What is a Passkey? Definition, How It Works and More Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyberattacks How are attackers using QR codes in phishing emails and lure documents? The differences between red, blue and purple team engagements Google's TAG says a pro-Palestinian hacking group targeted Israeli software engineers to download malware ahead of October 7, in an attack dubbed Hackers for China, Russia and Others Used OpenAI Systems, Report Says - The New York Times State-backed hackers are experimenting with OpenAI models Sydney-based quantum computing startup Diraq extends its Series A to $35M led by Quantonation, taking its total funding to $120M+, to build quantum pr Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader Alert! 333% Surge in Hunter-Killer Malware that Bypasses Network Security Controls The Next Evolution of Recorded Future AI: Powering the Future of Threat Intelligence Google: Iranian, regional hacking operations that target Israel remain opportunistic but focused Volt Typhoon targeted emergency management services, per report Fat Patch Tuesday, February 2024 Edition Hackers used new Windows Defender zero-day to drop DarkMe malware - BleepingComputer Polish PM Donald Tusk says state authorities under the previous government used NSO's Pegasus spyware illegally against a "very long" l HijackLoader Expands Techniques to Improve Defense Evasion CrowdStrike Defends Against Azure Cross-Tenant Synchronization Attacks Polish PM Donald Tusk says state authorities under the previous government used Pegasus spyware illegally against a "very long" list of hack In 9+ federal child exploitation cases since 2018, the US said spy cams, sometimes promoted with racy imagery, sold on Amazon or eBay were used to fil Residential Proxies vs. Datacenter Proxies: Choosing the Right Option China Calls Out U.S. For Hacking. The Proof? TBD! Researchers released a free decryption tool for the Rhysida Ransomware Sources: Sudan's paramilitary Rapid Support Forces, which is fighting Sudan's army, has used Starlink since August 2023, during a nationwide US Authorities Shut Down Sites Selling the WarZone RAT U.S. Authorities Shut Down Sites Selling the WarZone RAT Canada Gov plans to ban the Flipper Zero to curb car thefts Sources: Sudan's paramilitary Rapid Support Forces, which is fighting Sudan's army, has been using Starlink since August 2023, during an int ExpressVPN leaked DNS requests due to a bug in the split tunneling feature US Feds arrested two men involved in the Warzone RAT operation 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data Better software supply chain security through SBOMs A personal experience of CISSP boot camp Raspberry Robin spotted using two new 1-day LPE exploits Should I get CISA Certified? Security Affairs newsletter Round 458 by Pierluigi Paganini INTERNATIONAL EDITION U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators Identification Documents: an Obsolete Fraud Countermeasure Crypto startups like Blast are offering loyalty points to lure users, without detailing the rewards; Blast has attracted $1.3B in crypto since Novembe Crypto startups like Blast are offering airline-like loyalty points to attract users without defining rewards; Blast lured $1.3B in crypto since Novem macOS Backdoor RustDoor likely linked to Alphv BlackCat ransomware operations Alert: New Stealthy "RustDoor" Backdoor Targeting Apple macOS Devices The FTC says Americans lost $10B+ to scammers in 2023, up 14% YoY, with 2.6M+ consumers filing fraud reports; email was the most commonly used method Memo: Centers for Medicare & Medicaid Services says health insurers cannot use AI to determine care or deny coverage to members on Medicare Advant Juniper Support Portal Exposed Customer Device Info Exploiting a vulnerable Minifilter Driver to create a process killer Cybersecurity Insights with Contrast CISO David Lindner | 2 9 24 Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN US offers $10 million reward for info on Hive ransomware group leaders Mayor's Facebook Page Hacked, Used in Scam The Warwick Valley Dispatch - wvdispatch.com Spyware isn t going anywhere, and neither are its tactics Unraveling the truth behind the DDoS attack from electric toothbrushes London Underground Is Testing Real-Time AI Surveillance Tools to Spot Crime LastPass warns users about a fake copy of its app on Apple's App Store, with a similar name and logo, likely used as a phishing app to steal user Patterns and Targets for Ransomware Exploitation of Vulnerabilities: 2017 2023 Millions of hacked toothbrushes used in Swiss cyber attack, report says - MSN Nearly 2 in 5 users in India face web threats in 2023: These are the two most used ways of hacking - Times of India TikTok quietly removed view counts for hashtags in January, after researchers used them to show the disparity in views of pro-Israel and pro-Palestini New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization Unprecedented Rise of Malvertising as a Precursor to Ransomware Millions of hacked toothbrushes used in Swiss cyber attack, report says - msnNOW HijackLoader Evolves: Researchers Decode the Latest Evasion Methods Millions of hacked toothbrushes could be used in cyber attack, researchers warn - The Independent Google Cybersecurity Action Team Threat Horizons Report #9 Is Out! 3 million smart toothbrushes were not used in a DDoS attack after all, but it could happen 3 million smart toothbrushes were just used in a DDoS attack. Or were they? Millions of hacked toothbrushes used in Swiss cyber attack - msnNOW PayPal reports Q4 revenue up 9% YoY to $8B, vs. $7.87B est., and total payment volume up 15% YoY to $409.8B, vs. $404.45B est. (Manya Saini Reuters) Using Proactive Intelligence Against Adversary Infrastructure CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog Millions of hacked toothbrushes used in Swiss cyber attack (1) - DataBreaches.net Fortinet addressed two critical FortiSIEM vulnerabilities Feds: Chinese hacking operations have been in critical infrastructure networks for five years From Cybercrime Saul Goodman to the Russian GRU Hackers DDoS Swiss Website with 3 Million Hacked Smart Toothbrushes Critical shim bug impacts every Linux boot loader signed in the past decade IBM Shows How Generative AI Tools Can Hijack Live Calls Millions of hacked toothbrushes used in Swiss cyber attack, report says - The Independent How to Fight Long-Game Social Engineering Attacks Google Claims Government Hackers Used Three Spyware Against iPhone Users Last Year - Indiatimes.com Millions of hacked toothbrushes used in Swiss cyber attack - The Independent Millions of smart toothbrushes used in botnet attack on company - Boing Boing Millions of hacked toothbrushes used in Swiss cyber attack - Yahoo! Voices Hacker Claims to Have Accessed Law Enforcement System Used by Binance and Coinbase - Decrypt Government hackers used iphone flaws to spy on victims - Fudzilla Jenkins Arbitrary File Leak Vulnerability, CVE-2024-23897, Can Lead To RCE Google says hackers used vulnerabilities in Apple s iPhone operating system to target victims - Times of India China-linked APT deployed malware in a network of the Dutch Ministry of Defence Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network NYC moped gang of Venezuelan migrants used HACKERS to breach banking apps as details of their high-tech operat - Daily Mail Top 12 Ways to Fix Discord Keeps Restarting on Windows & macOS Phishing is the top attack method used by threat actors Microsoft: Iran is refining its cyber operations Researchers say 3M smart toothbrushes with a Java-based OS were compromised by hackers and incorporated into botnets used in DDoS attacks against a S Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG New Hampshire authorities trace Biden AI robocall to Texas-based telecom 3 million smart toothbrushes were just used in a DDoS attack. Really White House ramping up efforts to combat deepfakes New Hampshire's AG says fake robocalls using deepfaked audio of Biden to discourage voters numbered 5K to 25K and are linked to Lingo Telecom and Generative AI Used to Launch Phishing Attacks Admissions essay reviewers say that certain words, such as "tapestry", appear more frequently in submissions now and can be seen as red flag US Uses Visa Restrictions in Struggle Against Spyware The Cloudflare source code breach: Lessons learned Safer Internet Day: Two Million Brits Victims of Financial Identity Fraud U.S. Gov imposes visa restrictions on individuals misusing Commercial Spyware The FCC plans to stop accepting new enrollments for a US government broadband subsidy, used by 23M households, which is set to run out of funding in m Google: Governments need to do more to combat commercial spyware Key Differences Between Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA) How are user credentials stolen and used by threat actors? Migrate Off That Old SIEM Already! What the 6 Phases of the Threat Intelligence Lifecycle Mean for Your Team Vulnerability Summary for the Week of January 29, 2024 What are Threat Intelligence Feeds? Definition & Meaning What is the Cyber Kill Chain? And How to Use It with Threat Intelligence? Applying Threat Intelligence to the Diamond Model of Intrusion Analysis How researchers used AI to read the Herculaneum papyri, charred in 79 AD by Mount Vesuvius' eruption, potentially rewriting key parts of ancient US Condemns Iran, Issues Sanctions for Cyber-Attacks on Critical Infrastructure Nation-state actor used recent Okta compromises to hack into Cloudflare systems - CSO Online Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware Deepfakes, dollars and deep state fears: Inside the minds of election officials heading into 2024 Crooks stole $25.5 million from a multinational firm using a ‘deepfake’ video call Software firm AnyDesk disclosed a security breach US government imposed sanctions on six Iranian intel officials ThreatLabz Coverage Advisory: Ivanti s VPN Vulnerabilities Exploited by Hackers, New Zero-Days Pose Critical Risk A Hong Kong-based firm's employee was tricked into paying $25M to fraudsters who used deepfake tech to pose as the company's CFO and staff d Mayor's Facebook page hacked, used in scam (VIDEO) - Mid Hudson News Website AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web Security Affairs newsletter Round 457 by Pierluigi Paganini INTERNATIONAL EDITION A look at the decline of Quora, which used to stand out as an accuracy-focused, knowledge-centric platform but is now filled with bizarre, AI-generate Blocking Compromised Tokens with Wallarm Apple open sources Pkl, a configuration-as-code language with rich validation and tooling, with Swift, Go, Java, and Kotlin integration (Pkl Blog) Cybersecurity Insights with Contrast CISO David Lindner | 2 2 24 Microsoft Breach How Can I See This In BloodHound? Microsoft Breach What Happened? What Should Azure Admins Do? Iranian hackers breached Albania s Institute of Statistics (INSTAT) Report reveals Pegasus spyware used to hack journalists and activists in Jordan - MyIndMakers Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison Credential Harvesting Vs. Credential Stuffing Attacks: What s the Difference? Cloudflare breached on Thanksgiving Day, but the attack was promptly contained Passkeys and The Beginning of Stronger Authentication PurpleFox malware infected at least 2,000 computers in Ukraine VajraSpy: A Patchwork of espionage apps Man sentenced to six years in prison for stealing millions in cryptocurrency via SIM swapping Cloudflare says it was hacked in November 2023 by a suspected "nation state attacker" who used auth tokens stolen in Okta's breach from CISA orders federal agencies to disconnect Ivanti VPN instances by February 2 The Allen Institute for AI open sources OLMo, or "Open Language MOdels", and its dataset Dolma; partners Harvard, AMD, Databricks, and other The Allen Institute for AI open sources OLMo, or "Open Language MOdels", and its data set Dolma; OLMo was created with Harvard, AMD, Databri US Thwarts Volt Typhoon Cyber Espionage Campaign Through Router Disruption Multiple malware used in attacks exploiting Ivanti VPN flaws Mobile Device Security Policy US adults survey: 83% use YouTube, 68% use Facebook, 47% use Instagram; 27% to 35% use Snapchat, WhatsApp, LinkedIn, TikTok, and Pinterest; 22% use X Dozens in Jordan targeted by authorities using NSO spyware, report finds How to Change Zoom Background On Chromebook Owner.com, which offers an all-in-one platform for independent restaurants that includes online ordering and a website builder, raised a $33M Series B Pentagon investigating theft of sensitive files by ransomware group US adults survey: 83% use YouTube; 68% use Facebook; 47% use Instagram; 27% to 35% use Snapchat, WhatsApp, LinkedIn, TikTok, and Pinterest; 22% use X U.S. officials warn of dire Chinese cyber threats in wake of FBI operation to disrupt botnet US Disinfects Routers That China Allegedly Used for Hacking - PCMag AU US Disinfects Routers That China Allegedly Used for Hacking - PCMag UK US Disinfects Routers That China Allegedly Used for Hacking - PCMag Introducing DIFFER, a new tool for testing and validating transformed programs US Senators Propose Cybersecurity Agriculture Bill US Sanctions Three for Cyber Work for ISIS Protect AI Acquires Laiyer AI to Better Secure AI Models Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware What Are State-Sponsored Cyberattacks? Chinese Hackers Exploiting VPN Flaws to Deploy KrustyLoader Malware ESET takes part in global operation to disrupt the Grandoreiro banking trojan New Glibc Flaw Grants Attackers Root Access on Major Linux Distros BOFHound: Session Integration White House releases report on securing open-source software 750 million Indian mobile subscribers’ data offered for sale on dark web Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider Open Redirects Used to Disguise Phishing Links Balada Injector Malware Compromises 7,000+ WordPress Sites Navigating Secure Adoption of AI Across Government and Connected Infrastructure Cactus ransomware gang claims the Schneider Electric hack Identify Weak User Passwords With KnowBe4 s Enhanced Weak Password Test Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords Shortcut To Malice: URL Files US Senator Exposes NSA Purchase of Americans Internet Records After fake AI images of Taylor Swift went viral, Microsoft adds safeguards to its AI text-to-image tool Designer; Microsoft couldn't verify if De Bravo Channel Host Scammed Out of a Sizable Amount of Money by Fraudsters Posing as the Bank Fix Available for Critical Jenkins Flaw That Leads to RCE Attacks Ukraine s SBU arrested a member of Pro-Russia hackers group ‘Cyber Army of Russia’ Microsoft says Russian hackers used previously identified tactic to breach senior exec emails - The Record from Recorded Future News 8 Best Ways to Fix XVDD SCSI Miniport Issue in Windows 10 11 Multiple PoC exploits released for Jenkins flaw CVE-2024-23897 Novel Threat Tactics, Notable Vulnerabilities, Current Trends, and Data Leaks Source: ElevenLabs banned a creator's account after Pindrop's researchers said ElevenLabs' tech was used to make an audio deepfake used Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center Participants earned more than $1.3M at the Pwn2Own Automotive competition Blackwood hijacks software updates to deploy NSPX30 Week in security with Tony Anscombe Devin Anthony Magarian of Florida allegedly hacked online prescription websites used by doctors to issue narcotic ... - Newsday A TrickBot malware developer sentenced to 64 months in prison Source: ElevenLabs banned a creator's account after researchers said the company's tech was used to make an audio deepfake used in a fake Bi Devin Anthony Magarian of Florida allegedly hacked online prescription websites used by doctors to issue narcotic prescriptions, Nassau DA Anne Donnel Police Arrest Teen Said to Be Linked to Hundreds of Swatting Attacks Microsoft details the techniques that the Russian hacking group Midnight Blizzard used to breach the email accounts of its executives and other organi Who is Alleged Medibank Hacker Aleksandr Ermakov? Microsoft details the techniques that Midnight Blizzard used to breach the email accounts of its executives and other organizations (Bill Toulas Bleep Cybersecurity Insights with Contrast CISO David Lindner | 1 26 24 QR Code Scammers are Changing Tactics to Evade Detection Watch out, experts warn of a critical flaw in Jenkins Pwn2Own Automotive 2024 Day 2 – Tesla hacked again Beyond Borders: Unraveling the Essence of Data Sovereignty and Protection Yearly Intel Trend Review: The 2023 RedSense report AI is already being used by ransomware gangs, warns NCSC Using Google Search to Find Software Can Be Risky Secret Service to revive the Cyber Investigations Advisory Board Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE) NSPX30: A sophisticated AitM-enabled implant evolving since 2005 New Hampshire robocall kicks off era of AI-enabled election disinformation IEA: electricity used by data centers, crypto, and AI could grow 100%+ in the next three years; Ireland's data centers could use 32% of its elect Hackers Used SIM Swapping to Breach US SEC X Account - BankInfoSecurity.com IEA: electricity used by data centers, crypto, and AI may more than double in the next three years; Irish data centers will use 32% of its electricity Use of Generative AI Apps Jumps 400% in 2023, Signaling the Potential for More AI-Themed Attacks Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations IAE: electricity used by data centers, crypto, and AI may more than double in the next three years; Irish data centers will use 32% of its electricity Parrot TDS Injecting Malicious Redirect Scripts on Hacked Sites A filing in a class action suit by 10 US artists against Midjourney and others lists 16,000 artist names whose work Midjourney had allegedly used for Xianyu, Alibaba's online second-hand goods trading platform that claims to have 500M+ users, is opening its first bricks-and-mortar store in Hang The story behind the launch of Seceon aiSIEM-CGuard Automating Automated Detection and Response Microsoft critics accuse the firm of negligence in latest breach SEC Says Hacker Used 'SIM Swap' Attack to Make False Bitcoin ETF X Post - Unchained - Unchained US, UK, Australia sanction Russian national after major Australian ransomware attack Sources: the Biden admin preps an EO that aims to restrict the flow of sensitive data via intermediaries, like data brokers, to foreign adversaries li Malicious npm Packages Used to Target GitHub Developer SSH Keys How to Take Control of Your Data During Data Privacy Week Sources: the Biden admin preps