Skip to main content

Welcome

News, Announcements, Tech Discussions

44700 Topics
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
SEC charges tech companies for downplaying SolarWinds breaches

October 22, 2024 By Lawrence Abrams The SEC has charged four companies—Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast—for allegedly misleading investors about the impact of their breaches during the massive 2020 SolarWinds Orion hack."The Securities and Exchange Commission today charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – with making materially misleading disclosures regarding cybersecurity risks and intrusions," announces the SEC in a Tuesday press release."The SEC also charged Unisys with disclosure controls and procedures violations."These companies agreed to pay civil penalties to settle the SEC's charges. Unisys will pay $4 million, Avaya will pay $1 million, Check Point will pay a $995,000 civil penalty, and Mimecast will pay a $990,000 penalty. >>Full Article<<

30
Jasper_The_Rasper
Moderator
8 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Alert CISA Adds One Known Exploited Vulnerability to Catalog Release Date October 22, 2024

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.CVE-2024-38094Microsoft SharePoint Deserialization VulnerabilityThese types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remedi

40
TripleHelix
Moderator
8 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Alert CISA Releases One Industrial Control Systems Advisory Release Date October 22, 2024

CISA released one Industrial Control Systems (ICS) advisory on October 22, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.ICSA-24-296-01 ICONICS and Mitsubishi Electric ProductsCISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.This product is provided subject to this Notification and this Privacy & Use policy.Vendor ICONICS, Mitsubishi Electrichttps://www.cisa.gov/news-events/alerts/2024/10/22/cisa-releases-one-industrial-control-systems-advisory

40
TripleHelix
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira

Atlassian has released patches for high-severity vulnerabilities in Bitbucket, Confluence, and Jira Service Management. October 21, 2024 By Ionut Arghire Atlassian has announced security updates that resolve six high-severity vulnerabilities in Bitbucket, Confluence, and Jira Service Management products.The Bitbucket Data Center and Server updates resolve CVE-2024-21147, a high-severity flaw in the Java Runtime Environment (JRE) that could lead to unauthorized access to and tampering with critical data.Oracle released patches for this bug as part of its July 2024 CPU and Atlassian included the patches in Bitbucket Data Center and Server versions 9.2.1, 8.19.10, and 8.9.20.The Confluence Data Center and Server updates resolve four high-severity issues, including two in the Moment.js JavaScript date library that were publicly disclosed in 2022.The two security defects, tracked as CVE-2022-24785 and CVE-2022-31129, are described as path traversal and ReDoS (Regular Expression Denial of Se

30
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign

October 21, 2024 By Pierluigi Paganini Hackers exploited a now-patched Roundcube flaw in a phishing attack to steal user credentials from the open-source webmail software.Researchers from Positive Technologies warn that unknown threat actors have attempted to exploit a now-patched vulnerability, tracked as CVE-2024-37383 (CVSS score: 6.1), in the open-source Roundcube webmail software.The attackers have exploited the flaw as part of a phishing campaign aimed at stealing the credentials of Roundcube users.In September 2024, Positive Technologies discovered an email sent to a governmental organization in a CIS country. The analysis of the timestamps indicates that the email was sent in June 2024. The content of the email was empty, and the message only included an attached document that was not visible in the email client. >>Full Article<<

30
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Severe flaws in E2EE cloud storage platforms used by millions

October 20, 2024 By Bill Toulas Several end-to-end encrypted (E2EE) cloud storage platforms are vulnerable to a set of security issues that could expose user data to malicious actors.Cryptographic analysis from ETH Zurich researchers Jonas Hofmann and Kien Tuong Turong revealed issue with Sync, pCloud, Icedrive, Seafile, and Tresorit services, collectively used by more than 22 million people.The analysis was based on the threat model of an attacker controlling a malicious server that can read, modify, and inject data at will, which is realistic for nation-state actors and sophisticated hackers.The team comments that many of the discovered flaws directly oppose the marketing promises of the platforms, which create a deceptive and false premise for customers. >>Full Article<<

20
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Bumblebee malware returns after recent law enforcement disruption

October 21, 2024 By Bill Toulas The Bumblebee malware loader has been spotted in new attacks recently, more than four months after Europol disrupted it during 'Operation Endgame' in May.Believed to be the creation of TrickBot developers, the malware emerged in 2022 as a replacement for the BazarLoader backdoor to provide ransomware threat actors access to victim networks.Bumblebee typically achieves infection via phishing, malvertising, and SEO poisoning that promoted various software (e.g. Zooom, Cisco AnyConnect, ChatGPT, and Citrix Workspace).Among the payloads typically delivered by Bumblebee are Cobalt Strike beacons, information-stealing malware, and various ransomware strains.In May, an international law enforcement operation codenamed 'Operation Endgame' seized over a hundred servers supporting the multiple malware loader operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC. >>Full Article<<

20
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Anti-Bot Services Help Cybercrooks Bypass Google 'Red Page'

The emergence of novel anti-detection kits for sale on the Dark Web limit the effectiveness of a Chrome browser feature that warns users that they have reached a phishing page.   October 21, 2024 By Elizabeth Montalbano Cybercriminals have found a new way to get around what has been an effective deterrent to phishing attacks, with novel anti-bot services sold on the Dark Web that allow them to bypass the protective "Red Page" warning in Google Chrome that alerts users to potential fraud.The anti-bot services aim to prevent security crawlers from identifying phishing pages and blocklisting them by filtering out cybersecurity bots and disguising phishing pages from Google scanners, according to new research published today by SlashNext.They do this by rendering ineffective the Red Page, a feature of Google Safe Browsing — which itself is a feature of Chromium-based browsers and other Google services — that aims to protect users from harmful websites by warning them of potential dangers,

50
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Internet Archive Hacked Again During Service Restoration Efforts

The Internet Archive has suffered an email hack while working to restore services impacted by the recent cyberattacks. October 21, 2024 By Eduard Kovacs In a blog post published on Friday, Internet Archive founder Brewster Kahle said Wayback Machine, Archive-It, scanning, and national library crawls have been restored, along with email, helpdesk, blog and social media communications. He announced that other services should be back online within days.“The stored data of the Internet Archive is safe and we are working on resuming services safely. This new reality requires heightened attention to cyber security and we are responding,” Kahle said.He added, “We’re taking a cautious, deliberate approach to rebuild and strengthen our defenses. Our priority is ensuring the Internet Archive comes online stronger and more secure.”However, it turns out that there is still more work to be done in terms of security. Over the weekend, many users who in the past contacted Internet Archive support rec

10
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

October 21, 2024 By Pierluigi Paganini Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment.Cisco confirms that the data posted by the notorious threat actor IntelBroker on a cybercrime forum was stolen from its DevHub environment.IntelBroker claimed to have gained access to Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Confidential Documents, Jira tickets, API tokens, AWS Private buckets, company Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products, and other info.“Hello BreachForums Community, Today, I am selling the Cisco breach that recently happened (6/10/2024)” reads the message published by IntelBroker. “Compromised data: Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira

20
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Over 6,000 WordPress hacked to install plugins pushing infostealers

October 21, 2024 By Lawrence Abrams WordPress sites are being hacked to install malicious plugins that display fake software updates and errors to push information-stealing malware.Over the past couple of years, information-stealing malware has become a scourge to security defenders worldwide as stolen credentials are used to breach networks and steal data.Since 2023, a malicious campaign called ClearFake has been used to display fake web browser update banners on compromised websites that distribute information-stealing malware.In 2024, a new campaign called ClickFix was introduced that shares many similarities with ClearFake but instead pretends to be software error messages with included fixes. However, these "fixes" are PowerShell scripts that, when executed, will download and install information-stealing malware. >>Full Article<<

20
Jasper_The_Rasper
Moderator
9 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Vulnerability Summary for the Week of October 14, 2024 Released Oct 21, 2024

Document IDSB24-295 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:High: vulnerabilities with a CVSS base score of 7.0–10.0 Medium: vulnerabilities with a CVSS base score of 4.0–6.9 Low: vulnerabilities with a CVSS base score of 0.0–3.9Entries may include additional information provided by organizations and efforts sponsored by CISA. Th

60
TripleHelix
Moderator
9 days ago
ProTruckDriver
Moderator
ProTruckDriverModerator
posted in Water Cooler
How To Practice Safe Driving Using The Smith System.

After retiring from the US Navy I decided to go into Over The Road Truck Driving. With over 3 Million Consecutive Safe Driving Miles in a 18 wheeler I followed and still follow the “Smith System” for driving. If everyone followed these 5 keys of the Smith System our roads would be a lot safer. Please “W82TXT”.Key 1. Aim High in SteeringOur eyes are designed to work for us at walking speeds. The average person has not adjusted visually or mentally to the higher speeds of motor vehicles. Look ahead to where you will be at least 15 seconds into your future. A 15-second eye-lead time provides advanced warning and gives you an additional margin of safety. Use improved eye-lead time for more efficient and economical driving.Key 2. Get The Big PictureWhile scanning ahead, do not forget the sides and rear. Consistently update your information. Check at least one of your mirrors every 5 to 8 seconds. Do not focus attention on insignificant objects. Stay alert to the relevant information that ca

190
ProTruckDriver
Moderator
9 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Microsoft creates fake Azure tenants to pull phishers into honeypots