an EO that aims to restrict the flow of sensitive data through intermediaries, like data brokers, to foreign countries Australian government announced sanctions for Medibank hacker Episode 255: EDM, Meet CDM – Cyber Dance Music with Niels Provos Sources: Byju's plans to raise more than $100M from existing investors at a less than $2B valuation, down more than 90% from $22B in October 2022 CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog Black Basta gang claims the hack of the UK water utility Southern Water SEC claims SIM swap technique used in hacking X account to post fake spot Bitcoin ETF approval - FXStreet 'Cyber sanctions' used for first time to target Medibank hacker - ABC News North Korean government hackers target individuals of interest, infosec professionals MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries Phone hacking used for corporate gain at Murdoch's media company, ex-minister claims - Tortoise - Tortoise Media My Slice , an Italian adaptive phishing campaign Data Privacy: Why It Matters To The Rest Of Us Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web ' - UAC-0050 RemoteUtilities (CERT-UA#8654) Backdoored pirated applications targets Apple macOS users The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked What is ATT Shift App? Top 5 Best Features of ATT Shift App in 2024 Book Review: The Crypto Launderers: Crime and CryptoCurrencies Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails Devo Achieves ATO, and Federal CISOs Gain Another Key Resource Russian foreign intelligence hackers gain access to top Microsoft officials, company says Jailed BreachForums creator, admin sentenced to 20 years of supervised release CISA issues emergency directive for federal agencies to patch Ivanti VPN vulnerabilities The Difference Between Pivoting vs. Lateral Movement China-linked APT UNC3886 exploits VMware zero-day since 2021 Apple says the Vision Pro weighs 600g to 650g, depending on the Light Seal and head band used; the Meta Quest 3 weighs 516g and the Meta Quest Pro wei Facebook Work-From-Home Job Posting Scam Goes the Extra Mile to Trick Victims Author Rie Kudan, this year's winner of Japan's prestigious Akutagawa Prize, reveals that 5% of her book "quoted verbatim the sentence Author Rie Kudan, winner of Japan's prestigious Akutagawa Prize, reveals that around 5% of her book "quoted verbatim the sentences generated Apple says the Vision Pro weighs 600 to 650 grams depending on the Light Seal and headband used; Meta Quest 3 weighs 516 grams and Quest Pro weighs 72 Canadian Man Stuck in Triangle of E-Commerce Fraud PolyCrypt Runtime Crypter Being Sold On Cybercrime Forums What is SPICA backdoor malware used by Russian hackers on Western officials? - The Indian Express The Quantum Computing Cryptopocalypse I ll Know It When I See It The Unseen Threats: Anticipating Cybersecurity Risks in 2024 VeChain Official Account Hacked, Used to Promote Scam Giveaway - CoinGape Defining Good: A Strategic Approach to API Risk Reduction Androxgh0st Malware Botnet Steals AWS, Microsoft Credentials and More Protect AI Report Surfaces MLflow Security Vulnerabilities Google TAG warns that Russian COLDRIVER APT is using a custom backdoor Drupal Releases Security Advisory for Drupal Core Critical vulnerability in ManageEngine could lead to file creation, dozens of other vulnerabilities disclosed by Talos to start 2024 Stablecoins Enabled $40 Billion in Crypto Crime Since 2022 Prolific Russian hacking unit using custom backdoor for the first time Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts Key Patch Updates for All Series of Oracle Products in January PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft iShutdown lightweight method allows to discover spyware infections on iPhones How to Detect Song Used in YouTube Video’s 2024 Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts Androxgh0st Malware: SafeBreach Coverage for US-CERT Alert (AA24-016A) Product Update | NEW! Cloud Monitor Consolidated View E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop It s Friday, I m [Writing That Typical CISO Email Github rotated credentials after the discovery of a vulnerability AI’s Role in Cybersecurity for Attackers and Defenders in 2024 FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation How to Activate Curiosity Stream on Roku, Android TV, Fire TV and Apple TV An Introduction to Deep File Inspection (DFI) RetroHunt : Retrospective Analysis for Threat Hunters UC Irvine cyberattack: Hackers post gruesome videos on Discord group used by students - KABC-TV LinkedIn is Being Used for *Dating* It s a Recipe for Disaster Getting Started: A Beginner’s Guide for Improving Privacy Remcos RAT Spreading Through Adult Games in New Attack Wave Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws Critical Apache OFBiz Zero-day AuthBiz (CVE-2023-49070 and CVE-2023-51467) Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack This hacker used over a million virtual servers to create an incredibly powerful network - but then wasted it on mining ... - TechRadar Senators Demand Probe into SEC Hack After Bitcoin Price Spike Critical flaw found in WordPress plugin used on over 300,000 websites Alert: New DLL Variant Used For Malicious Code Execution Balada Injector continues to infect thousands of WordPress sites Attackers target Apache Hadoop and Flink to deliver cryptominers Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT Classic Baggie: A Delaware BEC Case calls him the leader of an International Criminal Organization Security Affairs newsletter Round 454 by Pierluigi Paganini INTERNATIONAL EDITION Akira ransomware targets Finnish organizations Anthropic researchers: AI models can be trained to deceive and the most commonly used AI safety techniques had little to no effect on the deceptive be A look at TikTok's e-commerce push, including subsidizing sales and shipping, and promoting sellers in user feeds, as ad sales weaken and social A look at TikTok's dogged e-commerce push by subsidizing sales and promoting sellers in user feeds, as ad sales weaken and social media stagnates API Predictions for 2024 Why is the iPhone Force Restart Not Working? Writeup for CVE-2023-43208: NextGen Mirth Connect Pre-Auth RCE Security researchers say they warned Apple as early as 2019 about AirDrop vulnerabilities that Chinese authorities claim they recently used to identif Cybersecurity Insights with Contrast CISO David Lindner | 1 12 24 CISA Urges Critical Infrastructure to Patch Urgent ICS Vulnerabilities Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout - SecurityWeek Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid s wiki leak exposes 118K users A peek behind the curtain: How are sock puppet accounts used in OSINT? Why is my SSL expiring every 3 months? The evolution of AppSec: 4 key changes required for a new era Sandworm probably wasn t behind Danish critical infrastructure cyberattack, report says How Hackers Could Manipulate The Smart Wrenches Used To Build New Cars - The Autopian FTC Issues Warning About the Dangers of QR Code-Based Scams Beware of "Get to Know Me" Surveys Google formally endorses right to repair and will testify in favor of a law in Oregon, says regulators should ban "parts pairing", a tactic CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog Two zero-day bugs in Ivanti Connect Secure actively exploited Flying Under the Radar: Abusing GitHub for Malicious Infrastructure Monitoring the Dark Web with Threat Intelligence X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected ShinyHunters member sentenced to three years in prison After hack, X claims SEC failed to use two-factor authentication What Is Adversary Infrastructure? Powerful Cloud Permissions You Should Know: Part 1 Cypher Queries in BloodHound Enterprise NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining What is Dark Web Monitoring? Definition and Tools Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval Here’s Some Bitcoin: Oh, and You’ve Been Served! Entire population of Brazil possibly exposed in massive data leak FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data Decryptor for Tortilla variant of Babuk ransomware released Bitcoin price jumps after hackers hijack SEC Twitter account Quora says it raised $75M from Andreessen Horowitz, to be used to accelerate the growth of Poe and pay bot creators through its creator monetization p InQuest & ThreatConnect Unite: Advanced Threat Intel Meets Enhanced Cybersecurity CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog AI is helping US spies catch stealthy Chinese hacking ops, NSA official says LockBit ransomware gang claims the attack on Capital Health Embedded Linux IoT Security: Defending Against Cyber Threats New decryptor for Babuk Tortilla ransomware variant released TikTok restricts Creative Center, used by advertisers to track hashtags, after critics used the tool to scrutinize content on the Israel-Hamas war and TikTok restricts Creative Center, used by advertisers to track hashtags, after it was used by critics to scrutinize content on the Israel-Hamas war an Age-old problems to sharing cyber threat info remain, IG report finds Hackers hijack Beirut airport departure and arrival boards Meet Ika & Sal: The Bulletproof Hosting Duo from Hell FBI Releases Blackcat Ransomware Decryption Tool to Victims, Disrupting Attacks Saudi Ministry exposed sensitive data for 15 months Alert: Carbanak Malware Strikes Again With Updated Tactics Long-existing Bandook RAT targets Windows machines Security Affairs newsletter Round 453 by Pierluigi Paganini INTERNATIONAL EDITION Turkish Sea Turtle APT targets Dutch IT and Telecom firms Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages Law firm Orrick data breach impacted 638,000 individuals What Is the FedRAMP Incident Response Control Family? Sources: the US DOJ may file an antitrust lawsuit against Apple over the dominance of the iPhone; sources say Meta encouraged the DOJ to look at Apple Sources: Synopsys is in advanced talks to acquire Ansys, which makes software used in aerospace, health care, and automotive, for $35B in a stock-and Sources: the US DOJ may file an antitrust lawsuit against Apple that targets the company's strategies to protect the dominance of the iPhone as s Sources: DOJ may file an antitrust lawsuit against Apple targeting Apple's strategies to protect the dominance of the iPhone as soon as the first Sources: Synopsys is in advanced talks to acquire Ansys, which makes software used by aerospace and manufacturing sectors, for $35B in a stock-and-ca Beware of Fraudulent Charge Messages Best of 2023: Enterprises Are Getting Better at Breach Prevention. But Attackers Are Getting Better, Too. Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware Qualcomm announces the Snapdragon XR2+ Gen 2, an update to the XR2 Gen 2 used in the Meta Quest 3, offering 4.3K resolution at 90fps per eye, up from Hacker hijacked Orange Spain RIPE account causing internet outage to company customers Museum World Hit by Cyberattack on Widely Used Software - The New York Times Qualcomm unveils the Snapdragon XR2 Plus Gen 2, an update to the XR2 Gen 2 used in Meta's Quest 3, offering 4.3K resolution at 90fps per eye, up GroupM forms a consortium with Disney, Roku, NBCU, YouTube, and others to push for standardized measurements and ad formats that can be used across st Qualcomm announces Snapdragon XR2 Plus Gen 2, an update to the XR2 Gen 2 used in the Meta Quest 3, offering 4.3K resolution at 90fps per eye, up from HealthEC Data Breach Impacts 4.5 Million Patients Resecurity Identifies AI Tool Being Used to Compromise Business Email Perplexity, which offers an AI-based "answer engine" used by 10M to compete with Google, raised $74M at a $520M valuation from IVP, Jeff Bez Crooks hacked Mandiant X account to push cryptocurrency scam Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG Flaw in Black Basta Ransomware Exploited to Create Decryptor Don t trust links with known domains: BMW affected by redirect vulnerability Navigating Election Risks: A Guide for Executives CyberheistNews Vol 14 #01 [Heads Up] SMTP Smuggling - How It Easily Circumvents Your Email Defenses 2024 predictions: AI will help make Web3 usable in mainstream applications and Web3 will help us trust AI, Web3 regulatory clarity, flat VC investing, Russia Spies on Kyiv Defenses via Hacked Cameras Before Missile Strikes Poland: hackers used to unblock trains? - RailTech.com Facebook rolled out Link History, which creates a repository of all the links clicked on by a user on the mobile app, with the data being used for tar Ukraine s SBU said that Russia’s intelligence hacked surveillance cameras to direct a missile strike on Kyiv Valve ended Steam support for Windows 7, 8, and 8.1 on January 1, saying the app used a now-defunct embedded Chrome version; <1% of Steam users hav Researchers released a free decryptor for Black Basta ransomware Steam ended support for Windows 7, 8, and 8.1 on January 1, saying the app used a now-unsupported embedded Chrome version; <1% of Steam users are o Top 5 Cyber Predictions for 2024: A CISO Perspective How to Fix Volume Automatically Goes Down on Android Experts warn of JinxLoader loader used to spread Formbook and XLoader Terrapin attack allows to downgrade SSH protocol security Multiple organizations in Iran were breached by a mysterious hacker Exclusive: AI being used for hacking and misinformation, top Canadian cyber official says - Reuters.com List of Secure Dark Web Email Providers in 2024 Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop MS Excel Vulnerability Exploited To Distribute Agent Tesla New JinxLoader Targeting Users with Formbook and XLoader Malware Google agreed to settle a $5 billion privacy lawsuit AI holidays 2023 Vietnam’s Massive CAPTCHA crackers vs. Microsoft DCU Exclusive: AI being used for hacking and misinformation, top Canadian cyber official says - Reuters Spotify music converter TuneFab puts users at risk Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks - The Hacker News Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania Happy 14th Birthday, KrebsOnSecurity! Sources: US intelligence determined that the Chinese spy balloon that flew across the US in January and February 2023 used a US ISP to communicate wit Donald Trump's former lawyer Michael Cohen says he mistakenly used bogus legal citations from Google Bard in a motion seeking an early end to cou How hackers used iMessage to attack iPhone users - Times of India Sources: US intelligence officials determined that the Chinese spy balloon that flew across the US in February 2023 used a US internet provider to com Microsoft disables Windows App Installer's ms-appinstaller after the URI scheme was used to spread malware; Microsoft disabled and re-enabled the Microsoft disables Windows App Installer's MSIX protocol handler after it was used to spread malware, after previously disabling it in 2022 and r AI in 2024: The Top 10 Cutting Edge Social Engineering Threats Russia-linked APT28 used new malware in a recent phishing campaign New Version of Meduza Stealer Released in Dark Web EASM in 2023 – shortcomings with CVE-overreliance and flaws in security scoring systems Operation Triangulation attacks relied on an undocumented hardware feature GM claims in a lawsuit that San Francisco used Cruise's presence to tie its tax bill to a portion of GM's global revenue, unfairly taxing $1 Securing Networks: Addressing pfSense Vulnerabilities Experts warn of critical Zero-Day in Apache OfBiz New Rugmi Malware Loader Surges with Hundreds of Daily Detections Researchers detail a zero-click iMessage attack that for over four years used four zero-days to hack iPhones, including dozens belonging to Kaspersky Researchers detail a zero-click iMessage attack that used four zero-days and hacked iPhones for over four years, including dozens belonging to Kaspers The NYT sues OpenAI and Microsoft for copyright infringement, alleging they used millions of its articles to train AI, the first major US media outlet AI In Windows: Investigating Windows Copilot Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841 The NYT sues OpenAI and Microsoft for copyright infringement, alleging millions of articles were used in training, the first major US media organizati Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances Elections 2024, artificial intelligence could upset world balances Experts analyzed attacks against poorly managed Linux SSH servers Hollywood unions resisting AI being used to recreate actors' performances sets a precedent for future labor movements on how to push back against RingGo, ParkMobile Owner EasyPark Suffers Data Breach, User Data Stolen Carbanak malware returned in ransomware attacks We ve added more content to ZKDocs Carbanak Banking Malware Resurfaces with New Ransomware Tactics How to Edit WhatsApp Message After Sending on Android and iPhone APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor Ubuntu Security Updates Fixed Vim Vulnerabilities Researchers extract business and personal email addresses for 30+ NYT staff by fine tuning GPT-3.5 Turbo, bypassing the safeguards for privacy-related What Is ‘Sent As Sms Via Server’ on Android and How to Fix it USENIX Security 23 – Sophie Stephenson, Majed Almansoori, Pardis Emami-Naeini, Danny Yuxing Huang, Rahul Chatterjee Abuse Vectors: A Framewor Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware Justice Secretary in Deepfake General Election Warning How to Make Windows 11 Search Faster And More Accurate The JetBrains TeamCity software supply chain attack: Lessons learned St Vincent s Health Australia says data stolen in cyberattack 'GTA 6' Hacker Who Used Hotel TV, Firestick & Mobile Phone To Breach Rockstar Games Sentenced To Lifelong ... - Whiskey Riff Unraveling the Struts2 security vulnerability: A deep dive Google Cloud’s Cybersecurity Predictions of 2024 and Look Back at 2023 How Meta's hyperscale data center in Odense, Denmark, opened in 2020, helps heat 11K homes, as Microsoft, Amazon, and others plan to repurpose d Cancer Center Patients Become Attempted Victims of Data Extortion Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware Understanding QEMU s Role in Linux System Emulation Security How excess heat from Meta's hyperscale data center in Odense, opened in 2020, helps heat roughly 11,000 homes in the Danish city (Morgan Meaker W How to See Who Has Access to Your Google Drive Files Scammers are impersonating Binance, zkSync, and other crypto accounts on X by creating fake URLs to promote scams, giveaways, and more to steal crypto German police seized the dark web marketplace Kingdom Market Aston Martin and Porsche preview