October 19, 2024 Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them.With the collected data, Microsoft can map malicious infrastructure, gain a deeper understanding of sophisticated phishing operations, disrupt campaigns at scale, identify cybercriminals, and significantly slow down their activity.The tactic and its damaging effect on phishing activity was described  at BSides Exeter conference by Ross Bevington, a principal security software engineer at Microsoft calling himself Microsoft's "Head of Deception."Bevington created a "hybrid high interaction honeypot" on the now retired code.microsoft.com to collect threat intelligence on actors ranging from both less skilled cybercriminals to nation state groups targeting Microsoft infrastructure. Full Story

50
TripleHelix
Moderator
10 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
ESET partner breached to send data wipers to Israeli orgs

October 18, 2024 By Lawrence Abrams Hackers breached ESET's exclusive partner in Israel to send phishing emails to Israeli businesses that pushed data wipers disguised as antivirus software for destructive attacks.A data wiper is malware that intentionally deletes all of the files on a computer and commonly removes or corrupts the partition table to make it harder to recover the data.In a phishing campaign that started on October 8th, emails branded with ESET's logo were sent from the legitimate eset.co.il domain, indicating that the Israel division's email server was breached as part of the attack.While the eset.co.il domain is branded with ESET's content and logos, ESET told BleepingComputer it is operated by Comsecure, their Israel distributor. >>Full Article<<

241
TripleHelix
Moderator
11 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass

October 18, 2024 By Bill Toulas The latest generations of Intel processors, including Xeon chips, and AMD's older microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing ‘Spectre’ mitigations.The vulnerabilities impact Intel's 12th, 13th, and 14th chip generations for consumers and the 5th and 6th generation of Xeon processors for servers, along with AMD's Zen 1, Zen 1+, and Zen 2 processors.The attacks undermine the Indirect Branch Predictor Barrier (IBPB) on x86 processors, a core defense mechanism against speculative execution attacks.Speculative execution is a performance optimization feature on modern CPUs that executes instructions before knowing if they are needed by future tasks, thus speeding up the process when the prediction is correct. Instructions executed based on the misprediction are called transient and are squashed. >>Full Article<<

20
Jasper_The_Rasper
Moderator
12 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Despite massive security spending, 44% of CISOs fail to detect breaches

October 18, 2024 By Help Net Security Despite global information security spending projected to reach $215 billion in 2024, 44% of CISOs surveyed reported they were unable to detect a data breach in the last 12 months using existing security tools, according to Gigamon.CISOs identified blind spots as a key issue, with 70% of CISOs stating their existing security tools are not as effective as they could be when it comes to detecting breaches due to limited visibility.Modern cybersecurity is about differentiating between acceptable and unacceptable risk,” says Chaim Mazal, CSO at Gigamon. “Our research shows where CISOs are drawing that line, highlighting the critical importance of visibility into all data-in-motion to secure complex hybrid cloud infrastructure against today’s emerging threats. It’s clear current approaches aren’t keeping pace, which is why CISOs must reevaluate tool stacks and reprioritize investments and resources to more confidently secure their infrastructure.” >&

20
Jasper_The_Rasper
Moderator
12 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Tech giant Nidec confirms data breach following ransomware attack

October 18, 2024 By Bill Toulas  Nidec Corporation is informing that hackers behind a ransomware attack is suffered earlier this year stole data and leaked it on the dark web.The Japanese tech giant says the threat actors tried to extort the company and decided to leak the information after their demands were not met.The attack did not encrypt files and the incident is considered fully remediated at this time. However, Nidec employees, contractors, and associates, should be aware that the leaked data could be used in more targeted phishing attacks.Nidec Corporation is a global leader in the manufacturing of precision motors, automotive components, industrial parts, home appliance parts, and robotic systems.It operates in 40 countries, employs 120,000 people, and generates an annual revenue of more than $11 billion. >>Full Article<<

20
Jasper_The_Rasper
Moderator
12 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
QR codes are being hijacked to bypass MFA protections

October 18, 2024 By Benedict Collins Quishing attacks leverage QR codes to target employees (Image credit: Shutterstock) By now, most of us have become accustomed to seeing QR codes everywhere, from cafes and pubs, to businesses and public services. But how often do you check the URL it is directing you to?This is just one of the weaknesses of QR codes - the implicit trust that the code will take you where you want to go.New Sophos research has explored how an attack plays out after one of its own employees was targeted in a ‘quishing’ attack which utilized malicious QR codes hidden in seemingly legitimate internal emails. >>Full Article<<

40
Jasper_The_Rasper
Moderator
12 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
macOS HM Surf flaw in TCC allows bypass Safari privacy settings

October 18, 2024 By Pierluigi Paganini Microsoft disclosed a flaw in the macOS Apple’s Transparency, Consent, and Control (TCC) framework that could allow it to bypass privacy settings and access user data.Microsoft discovered a vulnerability, tracked as CVE-2024-44133 and code-named ‘HM Surf’, in Apple’s Transparency, Consent, and Control (TCC) framework in macOS.Apple’s Transparency, Consent, and Control framework in macOS is designed to protect user privacy by managing how apps access sensitive data and system resources. It requires applications to request explicit user permission before they can access certain types of information or system featuresSuccessful exploitation of the flaw could allow attackers to bypass privacy settings and access user data. >>Full Article<<

20
Jasper_The_Rasper
Moderator
12 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Undercover North Korean IT workers now steal data, extort employers

October 17 2024 By Bill Toulas North Korean IT professionals who trick Western companies into hiring them are stealing data from the organization's network and asking for a ransom to not leak it.Dispatching IT workers to seek employment at companies in wealthier nations is a tactic that North Korea has been using for years as a means to obtain privileged access for cyberattacks or to generate revenue for the country's weapons programs.Researchers at cybersecurity company Secureworks uncovered the extortion component during multiple investigations of such fraudulent schemes.After the employment of a North Korean national with access to proprietary data (as part of their contractor role) terminated, the company would receive the first extortion email, the researchers explain. >>Full Article<<

71
TripleHelix
Moderator
12 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign

Oct 18, 2024 Cyber Intelligence / Critical InfrastructureCybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks."Since October 2023, Iranian actors have used brute force and password spraying to compromise user accounts and obtain access to organizations in the healthcare and public health (HPH), government, information technology, engineering, and energy sectors," the agencies said in a joint advisory.The attacks have targeted healthcare, government, information technology, engineering, and energy sectors, per the Australian Federal Police (AFP), the Australian Signals Directorate's Australian Cyber Security Centre (ACSC), the Communications Security Establishment Canada (CSE), the U.S. Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency

50
TripleHelix
Moderator
12 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Vulnerabilities, AI Compete for Software Developers' Attention

October 18, 2024 This year, the majority of developers have adopted AI assistants to help with coding and improve code output, but most are also creating more vulnerabilities that take longer to remediate. Source: Gorodenkoff via Shutterstock  Less than two years after the general release of ChatGPT, most software developers have adopted AI assistants for programming. That's boosting efficiency, but at the same time, it's led to a higher cadence of software development that has made maintaining security more difficult.Developers are on track to download more than 6.6 trillion software components in 2024, which includes a 70% increase in downloads of JavaScript components and a 87% increase in Python modules, according to the annual "State of the Software Supply Chain" report from Sonatype. At the same time, the mean time to remediate vulnerabilities in those open source projects has grown significantly over the past seven years, from about 25 days in 2017 to more than 300 days in 2024.

30
TripleHelix
Moderator
12 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
China’s infosec leads accuse Intel of NSA backdoor, cite chip security flaws

Uncle Sam having a secret way into US tech? Say it ain't so Wed 16 Oct 2024 // 18:30 UTC A Chinese industry group has accused Intel of backdooring its CPUs, in addition to other questionable security practices while calling for an investigation into the chipmaker, claiming its products pose "serious risks to national security."The Cybersecurity Association of China (CSAC), in a lengthy post on its WeChat account on Wednesday described Intel's chips as being riddled with vulnerabilities, adding that the American company's "major defects in product quality and security management show its extremely irresponsible attitude towards customers."The CSAC also accused Intel of embedding a backdoor "in almost all" of its CPUs since 2008 as part of a "next-generation security defense system" developed by the US National Security Agency. This allowed Uncle Sam to "build an ideal monitoring environment where only the NSA is protected and everyone else is 'naked,'" the post continued. "This poses a

121
TripleHelix
Moderator
12 days ago
TylerM
Administrator
TylerMSr. Security Analyst & Community Manager
published in Threat Reports
2024 threat hunter perspectives: Key insights from OpenText’s latest reportREPORT

Be sure to join the Webinar!  In today’s evolving threat landscape, cyber defenders are constantly adapting to new adversarial tactics and emerging vulnerabilities. The latest 2024 Threat Hunter Perspective from OpenText™ sheds light on the most pressing threats, nation-state activities, and security recommendations enterprises must consider in the months ahead. Here are the key findings and expert insights to help you stay ahead of the curve. Nation-state collaboration with cybercrime ringsOne of the standout trends identified in the report is the increasing collaboration between nation-state actors and cybercrime rings. Adversaries are more coordinated than ever, launching synchronized attacks aimed at maximizing disruption and confusion.Russia: Cyber operations are ongoing, with particular focus on Ukraine and NATO countries, often leveraging criminal groups like Killnet and Lokibot to amplify attacks. China: Expanding its focus to South China Sea neighbors, China often partners wit

684
Ssherjj
Moderator
12 days ago

Badges

Show all badges

Join the Conversation

Terms & Conditions