bespoke interfaces for the next generation of Apple CarPlay, which integrates into all the displays of upcoming vehic How Congress can rein in data brokers Law enforcement Operation HAECHI IV led to the seizure of $300 Million Stanford researchers: LAION-5B, a dataset of 5B+ images used by Stability AI and others, contains 1,008+ instances of CSAM, possibly helping AI to gen Coping with Python 3.7 End of Life: A Guide for Developers Stanford researchers: LAION-5B, a dataset of 5B images used by Stability AI and others, contains 1,008 instances of CSAM, possibly helping to create A BMW dealer at risk of takeover by cybercriminals Researchers say AI robot CyberRunner outmaneuvers humans in the maze game Labyrinth, in a breakthrough for AI beating humans at direct physical applic Comcast s Xfinity customer data exposed after CitrixBleed attack BlackCat Ransomware Raises Ante After FBI Disruption FBI claims to have dismantled AlphV Blackcat ransomware operation, but the group denies it FBI seizes ALPHV leak website. Hours later, ransomware gang claims it unseized it 2023 Cybersecurity Year in Review Adobe's failed Figma acquisition leaves Adobe with $6B in cash, likely to be used for AI investment and stock buybacks; ADBE jumped 75%+ in 2023 10 Cybersecurity Trends That Emerged in 2023 The failed Figma acquisition leaves Adobe with $6B in cash, likely to be used for AI development and stock buybacks; ADBE is up 75%+ in 2023 amid AI CVE-2023-50164: A Critical Vulnerability in Apache Struts Sources: Appin co-founder Rajat Khare used law firms to threaten US, UK, Swiss, Indian, and Luxembourg outlets to kill stories about the hack-for-hire Sources: Appin co-founder Rajat Khare used law firms to threaten outlets in the US, UK, and other countries to kill stories about the Indian hack-for- SEC disclosure rule for material cybersecurity incidents goes into effect Info stealers and how to protect against them Unique Malware Used in Cyber Attacks Increases by 70% in Just One Quarter Pro-Israel Predatory Sparrow hacker group disrupted services at around 70% of Iran s fuel stations Qakbot is back and targets the Hospitality industry Episode 252: Colin O’Flynn On Hacking An Oven To Make It Stop Lying A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K How to Fix Google Play Services Keeps Stopping OpenAI says "ByteDance's use of our API was minimal", but suspends the account and investigates, after a report that ByteDance used Ope InfectedSlurs botnet targets QNAP VioStor NVR vulnerability Security Affairs newsletter Round 450 by Pierluigi Paganini INTERNATIONAL EDITION Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center Robinhood received $1.1B in account transfers since it began offering a 1% match on transferred brokerage accounts on October 23, with 150+ transfers OpenAI says ByteDance's use of its API was minimal, suspends ByteDance's account while it investigates a report that ByteDance used OpenAI&a Phishing Is Still the No. 1 Attack Vector, With Huge 144% Malicious URL Spike Polygon Labs discontinues contributions to Edge, the OSS used for Dogechain, and shifts towards the Polygon CDK, which is powered by zero-knowledge cr How to Fix If Google Maps Has Stopped Working Docs: ByteDance used OpenAI's API to develop its own LLM, codenamed Project Seed; employees discussed "whitewashing" the evidence throu Docs: ByteDance used OpenAI API to develop its own LLM, codenamed Project Seed; employees discussed "whitewashing" the evidence through &quo New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks Multiple flaws in pfSense firewall can lead to arbitrary code execution BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign Idaho National Laboratory data breach impacted 45,047 individuals List of Stores that Accept Apple Pay in 2024 Gas Stations, Best Buy, Grocery How to Buy, Sell, And Transfer Used Starlink Dish How to Enable Windows 11 Screen Savers People's confusion whether Dropbox data will be used as training data for OpenAI resembles the conspiracy theory that Meta spies on users through Filing: Apple and Corellium settle a copyright dispute dating to 2019 in which Apple tried to shut down Corellium's virtual iPhone software (Thom Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component Google DeepMind's FunSearch model cracks the unsolved cap set problem in pure mathematics, the first time an LLM has solved a long-standing scien A personal Year in Review to round out 2023 The confusion around Dropbox's AI toggle highlights an AI trust crisis where many users don't believe OpenAI's claims that their data w Ten Years Later, New Clues in the Target Breach Google DeepMind used its FunSearch model to crack the famous cap set problem in pure mathematics, the first time an LLM solved a long-standing scienti Russia-linked APT29 spotted targeting JetBrains TeamCity servers Hackers exploit Google Forms to trick users into falling for call-back phishing attack Microsoft Targets Threat Group Behind Fake Accounts Approval Phishing Scams Drain $1bn of Cryptocurrency from Victims Microsoft seized the US infrastructure of the Storm-1152 cybercrime group French authorities arrested a Russian national for his role in the Hive ransomware operation After an on-by-default AI toggle caused confusion, Dropbox says user data is only shared with OpenAI if the AI-powered search feature is actively bein Kyivstar CEO: Hackers used compromised employee account to carry out attack - Kyiv Independent Microsoft seizes US-based infrastructure and websites used by cybercrime group Storm-1152 that created 750M fraudulent Microsoft accounts, after a co China-linked APT Volt Typhoon linked to KV-Botnet Microsoft seizes infrastructure of top cybercrime group Silent, Yet Powerful Pandora hVNC, The Popular Cybercrime Tool That Flies Under the Radar Cyber Risk Quantification Framework: A Beginner’s Guide OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks - Security Affairs Sources: sparked by Spotify's complaint in 2019, the EU may fine Apple in 2024 and plans to ban its anti-steering App Store rules used on music s Phishing Remains the Most Common Attack Technique, With Malicious URL Use Increasing 144% OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks How Google is Using Clang Sanitizers to Make Android More Secure Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks Microsoft warns that threat actors are misusing OAuth apps to automate phishing attacks, push spam, and deploy VMs for crypto mining (Sergiu Gatlan Bl ASML and Samsung plan to jointly spend $760M to build a research plant in South Korea using ASML's next-generation extreme ultraviolet equipment Microsoft Patch Tuesday, December 2023 Edition Microsoft releases lightest Patch Tuesday in three years, no zero-days disclosed CISA unveils Google Workspace guidelines informed by Chinese breach of Microsoft Russia Weaponizes Israel-Hamas Conflict in Targeted Phishing Attack SAP Patch Day: December 2023 Sources: Apple offers to let rivals access its tap-and-go payments systems for mobile wallets, hoping to settle EU antitrust charges and avoid a possi Dubai s largest taxi app exposes 220K+ users Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware Discord staff, moderators, and researchers say its rules and culture let a racist and antisemitic community flourish, after the April classified docum A profile of Li Ying, a Chinese graduate who used his X account to tell the world about protests in 2022 and now lives in exile after losing his livel Sources: Apple offers to let rivals access its tap-and-go payments systems for mobile wallets, to settle EU antitrust charges and avoid a possible hef Silent but deadly: The rise of zero-click attacks Top 10 Best Shakespeare Translator Tools and Apps in 2024 US teens survey: 93% use YouTube, 63% TikTok, 60% Snapchat, 59% Instagram, 33% Facebook, 21% WhatsApp; 33% use at least one of these "almost con The US chooses BAE Systems for the first CHIPS Act grant, giving the defense contractor $35M to quadruple production of chips used in F-15 and F-35 fi US teens survey: 93% use YouTube, 63% use TikTok, 60% use Snapchat, 59% use Instagram, and 33% use Facebook; 33% use at least one of these "almo The US awards the first CHIPS Act grant to BAE Systems, giving the defense contractor $35M to quadruple production of chips used in F-15 and F-35 figh TikTok reaches $10B in gross revenue, including $3.84B in 2023 so far, $3.32B in 2022, and $1.72B in 2021, the fifth mobile app and the first non-game Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2 TikTok reaches $10B in gross revenue, including $3.8B in revenue in 2023 so far, $3.3B in 2022, and $1.7B in 2021, the fifth app to do so and the firs WSJ: "A Hidden Risk in the Municipal Bond Market: Hackers" North Korean hacking ops continue to exploit Log4Shell EU Reaches Agreement on AI Act Amid Three-Day Negotiations ALPHV BlackCat Site Downed After Suspected Police Action The US awards the first CHIPS Act grant to BAE Systems, giving the defense contractor $35M to boost production of chips used in F-15 and F-35 fighter Police Arrest Hundreds of Human Traffickers Linked to Cyber Fraud TikTok plans to invest $1.5B in a joint venture with GoTo, aiming to comply with regulations in Indonesia so that TikTok can restart its shopping serv TikTok to invest $1.5B in a joint venture with Indonesia's GoTo, aiming to address regulatory concerns so that TikTok can revive its shopping ser Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series OctoML ends its business with text-to-image AI model sharing platform Civitai, after a report found some images by Civitai users "could be catego 5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips Magic: The Gathering Cards Used in Possible Cashout by Uranium Finance Hacker - Cryptonews Trojan Malware Hidden in Cracked macOS Software, Kaspersky Says Founder of Bitzlato exchange has pleaded for unlicensed money transmitting Android barcode scanner app exposes user passwords Incident Reporting and Response Procedures Policy The Top 5 trends every DevOps leader needs to know for 2024 Russia-linked APT8 exploited Outlook zero-day to target European NATO members Russian information operation uses US celebrity Cameos to attack Zelensky Cybersecurity considerations to have when shopping for holiday gifts LogoFAIL vulnerabilities impact vast majority of devices Russian information operation uses U.S. celebrity Cameos to attack Zelensky Microsoft says Russia-aligned propagandists duped at least seven Western celebrities via Cameo into recording videos used to attack Ukraine's Pre How to Check Graphics Card In Windows 11 A cyber attack hit Nissan Oceania Microsoft says Russia-linked propagandists duped at least seven Western celebrities via Cameo into recording videos later used to attack Volodymyr Zel Russian hackers used 'spear-phishing' to steal information from UK politicians, government says - Sky News Russian hackers used 'spear-phishing' to steal information from UK politicians, govt says - Sky News Dangerous vulnerability in fleet management software seemingly ignored by vendor Remote code execution vulnerabilities found in Buildroot, Foxit PDF Reader Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers - HackRead 78% of CISOs Concerned About AppSec Manageability Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers Russian-Backed Hackers Target High-Value US, European Entities ICANN Launches Service to Help With WHOIS Lookups Publishing Trail of Bits CodeQL queries Dragos Community Defense Program Helps Small Utilities Facing Cyber Attacks HYAS Insight Uncovers and Mitigates Russian-Based Cyberattack Citing Attacks On Small Utilities, Dragos Launches Community Defense Program Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode GST Invoice Billing Inventory exposes sensitive data to threat actors Top 5 Ways to Delete WhatsApp Messages Permanently in 2024 Disney+ Cyber Scheme Exposes New Impersonation Attack Tactics Tesla whistleblower Łukasz Krupski says Autopilot is not safe enough to use on public roads due to its hardware and software not being " Fake Lockdown Mode Exposes iOS Users to Malware Attacks Web3 developer platform thirdweb discloses a major vulnerability in an open-source library used by several NFT collections; thirdweb became aware on N The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying. 75% of sports-related passwords are reused across accounts Russian AI-generated propaganda struggles to find an audience Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts Tesla whistleblower Łukasz Krupski says Autopilot is not safe to use on public roads due to its hardware and software not being "ready&q New Threat Actor 'AeroBlade' Emerges in Espionage Attack on U.S. Aerospace Vast USPS Delivery Phishing Campaign Sees Threat Actors Abusing Freemium Dynamic DNS and SaaS Providers Feds: Iran-linked hacking campaign a ‘clarion call’ for digital defenses New P2PInfect bot targets routers and IoT devices AssemblyAI, used by companies to build AI speech models, raised $50M led by Accel, taking its total funding to $115M, and says paying users grew 200% Asking ChatGPT to repeat words "forever" is now against OpenAI's terms of service, after Google researchers showed that doing so led it Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware US regulators are proposing a labeling system for AI health care apps, including requiring disclosing how the tools were trained, perform, and should FBI: Iranian APT Targets Israeli-Made PLCs Used In Critical Industries LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices Iranian cyber attack targets Israeli tech used by several US bodies - The Times of Israel New Agent Raccoon malware targets the Middle East, Africa and the US Security Affairs newsletter Round 448 by Pierluigi Paganini INTERNATIONAL EDITION Researchers devised an attack technique to extract ChatGPT training data Cooking Intelligent Detections from Threat Intelligence (Part 6) IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities Discovering MLflow Framework Zero-day Vulnerability | Machine Language Model Security | Contrast Security Expert warns of Turtle macOS ransomware CISA’s Goldstein wants to ditch ‘patch faster, fix faster’ model Threat Sequencing from the Darkside CrowdStrike Demonstrates Cloud Security Leadership at AWS re:Invent 2023 Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022 Zimbra Zero-Day Exploit Unveiled Malicious Use of QR Codes on the Rise Through Quishing Attacks $19 Stanely cups, fake Amazon Prime memberships all part of holiday shopping scams circulating CISA: Threat Groups are Targeting Unitronics PLCs in Water Systems CISA: Threat Groups are Targeting Unitroncis PLCs in Water Systems US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers - GBHackers US Sanctions Virtual Currency Mixer Used By N Korean Cyber Hacking Group - RTTNews New SugarGh0st RAT targets Uzbekistan government and South Korea Analysis: crypto mining used 1,600 gigaliters of water in 2021 when bitcoin peaked at $65K, or 16K liters per transaction, around 6.2M times a credit Crypto Country: North Korea s Targeting of Cryptocurrency U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers - The Hacker News Very precisely lost GPS jamming U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by ... - The Hacker News Detecting AiTM Phishing Sites with Fuzzy Hashing The US sanctions Sinbad, a crypto mixer allegedly used by the North Korean Lazarus hacking group, and the US, the Netherlands, and Poland seize the se Okta: Breach Affected All Customer Support Users US Seizes Bitcoin Mixer Sinbad.io Used by Lazarus Group Feds seize Sinbad crypto mixer allegedly used by North Korean hackers - TechCrunch The US sanctions Sinbad, a crypto mixer allegedly used by North Korean Lazarus hackers, and seizes its service in an international law enforcement ope US seizes Sinbad crypto mixer used by North Korean Lazarus hackers - BleepingComputer CISA Releases First Secure by Design Alert Understanding the Security of Mobile Apps in Africa Okta reveals additional attackers’ activities in October 2023 Breach Amazon executive John Boumphrey says selling pre-owned goods in the UK and Europe is now a $1.3B business and Amazon sold 4M+ used items in 2022 in th Thousands of secrets lurk in app images on Docker Hub Mastering NIST Penetration Testing: Your Essential Guide to Robust Cybersecurity Pennsylvania water facility hit by Iran-linked hackers Threat actors started exploiting critical ownCloud flaw CVE-2023-49103 ID Theft Service Resold Access to USInfoSearch Data Deepfake Digital Identity Fraud Surges Tenfold, Sumsub Report Finds Compromising Identity Provider Federation IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations Endpoint and Identity Security: A Critical Combination to Stop Modern Attacks 5 Tips to Defend Against Access Brokers This Holiday Season The Difference Between Securing Custom-Developed vs. Commercial Off-the-Shelf Software Eliminate Repetitive Tasks and Accelerate Response with Falcon Fusion Many local US police departments are fearmongering by issuing warnings on the privacy risk of the iPhone's NameDrop feature, used to wirelessly s Rethinking shift left: How a lack of context creates unnecessary friction between AppSec and Developers Many local US police departments are fearmongering by issuing warnings about the privacy risk of iPhone's NameDrop, used to share contact informa Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia UK, South Korea Warn of North Korea Supply-Chain Attacks London-based PhysicsX, which uses AI for engineering simulations in automotive, aerospace, and other industries, raised a $32M Series A led by General E-commerce is used a lure for 43% of phishing attacks The hack of MSP provider CTS potentially impacted hundreds of UK law firms Security Affairs newsletter Round 447 by Pierluigi Paganini INTERNATIONAL EDITION North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack Top 7 Ways to Fix 0x0000124 WHEA UNCORRECTABLE Error Hamas-linked APT uses Rust-based SysJoker backdoor against Israel App used by hundreds of schools leaking children’s data KitchenPal - 98,726 breached accounts Hacked Microsoft Word documents being used to trick Windows users - TechRadar Filing: Nvidia says regulators in the EU and China requested information about its sale of GPUs and how it allocates their supply (Aaron Holmes The In Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale Exposed Kubernetes configuration secrets can fuel supply chain attacks Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel North Korea-linked Konni APT uses Russian-language weaponized documents US lawmakers scramble to enact measures to punish people targeting women with AI-generated nudes, amid a rise of such cases involving teen girls world ClearFake campaign spreads macOS AMOS information stealer Telekopye Toolkit Used as Telegram Bot to Scam Marketplace Users What Is Network Availability? Welltok data breach impacted 8.5 million patients in the U.S. Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software Automotive parts giant AutoZone disclosed data breach after MOVEit hack 6 Ways to Make Small Text In Discord: Change Text Style How to See Pictures on Pinterest Without Creating An Account New InfectedSlurs Mirai-based botnet exploits two zero-days New Data Covers How the Retail Market is at Greater Risk of Industry-Specific Cyberthreats Adobe Releases Security Updates for ColdFusion Researchers want more detail on industrial control system alerts At Microsoft's request, researchers find multiple flaws in the top three fingerprint sensors in laptops and used for Windows Hello fingerprint au Personal data stolen in British Library cyber-attack appears for sale online CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog Enterprise software provider TmaxSoft leaks 2TB of data Unpacking the Zimbra Cross-Site Scripting Vulnerability (CVE-2023-37580) The US FTC approves a new resolution to streamline investigations of cases where AI is used to break the law (Reuters) Ransomware groups rack up victims among corporate America Security trends public sector leaders are watching Tor Project removed several relays associated with a suspicious cryptocurrency scheme CISA, FBI, MS-ISAC, and ASD s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed DarkGate and PikaBot Activity Surge in the Wake of QakBot Takedown MAR-10478915-1.v1 Citrix Bleed AI Helps Uncover Russian State-Sponsored Disinformation in Hungary New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks Experts warn of a surge in NetSupport RAT attacks against education and government sectors In What ways do CVSS v3 and CVSS v4 differ? November 2023 Product Release News ForgeRock Recognized as a Leader in the 2023 Gartner Magic Quadrant for Access Management Canadian government impacted by data breaches of two of its contractors Navigating the Evolving Landscape of File-Based Cyber Threats Rhysida ransomware gang is auctioning data stolen from the British Library Top 20 Most-Used Passwords In India! - Times Now DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies US teenager pleads guilty to his role in credential stuffing attack on a betting site DarkCasino joins the list of APT groups exploiting WinRAR zero-day Critical AI Tool Vulnerabilities Let Attackers Execute Arbitrary Code Security Affairs newsletter Round 446 by Pierluigi Paganini INTERNATIONAL EDITION 8Base ransomware operators use a new variant of the Phobos ransomware Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine The FBI and the CISA release an advisory detailing the tactics used by Scattered Spider, a hacker group that now collaborates with the BlackCat ransom Understanding the Phobos affiliate structure and activity A deep dive into Phobos ransomware, recently deployed by 8Base group A critical OS command injection flaw affects Fortinet FortiSIEM The FBI and CISA release an advisory detailing tactics used by Scattered Spider, a hacking group that now collaborates with the BlackCat ransomware gr Apple says green bubbles will be used for RCS messages, while iMessages will be blue to denote what it considers the safest way for iPhone users to co Hacking Meduza: Pegasus spyware used to target Putin's critic - Access BlackCat Ransomware's New SEC Reporting Tactic: Turn Regulations Against Victims Zimbra zero-day exploited to steal government emails by four groups Alleged Extortioner of Psychotherapy Patients Faces Trial Digital bank Revolut plans to offer its "secret sauce" HRtech, used to manage its 7,500 staff, as a B2B proposition to select companies on a Digital bank Revolut plans to offer its "secret sauce" HRtech, used to manage 7,500 employees, as a B2B proposition to select companies on a 'Randstorm' Bug: Millions of Crypto Wallets Open to Theft Protestware taps npm to call out wars in Ukraine, Gaza Google finds and helps patch a Zimbra Collaboration email server zero-day used to steal data from governments in Greece, Moldova, Tunisia, Vietnam, an White House is working on version 2.0 of cyber implementation plan Google's Threat Analysis Group discovers and helps patch a Zimbra email server flaw used to steal data from governments in Greece, Moldova, and e Cyber-Criminals Exploit Gaza Crisis With Fake Charity Vietnam Post exposes 1.2TB of data, including email addresses 7 common mistakes companies make when creating an incident response plan and how to avoid them Samsung suffered a new data breach FBI and CISA warn of attacks by Rhysida ransomware gang Merlin s Evolution: Multi-Operator CLI and Peer-to-Peer Magic New SSH Vulnerability Assessing the security posture of a widely used vision model: YOLOv7 Link Cards Hacked, Being Used In California: Palos Hills PD - Palos, IL Patch After Critical Bug Disclosures, TETRA Emergency Comms Code Goes Public Critical flaw fixed in SAP Business One product The Art of Defending Your Attack Surface Law enforcement agencies dismantled the illegal botnet proxy service IPStorm Gamblers data compromised after casino giant Strendus fails to set password Link Cards Hacked, Being Used In California: Palos Hills PD - Patch Nosey Parker s Ongoing Machine Learning Development Microsoft Patch Tuesday security updates fixed 3 actively exploited flaws Danish critical infrastructure hit by the largest cyber attack in Denmark’s history Google DeepMind details weather forecasting AI model GraphCast AI, more accurate than the best conventional systems for three to 10 day predictions, a Google DeepMind details GraphCast AI, a weather forecasting AI that is more accurate for 3-10 day predictions than the best conventional systems, a fi Filing: Google sues two men in California who allegedly used 65 Google accounts to spam Google with fraudulent DMCA takedown notices, targeting up to Filing: Google sues two men in California who allegedly used 65 Google accounts to spam Google with fraudulent DMCA takedown notices targeting up to 6 Pro-Palestinian hacking group evolves tactics amid war Hackers Selling Exploits for Critical Vulnerabilities on the Dark Web Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers ICBC Hackers Used Methods Previously Flagged by U.S. Authorities - WSJ - The Wall Street Journal Are Your ServiceNow ACLs Publicly Exposing Data? ICBC Hackers Used Methods Previously Flagged by U.S. Authorities ... - The Wall Street Journal CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog In a first, researchers show that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to full In a first, researchers show a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete c LockBit ransomware gang leaked data stolen from Boeing North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals Authorities Took Down Massive Phishing-as-a-service Provider BulletProftLink Domain Control Validation (DCV) Methods & How to Choose The Cyber Threat Landscape Overview with An Example Experts say terrorist groups are using generative AI to bypass the hashing databases used by tech companies to automatically remove violent extremist Filing: FTX sues crypto exchange Bybit and two affiliates to recover $953M, including $327M+ that they allegedly withdrew just before FTX filed for b The State of Maine disclosed a data breach that impacted 1.3M people Security Affairs newsletter Round 445 by Pierluigi Paganini INTERNATIONAL EDITION Experts say terrorist groups are using generative AI tools to evade the hashing algorithms used by tech companies to automatically remove extremist co Filing: FTX sues crypto exchange Bybit and two affiliates to recover $953M that they allegedly withdrew using "VIP" status just before FTX Police seized BulletProftLink phishing-as-a-service (PhaaS) platform It’s Still Easy for Anyone to Become You at Experian The Power of Complex Binary Analysis Serbian pleads guilty to running Monopoly dark web drug market NordVPN Review 2023: Comprehensive Security for Your Business FTX sues crypto exchange Bybit and two affiliates to recover $953M in cash and digital assets that was withdrawn using "VIP" status before After ChatGPT, Anonymous Sudan took down the Cloudflare website Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack SysAid zero-day exploited by Clop ransomware group DDoS attack leads to significant disruption in ChatGPT services Cyber ops linked to Israel-Hamas conflict largely improvised, researchers say OpenAI announces Data Partnerships to collaborate with organizations to build public and private datasets that "reflect human society" for A Russian Sandworm disrupts power in Ukraine with a new OT attack Abusing Slack for Offensive Operations: Part 2 Brokers, hedge funds, and advisers push back hard on the SEC's proposed rules for AI used in financial advice, giving comments well past the Octo Russian Hackers Used OT Attack to Disrupt Power in Ukraine Amid Mass Missile Strikes - SecurityWeek New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers Spammers abuse Google Forms quiz to deliver scams Russian hackers disrupted Ukrainian electrical grid last year Sandworm Cyberattackers Down Ukrainian Power Grid During Missile Strikes Tech executives and officials detail how the Indian government used new rules, censorship, and law enforcement to break Twitter's resistance to t Getting Started with Terraform and AKS: a Step-by-Step Guide to Deploying Your First Cluster North Korean Hacking Group BlueNoroff Blamed for macOS Malware Attack Sumo Logic discloses security breach and recommends customers rotate credentials Speeding Delivery of Government Services with DevOps and IAM FBI: Ransomware actors abuse third parties and legitimate system tools for initial access A Deep Dive into GraphQL API with Python Client IBM: New Gootloader Variant Moves Laterally and Is Harder to Detect Five Canadian Hospitals impacted by a ransomware attack on TransForm provider Decoupling for Security The 5 levels of Sustainable Robotics Adobe's site for stock images lists AI-generated images of the Israel-Palestine conflict, and some small outlets have used them without labeling How AI-driven robots and optical sorters are being used to pick up and sort recyclable trash, as US recyclers deal with labor shortages and rising cos Opinion: Leica helped Xiaomi create a flagship that takes better photos than iPhone, and their partnership makes sense despite Xiaomi copying some iOS The clever hack John used to beat the Optus crash - Sydney Morning Herald North Korea-linked APT BlueNoroff used new macOS malware ObjCShellz Leica helped Xiaomi create a flagship phone that takes better photos than iPhone, and their partnership makes sense despite Xiaomi copying some elemen Samsung unveils a generative AI model called Gauss, which is being used for employee productivity internally and will be expanded to product applicati Reform bill would overhaul controversial surveillance law Volante, which offers low-code payments tools used by 150 major banks and other institutions, raised $66M in equity and debt, taking its total fundin N. Korea's BlueNoroff Blamed for Hacking macOS Machines with ObjCShellz Malware Volante, which offers low-code payments tools used by 150 major banks and other institutions, raised $66M in equity and debt, taking its total funding N. Korean BlueNoroff Blamed for Hacking macOS Machines with ObjCShellz Malware Veeam fixed multiple flaws in Veeam ONE, including critical issues Moving Beyond CVSS Scores for Vulnerability Prioritization Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks A look at the hurdles tech startups like Shield AI, which makes autonomous drones, face in competing for Pentagon funding against more entrenched weap Top 7 Ways to Fix Starlink Motors Stuck Error Message ESPN Fantasy Sports App Not Working? Here’s How to Fix Quickly Domain of Thrones: Part II CVE-2023-47004 Using language to give robots a better grasp of an open-ended world CVE-2023-3909 US, Japan and South Korea Unite to Counter North Korean Cyber Activities Hackers Actively Exploiting Linux Privilege Escalation Flaw to Attack Cloud Environments Who’s Behind the SWAT USA Reshipping Service? CVE-2023-5825 Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure CVE-2023-33924 Socks5Systemz proxy service delivered via PrivateLoader and Amadey Data Breaches in October 2023 Infographic CVE-2023-4625 Lazarus targets blockchain engineers with new KandyKorn macOS Malware Attackers use JavaScript URLs, API forms and more to scam users in popular online game Roblox You d be surprised to know what devices are still using Windows CE Threat Roundup for October 27 to November 3 Who killed Mozi? Finally putting the IoT zombie botnet in its grave Kinsing threat actors probed the Looney Tunables flaws in recent attacks Okta's Recent Customer Support Data Breach Impacted 134 Customers Top 3 Ways to Clear the Cache on Mac or MacBook Okta customer support system breach impacted 134 customers CVE-2023-21378 (android) Empower Incident Response with Real-Time, Just-in-Time Alerts and Access CVE-2023-21347 (android) Multiple WhatsApp mods spotted containing the CanesSpy Spyware DC's AG sues RealPage and 14 of Washington DC's largest landlord firms for using RealPage's rent-setting software to allegedly collude CVE-2023-25960 CanesSpy Spyware Discovered in Modified WhatsApp Versions NodeStealer Malware Hijacking Facebook Business Accounts for Malicious Ads UK CMA says Meta has pledged to let Facebook Marketplace users opt out of having their data used by Meta and limit how it uses ad data for product dev CVE-2023-43982 CVE-2023-43665 CVE-2023-41259 MuddyWater has been spotted targeting two Israeli entities 4 Key Takeaways from OWASP Global DC | Impart Security CVE-2023-46176 CVE-2017-7252 CVE-2023-39042 CVE-2023-39048 Block reports Q3 revenue up 24% YoY to $5.62B, vs. $5.4B est., profit up 21% YoY to $1.9B, Square profit up 15% YoY, and Cash App profit up 27% YoY; S Clop group obtained access to the email addresses of about 632,000 US federal employees Russian Reshipping Service ‘SWAT USA Drop’ Exposed The FTC says Jeff Bezos ordered Amazon executives to accept more junk ads to boost profits; Amazon used disappearing Signal chats from June 2019 to ea Upgraded Kazuar Backdoor Offers Stealthy Power Newly unsealed details of an FTC complaint from September: Amazon monitored its sellers and punished them if they offered lower prices on other platfo The FTC says Jeff Bezos personally ordered Amazon execs to accept more junk ads to boost profits; Amazon used disappearing Signal chats from June 2019 Okta discloses a new data breach after a third-party vendor was hacked CVE-2023-45341 Microsoft upgrades security for signing keys in wake of Chinese breach Microsoft upgrades security for signing key in wake of Chinese breach SlashNext: ChatGPT Led to a 1,265% Jump in Phishing Attacks This cloud security software used by many enterprises is being ... - TechRadar AI Safety Summit: OWASP Urges Governments to Agree on AI Security Standards Who is behind the Mozi Botnet kill switch? Top Best Kahoot Winner Bots 2023 CVE-2023-45016 CVE-2023-5859 CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748 Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper CVE-2023-42648 CVE-2022-48458 Palo Alto Reveals New Features in Russian APT Turla's Kazuar Backdoor British Library suffers major outage due to cyberattack President Biden’s Proclamation: National Native American Heritage Month, 2023 CVE-2023-5893 CVE-2023-2622 CVE-2023-5306 Securing Australia s Critical Infrastructure: The Role of Asset Visibility in Meeting SOCI Obligations SEC sues SolarWinds and CISO for fraud Apple's new M3 Pro has fewer performance and GPU cores than the M2 Pro and 25% less memory bandwidth than the M1 Pro and M2 Pro (Tim Hardwick Mac Health care automation startup Olive, which was valued at $4B in July 2021, plans to shut down and has sold parts of its business to Waystar and Humat Apple's new M3 Pro has 25% less memory bandwidth than the M1 Pro and M2 Pro and fewer performance cores (Tim Hardwick MacRumors) .US Harbors Prolific Malicious Link Shortening Service Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198 Apple's new M3 Pro has lower memory bandwidth than the M1 Pro and M2 Pro and fewer performance cores; Apple repeatedly compared the M3 to the M1, Apple's new M3 Pro has lower memory bandwidth than the M1 Pro and M2 Pro and fewer performance and efficiency cores; Apple repeatedly compared th Are Corporate VPNs Secure? Arid Viper disguising mobile spyware as updates for non-malicious Android applications Regulator Reveals Large Disparity in APP Fraud Reimbursement IBM research: AI can make phishing, already used in 90% of cyberattacks, more effective at scale, though widespread use has not yet been detected (Er AAAI Fall Symposium: Patr cia Alves-Oliveira on human-robot interaction design The CISO Report: Emerging Trends, Threats, and Strategies for Security Leaders CVE-2023-43792 Five Reasons Why Legacy Data Loss Prevention Tools Fail to Deliver CVE-2023-41891 CVE-2023-21397 CVE-2023-21387 Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency Lateral Movement: Abuse the Power of DCOM Excel Application CVE-2023-40136 (android) CVE-2023-21352 White House executive order on AI seeks to address security risks Wiki-Slack attack allows redirecting business professionals to malicious websites CVE-2023-5666 CVE-2022-4575 CVE-2023-42431 Microsoft tells Xbox users that unauthorized third-party accessories cannot be used from November 12; sources say Microsoft plans to expand its approv EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub StripedFly, a complex malware that infected one million devices without being noticed Top 6 Ways to Fix Honeywell Thermostat Display Not Working The Outstanding ROI of KnowBe4's Trusted Security Awareness Training Research details how vulnerabilities in signaling protocols used by mobile network operators for international roaming can be exploited to geolocate d Do humans get lazier when robots help with tasks? Security Affairs newsletter Round 443 by Pierluigi Paganini INTERNATIONAL EDITION Disney World Parkgoers Used To 'Hack' The System For A Free Shirt ... - Yahoo Entertainment Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service CVE-2023-46467 CVE-2023-26574 (idweb) Cybersecurity Awareness Month: How Contrast & the threat landscape have evolved The Risk Business: Second Edition Charting New Terrain: The Shift to Resilience and Proximity in Cyber Risk DEF CON 31 Policy Panel: Navigating the Digital Frontier Advancing Cyber Diplomacy N. Korean Lazarus Group Targets Software Vendor Using Known Flaws France agency ANSSI warns of Russia-linked APT28 attacks on French entities How to Collect Market Intelligence with Residential Proxies? F5 urges to address a critical flaw in BIG-IP How to Leave a Viber Group Without Anyone Knowing 2023 IriusRisk Brings Threat Modeling to Machine Learning Systems CVE-2023-46523 (tl-wr886n_firmware) CVE-2023-43737 CVE-2023 4632: Local Privilege Escalation in Lenovo System Updater iLeakage attack exploits Safari to steal data from Apple devices Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps Kaspersky reveals ‘elegant’ malware resembling NSA code Apple emergency update fixes new zero-day used to hack iPhones - BleepingComputer CVE-2023-5783 CVE-2023-46234 CVE-2023-5780 CVE-2023-46094 CVE-2023-46088 CVE-2023-46077 CVE-2023-46074 Analysis of 1,800 AI datasets: 70% didn't state what license should be used or had been mislabeled with more permissive guidelines than their cr Telegram blocks two channels used by Hamas for Android users, blaming Google Play Store guidelines, after Pavel Durov resisted calls to shut down Hama CVE-2023-38848 Pro-Russia hackers target inboxes with 0-day in webmail app used by millions - Ars Technica Pwn2Own Toronto 2023 Day 1 – organizers awarded $438,750 in prizes Hackers that breached Las Vegas casinos rely on violent threats, research shows Hackers that breached Las Vegas casinos rely on violent threats CVE-2023-46520 CVE-2023-45767 CVE-2023-45756 CVE-2023-37909 CVE-2023-26572 Sources: a Biden EO on AI is expected on October 30, requiring assessments of AI models before federal worker use, easing highly skilled immigration, Sources: a Biden EO on AI is expected on Monday, requiring AI models undergo testing before use by federal workers, easing highly skilled immigration, The Differences Between DNS Protection and Protective DNS Sources: SMIC used ASML's DUV machines to produce its 7nm chip used by Huawei; ASML has never sold its EUV tools to China, but older DUV models c NextGen Mirth Connect Remote Code Execution Vulnerability (CVE-2023-43208) Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately New England Biolabs leak sensitive data The Internet Watch Foundation warns that generative AI is being used to create child sexual abuse imagery, and finds 3K AI-made abuse images breaking FOIA documents: ICE used a tool called GOST to decide if US visa applicants' social media posts are "derogatory" to the US, as part of Former NSA employee pleads guilty to attempted selling classified documents to Russia Vietnam-Based Cyber Groups Using Fake Job Postings to Deliver Malware Domain of Thrones: Part I A Twitter user since 2007 on why he left: Elon Musk brought chaos to Twitter and boosts conspiracy theories, white supremacists, and antisemitic dog w Getting Value from Your Proxy Logs with Falcon LogScale Patch Tuesday Turns 20: The Growth and Impact of Microsoft s Vulnerability Problem Small Screens, Big Risks: Falcon for Mobile Releases New Innovations to Accelerate Detection and Response for Mobile Threats Robo-Insight #6 A Twitter user since 2007 reflects on leaving due to Elon Musk swapping stasis at the company for chaos, his constant bullshitting, and spreading toxi iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation Make API Management Less Scary for Your Organization Operation Triangulation: Experts Uncover Deeper Insights into iOS Zero-Day Attacks How did the Okta Support breach impact 1Password? Spain police dismantled a cybercriminal group who stole the data of 4 million individuals Examining Predator Mercenary Spyware PimEyes, a paid facial recognition service, blocks searches of children's faces via age detection AI to identify photos of minors, as part of a & PimEyes, a paid facial recognition service, says it has blocked searches of children as part of a "no harm policy", using AI to identify pho Cisco warns of a second IOS XE zero-day used to infect devices worldwide Cisco releases patches for two zero-day flaws that hackers exploited in 50K+ IOS XE devices; researchers say that hacked hosts recently dropped from CVE-2023-43065 CVE-2023-28796 Legit Discovers “AI Jacking” Vulnerability in Popular Hugging Face AI Platform Microsoft updates Excel to fix automatic conversions, after scientists reworked the alphanumeric symbols used to represent genes in 2020 to avoid Exce Cisco releases patches for two zero-day flaws that hackers exploited on 50K+ IOS XE devices; researchers note hacked hosts recently dropped from 60K t A Brief History of Phishing, and Other Forms of Social Engineering Cisco patches IOS XE zero-days used to hack over 50,000 devices - BleepingComputer Insider Risk Digest: Week 41-42 Microsoft updates Excel to fix automatic conversions, after scientists reworked the alphanumeric symbols to represent genes in 2020 to avoid Excel iss Microsoft Vulnerabilities Top CISA’s List of Ransomware-Linked CVEs Don’t use AI-based apps, Philippine defense ordered its personnel Vietnamese threat actors linked to DarkGate malware campaign CVE-2023-5702 North Korean Hackers Exploiting TeamCity Flaw to Compromise Organizations Network MI5 chief warns of Chinese cyber espionage reached an unprecedented scale Sami Callihan Says Mustafa Ali Pitched 'Hacker' Gimmick To WWE Two Years Before They Used It - Fightful U.S. Government Releases Popular Phishing Technique Used by Hackers - CybersecurityNews Security Affairs newsletter Round 442 by Pierluigi Paganini INTERNATIONAL EDITION Goal representations for instruction following Hivebrite, a SaaS community engagement platform used by Boeing, the Obama Foundation, and others, raised a $37M Series B, bringing its total funding t A threat actor is selling access to Facebook and Instagram’s Police Portal Threat actors breached Okta support system and stole customers’ data Okta says hackers used stolen credentials to view customer files - The Record from Recorded Future News US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide CVE-2023-5684 Behind the Breach: Cross-tenant Impersonation in Okta CVE-2023-45681 CVE-2023-45677 CVE-2023-45661 Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices Hardware Used for Hacking: Hak5 Toolkit - North Carolina A&T CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities CVE-2023-44693 (dar-7000_firmware) CVE-2023-21413 (axis_os) Threat Roundup for October 13 to October 20 On Detection: Tactical to Functional CVE-2023-23373 CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198 CVE-2023-5414 CVE-2023-4598 CVE-2023-4274 CVE-2023-3996 U.S. DoJ Cracks Down on North Korean IT Scammers Defrauding Global Businesses How to Check if Aggregator Host.exe Is Safe for Windows 11 Law enforcement operation seized Ragnar Locker group’s infrastructure CVE-2023-46087 (who_hit_the_page_hit_counter) CVE-2023-45643 (cpt_shortcode_generator) CVE-2023-45574 (di-7003g_firmware, di-7100g+_firmware, di-7100g_firmware, di-7200g+_firmware, di-7200g_firmware, di-7300g+_firmware, di-7400g+_firmwar Police seize Ragnar Locker leak site Cisco IOS XE Zero-Day: Network Supply Chain Vulnerabilities Underscore Lack of Threat Detection CVE-2023-45642 (snap_pixel) CVE-2023-41715 (sonicos) CVE-2023-41712 (sonicos) Law enforcement agencies, including from the US, the EU, and Japan, seize the RagnarLocker ransomware group's dark web portal as part of an " Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity QR Codes Used in 22% of Phishing Attacks An international group of law enforcement agencies, including the US, the EU, and Japan, seizes the dark web portal used by the RagnarLocker ransomwar Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies CVE-2023-44986 (abandoned_cart_lite_for_woocommerce) THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT! North Korea-linked APT groups actively exploit JetBrains TeamCity flaw US v. SBF: accounting professor Peter Easton testifies that FTX used "over a billion dollars" of customer funds to buy back Binance's F Multiple APT groups exploited WinRAR flaw CVE-2023-38831 Hackers Using Secure USB Drives to Attack Government Entities Unlock New Possibilities on the HYAS Platform October 2023 Release CVE-2023-44229 (tiny_carosel_horizontal_slider) Firmware and Frameworks: MITRE ATT&CK Californian IT company DNA Micro leaks private mobile phone data CVE-2023-3392 (read_more_&_accordion) CVE-2022-22386 (security_verify_privilege_on-premises) Research: local manufacturers won 47.25% of machinery equipment tenders by Chinese chip foundries from January to August 2023, including 62% from July CVE-2023-45905 (dreamer_cms) CVE-2023-45902 (dreamer_cms) Plastic surgeries warned by the FBI that they are being targeted by cybercriminals Russian hackers offered phony drone training to exploit WinRar vulnerability Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC Gateway devices since August Research: 47.25% of machinery tenders by Chinese chip foundries from January to August 2023 were won by local manufacturers, including 62% from July t Manitowoc native Sean Hacker serves aboard newly commissioned USS Hyman G Rickover - WeAreGreenBay.com A flaw in Synology DiskStation Manager allows admin account takeover Rapper Nelly's X Account Got Hacked, Used For Phishing Scam - Crypto Times In cross-examining Nishad Singh, SBF's defense finally picked holes in a US witness, pointing out that Singh used a $3.7M FTX loan of user funds Israel announces talks with SpaceX to set up Starlink, a first for the country, as a backup in case its other wartime communication systems are disrup D-Link confirms data breach, but downplayed the impact Researchers: soundscapes and an AI model trained on 100+ wildlife songs can be an effective and low-cost tool to track biodiversity recovery in tropic Israel is in talks with SpaceX to set up Starlink internet, a first for the country, as a backup in case its other wartime communication systems are d D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack CVE-2023-39276 CVE-2023-22093 CVE-2023-22069 The benefits of using the new Data Privacy Framework Israel says it's in talks with SpaceX on setting up Starlink internet services as a backup in case other systems are disrupted (Marissa Newman Bl SPF Macros Everything You Need to Know Summit Sabotage: Malicious Phishing Campaign Hits Female Political Leaders Using Social Engineering The Colorado Supreme Court rules that Google evidence obtained via a "keyword search warrant" may be used, one of the first tests of the con CVE-2023-5240 (devolutions_server) CVE-2023-45108 (mailrelay) CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems Mandia: China replaces Russia as top cyber threat The Colorado Supreme Court ruled evidence from Google obtained via a "keyword search warrant" may be used, one of the first tests of the con Snapchat now lets users embed the app's content into a website, matching long-used Instagram and TikTok features, and adds an OpenAI-based photo Tech CEO Sentenced to 5 Years in IP Address Scheme Fake Browser Updates Used in Malware Distribution CVE-2023-42628 Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers Snapshot fuzzing direct composition with WTF Addressing increased potential for insider threats with ChatGPT CVE-2023-45375 Ransomware realities in 2023: one employee mistake can cost a company millions US v. SBF: Nishad Singh says SBF used customer funds for spending sprees that "reeked of excess" and he learned of an $8B hole two months be New technique helps robots pack objects into a tight space CVE-2023-38720 Hacked Skype accounts are being used to spread malware - TechRadar CVE-2023-4990 (mcl-net_firmware) CVE-2023-40180 How Is Machine Learning Used in Fraud Detection? 'RomCom' Cyber Campaign Targets Women Political Leaders Fraudsters target Booking.com customers claiming hotel stay could be cancelled CVE-2023-38000 (gutenberg, wordpress) CVE-2023-44101 (harmonyos) Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability Coin Flips Are Biased CVE-2023-45641 New RomCom Backdoor Targets Female Political Leaders CVE-2023-45576 Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm DarkGate malware campaign abuses Skype and Teams How Brad Smith, who became Microsoft's top legal officer in 2002, used a legal, policy, and influence machine costing $1B+ per year to close the Easing job jitters in the digital revolution Security Affairs newsletter Round 441 by Pierluigi Paganini INTERNATIONAL EDITION How Brad Smith, who became Microsoft's top legal officer in 2002, used a legal, policy, and influence machine costing $1B+ a year to close the Ac Some AI image detectors are labeling real photographs from the Israel-Hamas war as fake, creating what an expert calls a "second level of disinfo Some AI image detecting tools are labeling real photographs from the Israel-Hamas war as fake, creating what an expert calls a "second level of d CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks The US Congress Was Targeted With Predator Spyware CVE-2023-38251 (commerce, magento) Access Key Used in Voice Messaged Phishing Campaign CVE-2023-5492 (smart_s45f_firmware) CVE-2023-36581 (windows_10, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_21h2, windows_11_22h2, windows_server_2008, Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT? Should You Use Controversial Simulated Phishing Test Emails? CVE-2023-5240 CVE-2023-45465 CVE-2023-45130 CVE-2023-39999 FBI and CISA published a new advisory on AvosLocker ransomware DarkGate Malware Spreading via Messaging Services Posing as PDF Files CD Projekt used AI to recreate the voice of Miłogost Reczek, a Polish voice actor who died in 2021, for Cyberpunk 2077's new Polish DLC, Editorial: 7 Ways AI Can be Used by Hackers to Steal Healthcare Data - HIPAA Journal More than 17,000 WordPress websites infected with the Balada Injector in September Unlocking the Future of Application Security: Evolution from ASOC to ASPM Improvements to the IP page – more flexibility and new methods to interact with data CVE-2023-38171 (.net, visual_studio_2022, windows_11_22h2, windows_server_2022) Ransomlooker, a new tool to track and analyze ransomware groups’ activities Elliptic: the FTX hackers who stole $415M to $432M in crypto in November 2022 used Russia-linked money launderers in October 2023 after moving the fun How to Banish Heroes from Your SOC? CVE-2023-43149 CVE-2023-41850 (outbound_link_manager) Top resources for Cybersecurity Awareness Month CVE-2023-25774 Beware of Bogus Roborock Retailers: The Perils of Misleading URLs in E-Commerce Vulnerability Exposed in WordPress Plugin User Submitted Posts CVE-2023-45058 The Difference Between Secure and Safe Is Bigger Than You Might Think Microsoft s October security update for multiple high-risk product vulnerabilities Harvested Credentials Are Put Up for Sale Monthly on the Dark Web at a Rate of 10,000 a Month ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers Phishing, the campaigns that are targeting Italy A new Magecart campaign hides the malicious code in 404 error page CVE-2023-44261 (block_plugin_update) A Paramedic s Top 2 Tips for Cloud Incident Response Cleanlab, which offers automated data curation tools to increase the accuracy of data used by AI, raised a $25M Series A at a $100M valuation (Alex Ko What to know about the HTTP 2 Rapid Reset DDoS attacks CVE-2023-41876 (wp_gallery_metabox) CVE-2023-41730 (sendpress) Long-awaited curl vulnerability flops Long-awaited curl vulnerability fails to live up to the hype CVE-2023-35645 JPMorgan says BlackRock used the bank's TCN blockchain to move collateral almost instantaneously, vs. over the course of a day, and plans to add CVE-2023-44860 (n3m_firmware) CVE-2023-40646 (android) CVE-2023-40639 (android) CVE-2023-34987 (fortiwlm) 10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows Resurgence of LinkedIn Smart Links Identified in Sizable Credential Phishing Campaign GNOME Libcue Flaw is a Risk to Linux Systems CVE-2023-44097 JPMorgan says BlackRock used its TCN blockchain to move collateral almost instantaneously, compared with over the course of a day, and plans to add ot [DISINFORMATION ALERT] Israel-Hamas war causes deluge of dis- and misinformation The robots of #IROS2023 Online used car marketplace Shift files for Chapter 11 bankruptcy and begins shutting down its business, after going public via a SPAC merger in Octob Online used car marketplace Shift files for Chapter 11 bankruptcy and begins the process to shut down its business, after going public via a SPAC merg Patch Tuesday, October 2023 Edition CVE-2023-44807 (dir-820l_firmware) Largest-ever DDoS leverages zero-day vulnerability Savvy Israel-linked hacking group reemerges amid Gaza fighting Utilizing Artificial Intelligence Effectively in Cybersecurity CVE-2023-41768 CVE-2023-36722 Millions of hacked Android and iOS phones are being used to run a ... - TechRadar CVE-2023-44061 (simple_and_nice_shopping_cart_script) CVE-2020-27213 A flaw in libcue library impacts GNOME Linux systems Exposed security cameras in Israel and Palestine pose significant risks How Keyloggers Have Evolved From the Cold War to Today Flagstar Bank MOVEit Breach Affects 800K Customer Records Hacktivists send fake nuclear attack warning via Israeli Red Alert app GUEST ESSAY: How tech tricks used by Amazon, Netflix aid Ukraine in repelling Russia s invasion Perfect Loader Implementations Hacktivists in Palestine and Israel after SCADA and other industrial control systems Sources: X shut down a tool for identifying coordinated disinformation campaigns in recent months, as the company moved services off Google Cloud to c Meet Hackie-AI, The New Kid on the Block. Sources: X shut down a tool used to identify coordinated disinformation campaigns in recent months, as it moved services away from Google Cloud to cut Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519 Introducing the SaaS Event Maturity Matrix (EMM) Phishers Spoof USPS, 12 Other Natl’ Postal Services Hackers used X to target Congress with spyware, Amnesty ... - Washington Times Source: Microsoft's GitHub Copilot, the $10 month service used by 1.5M+ people, loses an average of $20+ per month per user and as much as $80 fo 8 ways MSSPs gain competitive advantage with the SecOps Cloud Platform The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum Gaza-linked hackers and Pro-Russia groups are targeting Israel Stay a Step Ahead of your #1 Downtime Threat - Business Email Compromise Flagstar Bank suffered a data breach once again Android devices shipped with backdoored firmware as part of the BADBOX network CVE-2023-45355 How is Malware Detected in 2023? Uncover the Latest Techniques Security Affairs newsletter Round 440 by Pierluigi Paganini International edition North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime Finger-shaped sensor enables more dexterous robots CVE-2023-40639 QakBot threat actors are still operational after the August takedown DinodasRAT used against governmental entity in Guayana Week in security with Tony Anscombe CVE-2023-44765 (concrete_cms) THORSwap moves to "maintenance mode" after criminals linked to the FTX hack in 2022 used the decentralized exchange to convert $38M worth of THORSwap moves to a "maintenance mode" after criminals linked to the FTX hack last year used the decentralized exchange to swap $38M worth o The Role of AI in Email Security and How Real-Time Threat Intelligence Can Supercharge Your SOC Team Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike Qakbot Gang Still Active Despite FBI Takedown Little Rock FBI warns of 'Phantom Hacker' scam used to access ... - KRZK 106.3 Report: the US DHS finds that ICE, CBP, and the Secret Service illegally used phone location data; a CBP official tracked coworkers for no investigati How to Put Clock On Desktop In Windows 11 Report: a US DHS oversight body finds that ICE, CBP, and the Secret Service illegally accessed smartphone location data; CBP tracked coworkers without CVE-2023-44212 A WhatsApp zero-day exploit can cost several million dollars DNA testing service 23andMe investigating theft of user data Critical 'ShellTorch' Flaws Light Up Open Source AI Users, Like Google CVE-2023-44828 Sources: some US FTX staff found and internally reported Alameda's backdoor used to allegedly withdraw billions in client funds, months before FT The Hong Kong Stock Exchange announces Synapse to help execute post-trade processes and reduce settlement risk using smart contracts, launching on Oct Sources: FTX employees in the US found and reported the backdoor Alameda used to allegedly withdraw billions in customer funds, months before FTX&apos Political Disinformation and AI The Hong Kong Stock Exchange announces Synapse, designed to streamline post-trade processes using smart contracts, which will go live on October 9 (Sa 10 Bot Detection Tools for 2023: Features & Mitigation Methods Global CRM Provider Exposed Millions of Clients Files Online Chinese State-Sponsored Cyber Espionage Activity Targeting Semiconductor Industry in East Asia How to Pay with Cash App via Scanning QR Code | Cash App Scan to Pay Sony sent data breach notifications to about 6,800 individuals Carter s Credit Card Login, Payment, Customer Service (2023) Exclusive Report: The Rise of Credit Union Brand Impersonations Online in 2023 How to Pay with Cash App via Scanning QR Code CVE-2023-2544 (peix) NYC-based Headway, which connects patients with therapists who offer care covered by insurance, raised a $125M Series C led by Spark Capital at a $1B CVE-2023-4099 (qsige) A Guide to IAM Compliance: Set Your Organization Up for Success CVE-2023-24853 (ar8035_firmware, fastconnect_6200_firmware, fastconnect_6700_firmware, fastconnect_6800_firmware, fastconnect_6900_firmware, fastconne CVE-2022-47892 (netman_204_firmware) Available Now: Java Endpoint Analyzer from Onapsis Research Labs Two Campaigns Drop Malicious Packages into NPM Mastering SECaaS: Your Ultimate Implementation Guidance for 2023 CVE-2022-43906 Top 3 Tips Learned from Getting Fairwinds Insights into AWS Marketplace CVE-2023-4496 CVE-2023-3153 CVE-2023-5375 Sony researchers: standardized skin tone scales used by Google, Meta, and others to test their image algorithms don't capture red and yellow hues Your Cheap Android TV Streaming Box May Have a Dangerous Backdoor Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform Certificate Authorities: What They Are & Why They re Important MrBeast asks whether social media platforms are "ready to handle the rise of AI deepfakes" after a deepfake scam TikTok ad, since deleted, u CVE-2023-41736 (email_posts_to_subscribers) The FTC's lawsuit against Amazon details a company algorithm that raised product prices and held them there if rivals followed, allegedly showing NATO investigating breach, leak of internal documents FTC's suit against Amazon describes an algorithm where Amazon would raise product prices and hold them there if rivals followed, allegedly showin CVE-2023-3196 Akamai Sees Surge of Cyberattacks Aimed at Financial Services Keeping SEC-ure: Using Threat Intelligence to Stay Ahead of the New SEC Regulations Predator Spyware Linked to Madagascar's Government Ahead of Presidential Election CVE-2023-37990 Elliptic Curve Cryptography Explained Bing Chat beat a CAPTCHA used to stop hackers and spammers - Digital Trends Bing Chat just beat a CAPTCHA used to stop hackers and spammers - Digital Trends Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat AlphV CVE-2023-3440 CVE-2023-43268 CVE-2023-41687 (goods_catalog) CVE-2023-44123 (android) WS_FTP flaw CVE-2023-40044 actively exploited in the wild How to Stop Phishing Attacks with Protective DNS US v. Google: Satya Nadella says Google cemented its search dominance via default search deals with Apple and he may have been overenthusiastic about CVE-2023-5283 (engineers_online_portal) US v. Google: Satya Nadella says Google cemented search dominance via mobile default search deals with Apple and he may have been overenthusiastic abo In US v. Google testimony, Satya Nadella says Google cemented its search dominance through Apple deals, he may have been overenthusiastic about ChatGP CVE-2023-44266 Is My Boss Spying on Me, Instagram Painting Scam, Kia and Hyundai TikTok Challenge CVE-2023-44244 ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year - CSO Online North Korea-linked Lazarus targeted a Spanish aerospace company Food card hacked and used in New York City: Brunswick Hills Township Police Blotter - cleveland.com Nick Clegg says Meta used public Facebook and Instagram posts to train its new AI assistant and took steps to filter out private details from training Sources: John Giannandrea's team built a next-gen search engine, "Pegasus", for Apple's own apps, used in Spotlight and Siri, and CVE-2023-5323 Nick Clegg says Meta used public Facebook and Instagram posts to train its new AI assistant and took steps to filter private details from training dat A Compilation of Personally Identifiable Email Address Accounts from Verified.cm Forum Team Members An OSINT Analysis A Closer Look at the Snatch Data Ransom Group Michigan thief used Bluetooth to steal 800 gallons of gas by hacking into pumps - New York Post Going Live on Twitter Spaces Today! FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server CVE-2023-43708 Researchers report critical vulnerabilities in the Exim mail transfer agent allowing remote code execution; Exim is used by as many as 253K servers (D CVE-2023-5284 Anticipating File-Borne Threats: How Deep File Inspection Technology Will Shape the Future of Cyber Defense CVE-2023-42453 (synapse) Michigan thief used Bluetooth to steal 800 gallons of gas by hacking into pumps, station owner says - Fox Business Michigan thief used Bluetooth to steal 800 gallons of gas by hacking ... - Fox Business CVE-2023-3024 Protecting Your Software Supply Chain: Understanding Typosquatting and Dependency Confusion Attacks CVE-2023-43909 QR Code 101: What the Threats Look Like Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach Microsoft's AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites Threat Report: High Tech Industry targeted the most with 46% of attack traffic tagged by NLX What You Need to Know About the libwebp Exploit FBI disrupts Russian hacking tool used to steal information from foreign governments - CNN Crocs enhances customer journey and safeguards revenue growth with Kasada The Next Generation of AppSec is Upon Us (Part 1 of 2) | Impart Security Pharma Industry Seeing Reduction in Data Breach Costs, But Still Have Much to Do Anticipating File-Borne Threats: How Deep File Inspection Technology Will Shape the Future of Cyber Defense CVE-2023-43664 Google lets publishers use a robots.txt flag to opt out of the company using their data to train its AI models, while remaining accessible through Goo Lawsuit Filed Against Google, Meta, H&R Block for Sharing Taxpayer Data Mayorkas warns Latin American leaders of Beijing’s technology influence CVE-2023-41232 (ipados, iphone_os, macos) CVE-2023-39195 Email: Serve Robotics, used by Uber Eats in Los Angeles, shared video filmed by one of its food delivery robots to the LAPD as part of a criminal inve CVE-2023-40307 Dark Angels Team ransomware group hit Johnson Controls What we know about BlackCat and the MGM hack Google Patches Chrome Zero-Day Used in Spyware Attacks CVE-2023-43614 (welcart_e-commerce) Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices China-linked APT BlackTech was spotted hiding in Cisco router firmware US v. Google: Microsoft says the company has tried for years to displace Google as the iPhone's default search engine, but Apple never seriously CVE-2023-44018 (ac10u_firmware) CVE-2023-37448 (macos) CVE-2023-2315 (opencart) Millions of files with potentially sensitive information exposed online, researchers say US v. Google: Microsoft says it's been trying for years to displace Google as the iPhone's default search engine, but Apple never seriously CVE-2023-4506 CVE-2023-44156 CVE-2023-44129 CVE-2023-42460 CVE-2023-41986 CVE-2023-41305 CVE-2023-40419 HYAS Insight Shines a Light on Financial Fraud Watch out! CVE-2023-5129 in libwebp library affects millions applications ‘Snatch’ Ransom Group Exposes Visitor IP Addresses ‘Ransomed.vc’ in the Spotlight – What is Known About the Ransomware Group Targeting Sony and NTT Docomo A short guide to Multidisciplinary Research Top 5 Problems Solved by Data Lineage The WGA contract calls for streaming data transparency and guarantees on AI use, including preventing AI-generated material to be used as a source mat The federal judge overseeing US et al v. Google says documents used during the trial can be posted online at the end of each day, resolving a weeklong The federal judge overseeing US v. Google says documents used during the trial can be published online at the end of each day, resolving a weeklong di Sources: the WGA and AMPTP's deal lets studios train AI models on writers' work while writers would be compensated for work on scripts even Source: WGA and AMPTP's deal lets studios train AI models on writers' work, while writers would get compensation for work on scripts even if Canadian Flair Airlines left user data leaking for months CVE-2023-38907 (tapo, tapo_l530e_firmware) Russian hacking operations target Ukrainian law enforcement CVE-2023-43338 (mjs) CVE-2023-42456 (sudo) CVE-2023-42753 (enterprise_linux, linux_kernel) Enhancing Cybersecurity Investigations With Protective DNS ICS protocol coverage using Snort 3 service inspectors How a private company helps ICE track migrants every move BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients Threat Report: The High Tech Industry Targeted the Most with 46% of NLX-Tagged Attack Traffic Xenomorph malware is back after months of hiatus and expands the list of targets CISA Publishes Hardware Bill of Materials Framework Smishing Triad Stretches Its Tentacles into the United Arab Emirates CVE-2023-4259 CVE-2023-5002 (pgadmin) SCCM Hierarchy Takeover A phishing campaign targets Ukrainian military entities with drone manual lures CVE-2023-41293 CVE-2023-41294 Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals Pitfalls of relying on eBPF for security monitoring (and some solutions) Are You Willing to Pay the High Cost of Compromised Credentials? Your Boss s Spyware Could Train AI to Replace You From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese CVE-2015-6964 Is Gelsemium APT behind a targeted attack in Southeast Asian Government? CVE-2023-41874 Deadglyph, a very sophisticated and unknown backdoor targets the Middle East Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars Popular Thesaurus Website Used in Sneaky Cryptojacking Scheme National Student Clearinghouse data breach impacted approximately 900 US schools New stealthy and modular Deadglyph malware used in govt attacks - BleepingComputer City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack Soft robotic tool provides new ‘eyes’ in endovascular surgery New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware Apple and Chrome Zero-Days Exploited to Hack Egyptian ex-MP with Predator Spyware Stealth Falcon preying over Middle Eastern skies with Deadglyph 3 iOS 0-days, a cellular network implant, and HTTP used to infect an iPhone - Ars Technica LastPass: ‘Horse Gone Barn Bolted’ is Strong Password Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware CVE-2023-42464 (debian_linux, netatalk) CVE-2023-0829 (plesk) The US issues final rules to stop Chips Act subsidies from going to countries of concern, like China, such as limiting foreign chip fab expansions for Signal Intros Quantum-Resistant Encryption for App Dallas ransomware: Hackers used stolen credentials to access city data, report says - The Dallas Morning News Sandman APT targets telcos with LuaDream backdoor Dallas ransomware: Hackers used stolen credentials to access city ... - The Dallas Morning News The US issues final rules to stop Chips Act subsidies from going to countries like China, including limiting chips fab expansions in such countries fo Experts warn of a 600X increase in P2Pinfect traffic CVE-2023-43240 (dir-816_a2_firmware) CVE-2023-43135 (tl-er5120g_firmware) Detection Engineering and SOC Scalability Challenges (Part 2) SMIC used DUV lithography, not EUV, for its 7nm chip, which isn't a breakthrough but does show progress and reaffirms China's commitment to New Capabilities with the September Release of the HYAS Platform Bastian Lehmann's TipTop launches an app that scans for past purchases in users' Gmail and Amazon accounts and offers to buy their used prod Bastian Lehmann's TipTop launches an app that scans for past purchases in users' Gmail or Amazon accounts and offers to buy their used produ Ukrainian hackers are behind the Free Download Manager supply chain attack New threat intel effort to study ‘undermonitered’ regions Mastering Defense-In-Depth and Data Security in the Cloud Era Hikvision Intercoms Allow Snooping on Neighbors Space and defense tech maker Exail Technologies exposes database access CVE-2023-43242 Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack Hackers and scammers target classrooms with ransomware. What can you do? CVE-2023-43135 The art of security chaos engineering CVE-2023-42454 (sqlpage) Experts found critical flaws in Nagios XI network monitoring software FTC nominees urge Congress to pass federal data privacy law CVE-2023-43502 CVE-2023-43494 CVE-2023-42660 CVE-2023-5063 (widget_responsive_for_youtube) CVE-2023-43200 Fake YouTube Android Apps Used to Distribute CapraRAT Fake PoC Script Used to Trick Researchers into Downloading VenomRAT CVE-2023-3025 (dropbox_folder_share) DeepMind researchers detail Optimization by PROmpting to improve LLM performance by using "meta-prompts" like "take a deep breath" Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs A Wave of Chinese Cyberthreat Campaigns Use Old and New Malware The hacker who used his skills to play Doom on a printer - Softonic EN Battery-free origami microfliers from UW researchers offer a new bio-inspired future of flying machines How To Change Windows 11 Virtual Memory Size How to Fix Snapchat Won t Load Snaps or Stories CVE-2023-36319 CVE-2023-31009 CVE-2023-25525 CVE-2023-40934 ShroudedSnooper threat actors target telecom companies in the Middle East CVE-2023-39039 (camp_style_project_line) Trend Micro Patches Zero-Day Endpoint Vulnerability Black Hat: Stephen Chin, JFrog #mWISE: Chinese Cyber Power Bigger Than the Rest of the World Combined Exploring SEC’s Cybersecurity Rules – Material Cybersecurity Incident (Part 3) How Ai Can Be Used as A Tool to Help Monitor for Cybercrimes and Keep Kids Safe From Cyberbullying And Scams Chinese Group Exploiting Linux Backdoor to Target Governments Austin-based HiddenLayer, which focuses on hardening the security of AI models used by companies, raised a $50M Series A led by M12 and Moore Strategi CVE-2023-37281 (contiki-ng) Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities New ShroudedSnooper actor targets telecommunications firms in the Middle East with Novel Implants 12,000 Juniper SRX firewalls and EX switches vulnerable to CVE-2023-36845 Flawed Implementation of RCS Standard putting data of millions at risk A look at ShadowDragon, which offers social media surveillance tools that gather data from games and more, used by ICE, the State Department, the DEA, Earth Lusca expands its arsenal with SprySOCKS Linux malware Trend Micro: Chinese cyberespionage group Earth Lusca used a new Linux malware dubbed SprySOCKS to target government agencies in multiple countries in Security Issues in FINS protocol Woman, 20, reveals how hackers took over her Facebook account when she clicked on used car advert - before her - Daily Mail Who’s Behind the 8Base Ransomware Website? CVE-2023-42454 Microsoft AI research division accidentally exposed 38TB of sensitive data CVE-2023-4806 Dragos Raises $74M in Latest Funding Round New SprySOCKS Linux malware used in cyber espionage attacks - BleepingComputer Crooks Exploited Satellite Live Feed Delay for Betting Advantage Analyzing Four Diverse Attack Techniques Used by XeGroup Exposing the Bulgarian Cyber Army Cyber Threat Actor Hook: New Android Banking Trojan That Expands on ERMAC's Legacy Rust Implant Used in New Malware Campaign Against Azerbaijan AI writing startup Writer, used by L'Oréal, Spotify, and Uber to create digital marketing campaigns, raised $100M led by Iconiq Growth Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry Remote Access Checklist Illegal Betting Ring Used Satellite Tech to Get Scoop on Results AI in Software Development: The Good, the Bad, and the Dangerous North Korea’s Lazarus APT stole almost $240 million in crypto assets since June Clop gang stolen data from major North Carolina hospitals CardX released a data leak notification impacting their customers in Thailand Security Affairs newsletter Round 437 by Pierluigi Paganini International edition CVE-2023-4918 (keycloak) German prosecutors say Elon Musk's X has complied with hundreds of hate-crime user data requests; Twitter used to push back if requests threatene German prosecutors say Musk's X has complied with hundreds of hate-crime user data requests; Twitter used to push back if such requests threatene Iranian Peach Sandstorm group behind recent password spray attacks Virtual-reality tech is fast becoming more real CVE-2023-38507 Okta Agent Involved in MGM Resorts Breach, Attackers Claim Microsoft Flushes Out 'Ncurses' Gremlins Google Account Sync Vulnerability Used to Steal $15 Million Cybersecurity Insights with Contrast CISO David Lindner | 9 15 Okta Flaw Involved in MGM Resorts Breach, Attackers Claim Dangerous permissions detected in top Android health apps CVE-2023-3935 (codemeter_runtime, oseon, programmingtube, teczonebend, tops_unfold, topscalculation, trumpflicenseexpert, trutops, trutops_cell_classi CVE-2023-29305 (connect) 91% of Cybersecurity Professionals Have Experienced Cyber Attacks that Use AI CVE-2023-36551 (fortisiem) Caesars Entertainment paid a ransom to avoid stolen data leaks The Details of Microsoft s September 2023 Patch Tuesday Release Apple plans a software update for iPhone 12 in France to address radiation concerns, says "this is related to a specific testing protocol" u Microsoft Septemer Security Updates for Multiple High-Risk Product Vulnerabilities Zero-Click iPhone Exploit Drops Pegasus Spyware on Exiled Russian Journalist Shifting Perspectives and Regulations Relating to Consent Management CVE-2019-8884 CVE-2018-4767 CVE-2018-4765 CVE-2018-4706 CVE-2018-4705 CVE-2018-4654 CVE-2018-4603 CVE-2018-4531 CVE-2018-4519 CVE-2018-4515 CVE-2018-4492 CVE-2017-13980 CVE-2017-13976 CVE-2017-13967 CVE-2017-13957 CVE-2017-13915 CVE-2017-13896 CVE-2015-20002 CVE-2013-5146 CVE-2011-3465 CVE-2010-4017 CVE-2010-3807 Turns out even the NFL is worried about deepfakes CVE-2023-40725 (qms_automotive) CVE-2023-38074 (jt2go, teamcenter_visualization) CVE-2023-38070 (jt2go, teamcenter_visualization) DHS warns of malicious AI use against critical infrastructure MGM was likely hacked by Scattered Spider, an English-speaking group that previously used help desk calls to get passwords and planned to hack the slo Groups linked to Las Vegas cyber attacks are prolific criminal hacking gangs MGM was likely hacked by "Scattered Spider", an English-speaking group that previously used help desk phone calls to get passwords and plann Microsoft: Iranian espionage campaign targeted satellite and defense sectors BLASTPASS: Government agencies told to secure iPhones against spyware attacks HP unveils the $5,000+ Spectre Fold, an OLED foldable PC that can be used as a 17-inch tablet, a 17-inch laptop, or a 12.3-inch laptop and weighs less Linear, which sells project management tools to startups like Cohere, Runway, and Ramp, raised a $35M Series B led by Accel, sources say at a $400M v Linear, which makes project management software used by startups like Cohere and Ramp, raised a $35M Series B led by Accel, sources say at a $400M val HP unveils the Spectre Fold, a foldable PC that can be used as 17-inch tablet or laptop, or as a 12.3-inch laptop, weighing under 3lb, starting at $5, The iPhone of a Russian journalist was infected with the Pegasus spyware On day two of the Google trial, an Apple lawyer protested two numbers the DOJ used in its opening statement, including Google paying Apple $4B-$7B for Wake-Up Call as 3AM Ransomware Variant Is Discovered P2P File Sharing Policy Kubernetes flaws could lead to remote code execution on Windows endpoints Read it right! How to spot scams on Reddit High-tech microscope with ML software for detecting malaria in returning travellers CVE-2023-35666 (android) CVE-2022-34224 (acrobat, acrobat_dc, acrobat_reader, acrobat_reader_dc) CVE-2019-7819 (acrobat_dc, acrobat_reader_dc) New Paper: Securing AI: Similar or Different? AI being used for hacking and misinformation, top Canadian cyber ... - Reuters FBI Hacker Dropped Stolen Airbus Data on 9 11 Smashing Security podcast #339: Bitcoin boo-boo, deepfakes for good, and time to say goodbye to usernames? ALPHV Ransomware Used Vishing to Scam MGM Resorts Employee NSO's Pegasus Spyware Used to Hack CEO of Russia's Meduza ... - Bloomberg A new ransomware family called 3AM appears in the threat landscape Patch EVERYTHING: Widely Used WebP Code has Critical Bug Researchers: the iPhone of Meduza owner Galina Timchenko was infected with Pegasus in Germany, the first known case of the tool being used against a R Washington summit grapples with securing open source software Redfly group infiltrated an Asian national grid as long as six months How Congress can make the most of Schumer’s AI Insight Forums 6 Ways Passwords Can be Stolen and How Passwordless Can Stop Them All Microsoft Fixes Two Zero-Day Bugs Used in Attacks Mozilla fixed a critical zero-day in Firefox and Thunderbird How drones are used during earthquakes Symantec: Chinese cyberespionage group Redfly used the ShadowPad trojan to compromise a national grid in an Asian country from February 28 until Augus CVE-2023-4847 (simple_book_catalog_app) Apple's USB-C AirPods Pro will support 20-bit, 48 kHz lossless audio when used with the upcoming Vision Pro headset (Chris Welch The Verge) Adobe, Apple, Google & Microsoft Patch 0-Day Bugs CVE-2023-4900 Washington-based Treasury4, which sells data analytics software for risk management of financial and treasury processes, raised a $20M Series A led by Unity announces fees based on a game's installations and the developer's plan tier, starting on January 1, 2024, joining Unreal Engine, whic Unity announces new fees based on a game's number of installs and the developer's plan tier, starting January 1, 2024, joining Unreal Engine Former Twitter executives: Privacy and security practices deteriorated under Musk CVE-2023-38143 CVE-2023-36800 A new Repojacking attack exposed over 4,000 GitHub repositories to hack CVE-2023-40611 SAP Patch Day: September 2023 CVE-2023-41033 CVE-2023-38076 CVE-2021-40723 (acrobat, acrobat_dc, acrobat_reader, acrobat_reader_dc) Cybercriminals Selling "Golden Tickets" to Phish Microsoft 365... $500,000 in Sales in 10 Months A survey of 2,203 US adults: 53% say AI misinformation will impact who wins the 2024 election, 35% say AI will decrease their trust in election ads, a Parents of trans youth rally against controversial kids online safety bill Anonymous Sudan launched a DDoS attack against Telegram Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor CVE-2023-40623 Exclusive: AI being used for hacking and misinformation, top ... - Reuters.com Survey of 2,203 US adults: 53% say AI misinformation will impact who wins the 2024 election, and 35% say AI will decrease their trust in election ads CVE-2023-4060 CVE-2021-36021 (magento) CVE-2020-19320 CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog Apple Fixes Zero-Day Bugs Used To Plant Pegasus Spyware - Slashdot CVE-2021-44193 (after_effects) CVE-2023-4589 (secret_server) Data Breach of AP Stylebook Leads to Phishing Attacks UK and US sanctioned 11 members of the Russia-based TrickBot gang You can try to hide your firmware from Kelly Patterson, but she ll find it (and break it) CVE-2023-4583 New HijackLoader malware is rapidly growing in popularity in the cybercrime community Hackers Exploit Zero-Day Flaw in Software Used by Resorts and Hotels - GBHackers Some of TOP universities wouldn t pass cybersecurity exam: left websites vulnerable Evil Telegram campaign: Trojanized Telegram apps found on Google Play The FBI s Qakbot Takedown, QR Code Phishing Attacks, Dox Anyone in America for $15 Akamai prevented the largest DDoS attack on a US financial company Security Affairs newsletter Round 436 by Pierluigi Paganini International edition CVE-2023-4865 Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks Fiber-infused ink enables 3D-printed heart muscle to beat CVE-2023-4487 (cimplicity) CVE-2023-30712 (android) CVE-2023-4844 CVE-2023-40306 CVE-2023-33015 (315_5g_firmware, aqt1000_firmware, ar8035_firmware, ar9380_firmware, csr8811_firmware, csrb31024_firmware, fastconnect_6200_firmware, CVE-2023-30995 North Korea-linked threat actors target cybersecurity experts with a zero-day CVE-2023-4034 (smartrise_document_management_system) CVE-2023-21662 (aqt1000_firmware, ar8035_firmware, fsm10056_firmware, ipq5010_firmware, ipq5018_firmware, ipq5028_firmware, ipq9008_firmware, ipq9574_ Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks CVE-2023-40015 (vyper) Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns CVE-2023-41775 Zero-days fixed by Apple were used to deliver NSO Group s Pegasus spyware CVE-2023-38456 (android) CVE-2023-38448 (android) The US Commerce Department begins an official probe to "obtain more information" on a "purported" 7nm chip made by SMIC in China u CVE-2023-40584 Apple releases macOS, iOS, iPadOS, and watchOS updates to address two zero-day flaws that Citizen Lab says were used to deliver NSO Group's Pegas Apple releases OS updates to address two zero-day vulnerabilities that Citizen Lab says were used to deliver NSO Group's Pegasus spyware (Joe War Russian businessman convicted in insider trading scheme that used ... - The Durango Herald Ex-FTX Digital Markets co-CEO Ryan Salame pleads guilty to federal campaign finance and money transmitting crimes and will forfeit $1.5B+ as part of t CVE-2023-41061 CVE-2023-20832 (android, openwrt, rdk-b, yocto) Former FTX Digital Markets co-CEO Ryan Salame pleads guilty to criminal charges, less than a month before the trial of Sam Bankman-Fried is set to beg From Direct to Distant: The Challenge of Third and Fourth-Party Digital Risk Management A secondhand account of the worst possible timing for a scammer to strike US, UK take action against members of the Russian-linked Trickbot hacker syndicate Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities Google plans to update Chrome in the coming weeks to incorporate the company's Material You design language, including refreshed icons and new co Multiple nation-state hackers infiltrate single aviation organization A malvertising campaign is delivering a new version of the macOS Atomic Stealer Microsoft commits to defending customers of its AI Copilots from copyright infringement lawsuits, as long as they've "used the guardrails an Thousands of dollars stolen from Texas ATMs using Raspberry Pi Exclusive: AI being used for hacking and misinformation, top ... - Reuters Google plans to update Chrome to incorporate its Material You design language in the coming weeks, including refreshed icons and new color palettes (J China turns to AI in hopes of creating viral online propaganda, Microsoft researchers say Cybercriminals target graphic designers with GPU miners Facebook Trains Its AI on Your Data. Opting Out May Be Futile Chinese Hacker Steals Microsoft Signing Key, Spies on US Government Ghostwriter, the anonymous creator who used AI to mimic Drake and The Weeknd, has met with record labels, Grammy organizers, and more, and releases a Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake CVE-2023-4754 (gpac) CVE-2023-32102 (library_viewer) Demystifying Smishing vs Phishing Attacks for a Safer Online Experience CVE-2023-41601 CVE-2023-41053 Microsoft says Chinese hackers who in June breached US government email accounts stole an MSA key from a crash dump after hacking a Microsoft engineer CVE-2023-41330 CVE-2020-10132 Mystery solved? Microsoft thinks it knows how Chinese hackers stole its signing key W3LL Targets Microsoft 365 Accounts with Sophisticated Phishing Kit UK lawmakers back down on encryption-busting ‘spy clause’ Authenticating like the transportation security administration AtlasVPN Linux Zero-Day Disconnects Users, Reveals IP Addresses Microsoft says Chinese hackers who recently breached US government email accounts stole a key from a crash dump after hacking a Microsoft engineer&apo Why DNS Security Can Be Your Most Problematic Blind Spot Russia's 'Fancy Bear' APT Targets Ukrainian Energy Facility CVE-2023-41943 GUEST ESSAY: Securing your cryptocurrency best practices for Bitcoin wallet security Interview with Jean Pierre Sleiman, author of the paper “Versatile multicontact planning and control for legged loco-manipulation” MITRE and CISA release Caldera for OT attack emulation Back to Basics: The Key Elements of a Strong Security Program CVE-2023-32432 CVE-2023-30720 CVE-2023-30717 CVE-2023-28195 Paytm, whose "soundbox" is used by 7M+ merchants, launches a $12 model that can accept tap and pay card payments, as rival Pine Labs unveils Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach CVE-2023-30534 Amazon will now charge $1.99 per delivery for in-garage deliveries that used to be free if the date is outside a customer's designated weekly &qu CVE-2023-41635 (realgimm) Shadow Wizard Registry Gang: Structured Registry Querying CVE-2023-34317 AGs in all 50 US states urge Congress to study how AI can be used to exploit kids, including via AI-made pornography, and pass legislation to guard ag Hackers stole $41M worth of crypto assets from crypto gambling firm Stake Bilyana Lilly on Western cybersecurity assistance to Ukraine Grip Security Blog 2023-09-05 07:31:50 New BLISTER Malware Update Fuelling Stealthy Network Infiltration As LotL Attacks Evolve, So Must Defenses Researchers Warn of Cyber Weapons Used by Lazarus Group's Andariel Cluster CVE-2023-41908 Securing Linux Policy Fix: Failed to Find Roblox Process on KRNL Injector 2023 A massive DDoS attack took down the site of the German financial agency BaFin Senator Marsha Blackburn, the Kids Online Safety Act's lead sponsor, says the US legislation would be used to "protect minor children" “Smishing Triad” Targeted USPS and US Citizens for Data Theft Publicly available Evil_MinIO exploit used in attacks on MinIO Storage Systems New Attack Technique MalDoc in PDF Alarms Experts CVE-2023-39162 Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising CVE-2023-38466 CVE-2023-38443 CVE-2023-38437 CVE-2023-4751 PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks Avoid The Hack: 7 Best Private Search Engine Recommendations CVE-2023-38387 Security Affairs newsletter Round 435 by Pierluigi Paganini International edition Social engineering attacks target Okta customers to achieve a highly privileged role Russian Hackers Used Microsoft Teams to Target Govt Agencies - Petri.com CVE-2023-4709 CVE-2022-3407 CVE-2023-39710 CVE-2023-33320 (wp-hijri) Why is .US Being Used to Phish So Many of Us? UNRAVELING EternalBlue: inside the WannaCry s enabler CVE-2023-34172 (wordpress_social_login) Researchers released a free decryptor for the Key Group ransomware From frustration to clarity: Embracing Progressive Disclosure in security design North Korea-linked APT Labyrinth Chollima behind PyPI supply chain attacks Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military 'Infamous Chisel' used by GRU-backed Sandworm to hack Ukraine - Tech Monitor MIT engineers use kirigami to make ultrastrong, lightweight structures Classiscam Scam-as-a-Service Raked $64.5 Million During the COVID-19 Pandemic How to Delete WhatsApp Messages Permanently in 2023 (4 Ways) CVE-2023-4481 CVE-2023-39558 (audimexee) Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware Insurance Costs Rise, Coverage Shrinks, But Policies Remain Essential CVE-2023-32801 (composite_products) New open-source infostealer, and reflections on 2023 so far ‘Five Eyes’ nations release technical details of Sandworm malware ‘Infamous Chisel’ Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication From Simple Beginnings, Classiscam Fraud Campaigns Go Global SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations Infamous Chisel Malware Analysis Report SapphireStealer: Open-source information stealer enables credential and data theft Paramount Global disclosed a data breach GRU Blamed for Infamous Chisel Malware Targeting Ukraine's Military Phones SSL Deprecation: Understanding the Evolution of Security Protocols Lessons from the rapid grocery delivery boom: $10B+ of VC money, used for ads and promos, created the market from nothing, app downloads have cratered CVE-2023-4315 CVE-2023-3636 National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization X updates its privacy policy to include new biometric data, which the company plans to collect for safety and security, along with data on jobs and ed Meta lets users submit requests to access, alter, or delete some of their third-party information that the company uses for generative AI training (Jo Abusing Windows Container Isolation Framework to avoid detection by security products Hashcat Tips and Tricks for Hacking Competitions: A CMIYC Writeup Part 3 Meta lets users submit requests to access, alter, or delete some of their third-party information that Meta uses for generative AI training (Jonathan X updates its privacy policy to include biometric information as data it plans to collect for safety and security, along with data on users' jobs CVE-2023-39139 Chinese Group Spreads Android Spyware Via Trojan Signal, Telegram Apps Chinese GREF APT distributes spyware via trojanized Signal and Telegram apps on Google Play and Samsung Galaxy stores Qakbot Botnet Disrupted, Infected 700,000 Computers Globally CVE-2023-3992 CVE-2023-4013 An Introduction to Deep File Inspection CVE-2023-41561 CVE-2023-41556 CVE-2023-41552 CVE-2023-25019 Qakbot: How the FBI, NCA and other European officials broke notorious cybercrime hacking network - Sky News Huawei quietly launches the $960 Mate 60 Pro, giving no advance notice and releasing no ads; some investors speculate that Huawei used its own 5G chi FBI: Operation ‘Duck Hunt’ dismantled the Qakbot botnet CVE-2023-40706 (snap_pac_s1_firmware) CVE-2020-18912 FBI, European agencies announce major takedown of hacker network that used Qakbot software - KABC-TV FBI Dismantles Global Malware Network Qakbot Used For Ransomware Attacks - Forbes UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw FBI announces it has dismantled global network of hacked computers used in major fraud scheme - Yahoo! Voices CVE-2023-40892 (ac8v4_firmware) Microsoft joins a growing chorus of organizations criticizing a UN cybercrime treaty FBI takes down notorious 'Qakbot' hacking network that used 700K infected computers worldwide to steal hundreds of ... - Daily Mail U.S. Hacks QakBot, Quietly Removes Botnet Infections FBI takes down notorious 'Qakbot' hacking network that used 700K infected computers worldwide to steal hundred - Daily Mail Somalia Orders ISPs to Block Telegram and TikTok CVE-2023-40751 (fundraising_script) The FBI led an effort to dismantle the Qakbot botnet, which ransomware gangs used as an infection vector for years, on August 25 after infiltrating it FBI, DOJ disrupt massive Qakbot botnet connected to millions of dollars in ransomware losses FBI, DOJ disrupt massive botnet connected to millions of dollars in ransomware losses Avoid The Hack: 11 Best Privacy Friendly Operating Systems (Desktops) FBI announces it has dismantled global network of hacked computers used in major fraud scheme - CNN LockBit 3.0 Ransomware Variants Surge Post Builder Leak Meta: Pro-Chinese influence operation was the largest in history Apollo.io, which offers sales and marketing tools used by 500K+ firms, raised $100M led by Bain at a $1.6B valuation, up from $900M after raising $11 FIN8-linked actor targets Citrix NetScaler systems Four in Five Cyber-Attacks Powered by Just Three Malware Loaders Japan’s JPCERT warns of new ‘MalDoc in PDF’ attack technique CVE-2023-4569 CVE-2023-34725 Grip Security Blog 2023-08-28 17:36:24 OpenAI Debuts ChatGPT Enterprise, touting better privacy for business Presidential council recommends launching a Department of Water to confront cyberthreats, climate change CVE-2023-39062 Black Hat USA 2023 NOC: Network Assurance Protect Active Directory Better Tor Adopts a Proof-of-Work Defense to Protect Against DDoS Attacks CVE-2023-40766 CVE-2023-40762 Beware of fake fried chicken businesses on Facebook: Victims phones hacked, thousands lost in scam, forged Halal certificates used - Yahoo Updated Kmsdx botnet targets IoT devices Massive MOVEit campaign already impacted at least 1,000 organizations and 60 million individuals Leaked LockBit 3.0 ransomware builder used by multiple actors - Security Affairs Hackers breached WebDetetive, an Android spyware app used mainly in Brazil, and deleted victims' stolen data; Poland-based LetMeSpy was similarly CVE-2023-4558 Poland’s authorities investigate a hacking attack on country’s railways Leaked LockBit 3.0 ransomware builder used by multiple threat actors AI helps robots manipulate objects with their whole bodies Stephen King reflects on his books being used for AI training, arguing the sum is lesser than its parts, so far, as creativity can't happen witho Hackers breached WebDetetive, an Android spyware app used mainly in Brazil, and deleted data on its victims; Poland-based LetMeSpy was similarly hacke EXCLUSIVE: I used to be a cyber criminal making $500000 a year ... - Daily Mail Rajshree More reacts to Rakhi Sawant's Instagram hacking allegations, says 'She had used the same tactic - Times of India Deepfakes Are Being Used to Circumvent Facial Recognition Systems EXCLUSIVE: I used to be a cyber criminal making $500,000 a year: Here's what you need to know to protect yours - Daily Mail Orbit Sprinkler Timer Manual PDF: Ultimate Guide to Installation & Features CVE-2022-41444 (cacti) Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses CVE-2020-21723 (ogg_video_tools) Adversary On The Defense: ANTIBOT.PW 'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds Demonstrating Transparency through Software Bill of Materials (SBOM) A More Resilient Future with Automated Ransomware Recovery Demystifying Duo APIs: Advanced Security with Duo Integrations ThousandEyes Pi4 Wireless Deployment at Black Hat USA EPSS and Its Role in Cisco Vulnerability Management Risk Scoring Whiffy Recon malware triangulates the position of infected systems via Wi-Fi The Travel Bug: NetSec Edition FBI: Patches for Barracuda ESG Zero-Day CVE-2023-2868 are ineffective CVE-2020-19188 (ncurses) Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035 CVE-2023-4451 (cockpit) Microsoft says Chinese hacking crew is targeting Taiwan IT leaders report concern over generative AI in SaaS applications GTA 6 hacker used an Amazon Fire Stick in a hotel while out on bail ... - Dot Esports Years into these games histories, attackers are still creating Fortnite and Roblox -related scams Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider Ransomware hackers dwell time drops to 5 days, RDP still widely used - BleepingComputer CoinsPaid claims North Korean hacking group used fake job ... - Cointelegraph CVE-2023-2318 (marktext) North Korea's Lazarus APT Uses GUI Framework to Build Stealthy RAT NIST Publishes Draft Post-Quantum Cryptography Standards Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT Insider IP Theft: Knicks sue Toronto Raptors for a Flagrant Foul North Korea's Lazarus Group Used GUI Framework to Build Stealthy RAT eSentire Labs Open Sources Project to Monitor LLMs New "Whiffy Recon" Malware Triangulates Infected Device Location via Wi-Fi Every Minute CVE-2023-38288 Malware-as-a-Service: Redline Stealer Variants Demonstrate a Low-Barrier-to-Entry Threat DoJ charged Tornado Cash founders with laundering more than $1 billion CVE-2023-4409 (nbs&happysoftwechat) Data Breaches Involving Social Engineering Attacks Take Longer to Identify and Contain CVE-2023-4443 (free_hospital_management_system_for_small_practices) CVE-2023-4441 (free_hospital_management_system_for_small_practices) CVE-2023-37379 US charges founders of Tornado Cash mixer used by Lazarus hackers - BleepingComputer Social Engineering Is the Number One Cybersecurity Problem by Far CVE-2023-32496 CVE-2023-32499 WinRAR Vulnerability Affects Traders Worldwide Scarabs colon-izing vulnerable servers State of Trust Insights: The 2023 Security SaaS Leaderboard HP Report Details Tactics Used to Evade Detection Tools 5 Early Warning Indicators That Are Key to Protecting National Secrets Phishing Campaigns Targeting Microsoft Login Credentials Jump an Unprecedented 6100% Phishing Tops the List as the Most Costly Initial Attack Vector in Data Breaches Thousands of High-Risk Incidents Neutralized Using AI Bruce Schneier gets inside the hacker’s mind Agniane Stealer: Dark Web s Crypto Threat Barracuda Networks Report Details Benefits of Cybersecurity AI Terra Developers Shut Down Website Amid A Phishing Campaign Electronic Communication Policy Carderbee APT targets Hong Kong orgs via supply chain attacks Binance.US partners with MoonPay to let users use debit or credit cards and Apple Pay or Google Pay to buy Tether, which can then be used to buy other How to See Old Notifications on iPhone 2023: Quick and Easy Steps Fix Roblox Keeps Crashing Issues: Why Does Roblox Crashing When i Start? How to Delete Zola Account 2023: Follow These Simple Steps CVE-2023-4430 CVE-2023-40144 Binance.US teams up with MoonPay to let users use their debit or credit cards, Apple Pay or Google Pay to buy Tether, which can then be used to buy ot CVE-2023-32108 (albo_pretorio_online) CVE-2023-37434 CVE-2023-37432 CVE-2023-37427 CVE-2022-36648 CVE-2022-28071 CVE-2021-32292 CVE-2020-22524 CVE-2020-21426 CVE-2020-19188 CVE-2020-18378 Defense contractor Belcan leaks admin password with a list of flaws Ivanti warns of a Sentry API authentication bypass flaw being exploited in the wild, after hackers used another Ivanti zero-day to breach Norway' US tech firms offer data protections for Europeans to comply with EU big tech rules Chinese APT Targets Hong Kong in Supply Chain Attack New APT Group Launches Supply Chain Campaign Previously unknown hacking group targets Hong Kong organizations in supply chain cyberattack Ivanti fixed a new critical Sentry API authentication bypass flaw Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate CVE-2023-4303 Customer data used for unwanted romantic contact, UK poll shows CVE-2023-25915 Taking Back Control: California’s SB 362 and the Fight Against Reckless Data Brokerage BlackCat ransomware group claims the hack of Seiko network CVE-2023-3954 New HiatusRAT campaign targets Taiwan and U.S. military procurement system A Basic Guide to Router and Wireless Security for Regular People CVE-2023-40735 How Science, Nature, and other peer-reviewed journals are grappling with outlines, drafts, or papers that authors used generative AI to write without TLS 1.2 Handshake vs TLS 1.3 Handshake Spoofing an Apple device and tricking users into sharing sensitive data Cabinet Division Warns Officials Against Fake SMS Calls Used By Hackers to Steal Data - ProPakistani People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection N. Korean Kimsuky APT targets S. Korea-US military exercises Vulnerability Summary for the Week of July 10, 2023 Vulnerability Summary for the Week of July 31, 2023 CVE-2023-4432 CVE-2023-4434 CVE-2023-4394 CVE-2023-4352 CVE-2023-4350 CVE-2023-4335 CVE-2023-4330 CVE-2023-4328 CVE-2023-40348 (gogs) CVE-2023-40337 CVE-2023-4030 CVE-2023-4028 CVE-2023-40168 CVE-2023-39971 CVE-2023-39944 CVE-2023-39668 CVE-2023-39507 CVE-2023-39125 CVE-2023-36106 CVE-2023-34217 CVE-2023-32106 CVE-2023-28783 CVE-2023-2915 CVE-2023-20201 The US Army will soon be able to see itself in cyberspace on the battlefield Cyberwarriors will soon have access to more training tools NSA s cybersecurity directorate looks to scale up this year DoD needs to improve how it tests cyber weapons architecture, weapons tester says In Before The Lock: ESXi Attack Surface Intelligence February 2023 Product Update: ServiceNow and Slack Integrations, Quick Reaction Team Alerts, and More! 2022 Annual Report IRS Cyberattack Highlights Risk of Tax Refund Fraud On Ukraine, China Prioritizes Its International Ambitions When Access Goes Wrong: The Dangers of Exposed Login Panels Russian Sanctions Evasion Puts Merchants and Banks at Risk With KEYPLUG, China s RedGolf Spies On, Steals From Wide Field of Targets What is Threat Intelligence? The Cloud Has Complicated Attack Surface Management Xiaoqiying Genesis Day Threat Actor Group Targets South Korea, Taiwan Top 7 Attack Surface Metrics You Should Keep Track Of Introducing Recorded Future AI: AI-driven intelligence to elevate your security defenses New Capabilities To Enhance Visibility, Increase Automation, and Reduce Threat Exposure From Speed to Consistency: The Power of Automation for Your SOC OilAlpha: A Likely Pro-Houthi Group Targeting Entities Across the Arabian Peninsula Attack Surface Intelligence: A Vital Piece of the Critical Infrastructure Protection Puzzle North Korea-Aligned TAG-71 Spoofs Financial Institutions in Asia and US Fortinet CVE-2023-27997: Impact and Mitigation Techniques North Korea s Cyber Strategy BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities Threat Intelligence to Elevate Your Security Defenses Recorded Future Threat Intelligence Delivers Measurable Outcomes for Security Teams BlueBravo Adapts to Target Diplomatic Entities with GraphicalProton Malware Threat Actors Leverage Internet Services to Enhance Data Theft and Weaken Security Defenses BlueCharlie, Previously Tracked as TAG-53, Continues to Deploy New Infrastructure in 2023 Recruiter Tips: Insights on the Hiring Process at Recorded Future H1 2023: Ransomware's Pivot to Linux and Vulnerable Drivers Tuning up my WordPress Install Kanye’s Password Airplay Annoyance Secure File Deletion CloudFlare Gateway DNS Filtering log4jmemes.com Safe Computing In An Unsafe World: Die Zeit Interview Talking with Stewart Baker A Skeleton Key of Unknown Strength Hacking the Universe with Quantum Encraption Yahoo! Yippee? What to Do? Encryption Flaws in Popular Chinese Language App Put Users' Typed Data at Risk New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks Lolek Bulletproof Hosting Servers Seized, 5 Key Operators Arrested Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools Polish Credentials - 1,204,870 breached accounts Resilient bug-sized robots keep flying even after wing damage Robotic system offers hidden window into collective bee behavior Education and healthcare are set for a high-tech boost A four-legged robotic system for playing soccer on various terrains Robot assistants in the operating room promise safer surgery Interactive fleet learning Drones navigate unseen environments with liquid neural networks We need to discuss what jobs robots should do, before the decision is made for us Miniscule device could help preserve the battery life of tiny sensors Robot fish makes splash with motion breakthrough Jellyfish-like robots could one day clean up the world s oceans Adama Sesay on solving problems with sensors and microsystems Making drones suitable for cities Building a Tablebot [UPDATE] A list of resources, articles, and opinion pieces relating to large language models & robotics Helping robots handle fluids Sponge makes robotic device a soft touch A step toward safe and reliable autopilots for flying Robot Talk Episode 54 – Robotics and science fiction Machine-learning method used for self-driving cars could improve lives of type-1 diabetes patients Flowstate: Intrinsic s app to simplify the creation of robotics applications Titan submersible disaster underscores dangers of deep-sea exploration an engineer explains why most ocean science is conducted with crewless submar Robo-Insight #1 Magnetic robots walk, crawl, and swim #RoboCup2023 in tweets – part 2 Heat-resistant drone could scope out and map burning buildings and wildfires Robo-Insight #2 Pangolin the inspiration for medical robot An updated guide to Docker and ROS 2 Oceans to get better protection with connected underwater technology Can charismatic robots help teams be more creative? Black Hat 2023: Understanding Mobile Exploitation Beyond the App WordPress Security Checklist How to Augment or Replace Your SIEM with the CrowdStrike Falcon Platform July 2023 Patch Tuesday: Six Actively Exploited Zero-Days and Nine Critical Vulnerabilities Identified Adversaries Can Log In with Microsoft through the nOAuth Azure Active Directory Vulnerability CrowdStrike Scores 100% in SE Labs Q2 2023 Enterprise Advanced Security Detection Test, Wins AAA Award The slow Tick-ing time bomb: Tick APT group compromise of a DLP software developer in East Asia Linux malware strengthens links between Lazarus and the 3CX supply-chain attack Creating strong, yet user-friendly passwords: Tips for your business password policy APTs target MSP access to customer networks Week in security with Tony Anscombe Shedding light on AceCryptor and its operation The British Army is investigating after its Twitter and YouTube accounts were hijacked Northern Ireland police data breach is second in weeks, force reveals Hacked UK voter data could be used to target disinformation, warn experts Data leaks have given Irish republican groups upper hand against police, analysts warn AI could have bigger impact on UK than Industrial Revolution, says Dowden Norfolk and Suffolk police admit breach involving personal data of 1,230 people Bronze Starlight targets the Southeast Asian gambling sector APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries Massive phishing campaign targets users of the Zimbra Collaboration email server Security Affairs newsletter Round 433 by Pierluigi Paganini International edition Over 3,000 Android Malware spotted using unsupported unknown compression methods to avoid detection Smuggler - An HTTP Request Smuggling Desync Testing Tool Phishing Spree Targets Zimbra Collaboration Account Holders Critical Flaws in PowerShell Gallery Enable Malicious Exploits Flaw in Ninja Forms WordPress plugin allows hackers to steal submitted data How to hack casino card-shuffling machines Crimeware server used by NetWalker ransomware seized and shut down LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack Who and What is Behind the Malware Proxy Service SocksEscort? Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’ Teach a Man to Phish and He’s Set for Life How Malicious Android Apps Slip Into Disguise Windows file archiver utility maker WinRAR fixes a vulnerability that could let an attacker remotely execute arbitrary code, after a researcher flagge Analysis: Books3, a dataset used to train Meta's Llama, BloombergGPT, and EleutherAI's GPT-J, contains 170K+ books from Stephen King and oth Pegasus Spyware Explained: Biggest Questions Answered U.S. State Department and Diplomat’s iPhones were Reportedly Hacked by Pegasus Spyware Hackers Exploiting Log4j Vulnerability to Infect Computers with Khonsari Ransomware This New Apple Safari Browser Bug Allows Cross-Site User Tracking Ukrainian Government is Officially Accusing Russia of Recent Cyberattacks Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers Details Google FrodoPIR: New Privacy-Focused Database Querying System Explained Researchers Observe A Hacker Spend 100 Hours Compromising Honeypot Computers EvilProxy Targets 120,000 Phishing Emails To Access Microsoft 365 Accounts Info-Stealing Malware Exposes More Than 100,000 Hacking Forums Apple Sacks it’s Server Supplier After Finding Infected Firmware in Siri Servers iPhone Robbers Try Unique Phishing Scam to Unlock Physical Device Web Tracking Gets Extremely Aggressive with New Hardware Level Fingerprinting Wikileaks Vault 7 Reveals a Detailed CIA Hacking Arsenal Vault 7: Marble Framework Reveals How the CIA Evaded Forensics & Attributed Malware to Other Countries List of Secure Dark Web Email Providers in 2023 Baldur’s Gate 3 Low FPS? Here’s 7 Ways to Fix and Improve it Ransomware's Paradox: Why Falling Monetization Rates Are Accompanied by Soaring Ransom Payments - A Must-Read Analysis. Social Media Platforms Become Half of all Phishing Attack Targets 8 Online Best Dark Web Search Engines for Tor Browser (2022) SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS) Security Alert: Microsoft Releases July 2023 Security Updates What might authentication attacks look like in a phishing-resistant future? Every company has its own version of ChatGPT now The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical Code leaks are causing an influx of new ransomware actors New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware Half-Year in Review: Recapping the top threats and security trends so far in 2023 What is commercial spyware? What Cisco Talos knows about the Rhysida ransomware Out-of-bounds write vulnerabilities in popular chemistry software; Foxit PDF Reader issues could lead to remote code execution The rise of AI-powered criminals: Identifying threats and opportunities You ve Got Malware: The Rise of Threat Actors Using Microsoft OneNote for Malicious Campaigns Credential Caution: Exploring the New Public Cloud File-Borne Phishing Attack Shifting Left in Cyber Security - Part 1 Shifting Left in Cybersecurity: Balancing Detection and Prevention - Part 2 Mystic Stealer: The New Kid on the Block Top Malware Delivery Tactics to Watch Out for in 2023 Using JupyterLab to Manage Password Cracking Sessions (A CMIYC 2023 Writeup) Part 1 White House hosts roundtable on harmful data broker practices Data centers at risk due to flaws in power management software White House is fast-tracking executive order on artificial intelligence Hackers are increasingly hiding within services such as Slack and Trello to deploy malware Online influence operators continue fine-tuning use of AI to deceive their targets, researchers say Senators urge FTC probe of alleged children’s privacy violations by Google Fifty minutes to hack ChatGPT: Inside the DEF CON competition to break AI