Skip to main content

Welcome

News, Announcements, Tech Discussions

44664 Topics
TripleHelix
Moderator
TripleHelixModerator
posted in Tech Talk
Intel lets go of 2,000 staff at Oregon R&D site, offices in Texas, Arizona, California

Wed 16 Oct 2024 // 22:31 UTC Layoffs follow more than 7,500 voluntary departures, early retirements  Intel this week handed out pink slips to more than 2,000 workers across the USAThe latest of these job cuts saw 1,300 people let go at Intel's Hillsboro offices, a crucial research and development hub where many of the chipmaker's next-gen parts get their start.First reported by the Oregonian on Tuesday, the layoffs are part of a massive staffing reduction that Intel announced in August following a disastrous second quarter. The job cuts will see the x86 giant cut 15 percent of its global workforce.The layoffs in Oregon represent a little over five percent of Intel's workforce in the state, which totaled 23,000 employees at the start of the year. However, we'll note this figure may not encompass the full scope of staff reductions hitting the R&D hub. Including staff buyouts and early retirements, the brain drain could be even more substantial. An Intel spokesperson told us the job c

91
MajorHavoc
Community Expert Advisor
8 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Code Execution, Data Tampering Flaw in Nvidia NeMo Gen-AI Framework

Artificial intelligence tech giant Nvidia issues a warning for code execution and data tampering security problems in the NeMo platform. October 16, 2024 Artificial intelligence tech giant Nvidia has flagged a major security flaw in its NeMo generative-AI framework, warning that malicious hackers can execute code and tamper with data on systems utilizing the platform. “NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering,” the company said in an advisory.Nvidia tagged the issue as CVE-2024-0129 with a CVSS severity score of 6.3/10. The issue affects the framework on Windows, Linux and MacOS systems. Full Story

40
TripleHelix
Moderator
8 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Couno Offers Expert Cyber Security Consulting Services to Safeguard Businesses Across the UK

10-16-2024 11:22 PM CET Strengthen Your Business Against Cyber Threats with Couno - A Leading Cyber Security ConsultantIn an increasingly digital world, cyber security has become a crucial aspect of business operations, and the rise in cybercrime has heightened the need for robust protection. Couno, a top-rated cyber security consulting company, provides essential services designed to protect businesses from cyber threats. With comprehensive solutions that encompass risk assessment, threat detection, and incident recovery, Couno ensures that businesses stay secure in the face of growing cyber risks.The frequency and complexity of cyber-attacks continue to rise, affecting businesses of all sizes. A recent report by Cybersecurity Ventures predicts that global cybercrime costs will reach $10.5 trillion annually by 2025, while 39% of UK businesses reported a cyber-attack in the past year. These figures demonstrate the urgent need for expert-led cyber security measures.Couno recognizes that

30
TripleHelix
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Finnish Customs dismantled the dark web drugs market Sipulitie

October 16 2024 By Pierluigi Paganini Finnish Customs shut down the Tor darknet marketplace Sipulitie and seized the servers hosting the platform.Finnish Customs, with the help of Europol, Swedish and Polish law enforcement authorities and researchers at Bitdefender, shut down the Tor marketplace Sipulitie.“Finnish customs has closed the web servers of the Sipulitie marketplace, which has been operating on the Tor network since 2023, in cooperation with the Swedish police, and confiscated their contents. The site was used for criminal purposes, such as selling narcotics anonymously.” reads the Finnish Customs’s announcement.The darknet market has been active since February 2023, it was used by criminals to sell narcotics anonymously. >>Full Article<<

30
Jasper_The_Rasper
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
US disrupts Anonymous Sudan DDoS operation, indicts 2 Sudanese brothers

October 16 2024 By Lawrence Abrams The United States Department of Justice unsealed an indictment today against two Sudanese brothers suspected of being the operators of Anonymous Sudan, a notorious and dangerous hacktivist group known for conducting over 35,000 DDoS attacks in a year.Since launching in 2023, Anonymous Sudan has been behind numerous high-profile DDoS attacks, causing widespread outages and the inability for users worldwide to access targeted services. Many of their attacks were motivated by pro-Russian and pro-Palestinian causes, based on messages on the operation's Telegram channel.These attacks impacted well-known companies and services, including tech giants like Cloudflare, Microsoft, and OpenAI, with the threat actors capable of overloading services and making them inaccessible. >>Full Article<<

30
Jasper_The_Rasper
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
“Nudify” deepfake bots remove clothes from victims in minutes, and millions are using them

 October 16 2024 By Pieter Arntz Millions of people are turning normal pictures into nude images, and it can be done in minutes.Journalists at Wired found at least 50 “nudify” bots on Telegram that claim to create explicit photos or videos of people with only a couple of clicks. Combined, these bots have millions of monthly users. Although there is no sure way to find out how many unique users that are, it’s appalling, and highly likely there are much more than those they found.The history of nonconsensual intimate image (NCII) abuse—as the use of explicit deepfakes without consent is often called—started near the end of 2017. Motherboard (now Vice) found an online video in which the face of Gal Gadot had been superimposed on an existing pornographic video to make it appear that the actress was engaged in the acts depicted. The username of the person that claimed to be responsible for this video resulted in the name “deepfake.”Since then, deepfakes have gone through many developments.

121
TripleHelix
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Hybrid Work Exposes New Vulnerabilities in Print Security

The shift to a distributed work model has exposed organizations to new threats, and a low but continuing stream of printer-related vulnerabilities isn't helping. October 16 2024 By Jai Vijayan The shift to hybrid work models has exposed new vulnerabilities in corporate print infrastructure and heightened security risks at many organizations.The risks run the gamut and include employees using insecure and unmanaged printers, remote workers sending print jobs over public networks, inadequate user authentication and print job release processes, exposed local spools and caches, and inconsistent patching practices.A relatively low but steady volume of print-related vulnerabilities have exacerbated these issues. Recent examples of such vulnerabilities include CVE-2024-38199 (a remote code execution [RCE] vulnerability in the Windows or Line Printer Daemon [LPD] Service), CVE-2024-21433 (a Windows Print Spooler elevation of privilege vulnerability), and CVE-2024-43529 (a similar vulnerability

20
Jasper_The_Rasper
Moderator
8 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Alert CISA and FBI Release Joint Guidance on Product Security Bad Practices for Public Comment Release Date October 16, 2024

Related topics:Cybersecurity Best Practices, Critical Infrastructure Security and ResilienceToday, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released joint guidance on Product Security Bad Practices, a part of CISA’s Secure by Design initiative. This joint guidance supplies an overview of exceptionally risky product security bad practices for software manufacturers who produce software in support of critical infrastructure or national critical functions. The bad practices presented in this guidance are organized into three categories: product properties, security features, and organizational processes and policies. This guidance contains brief information about specific bad practices, recommended actions, and additional resources. While this guidance is intended for software manufacturers who develop software products and services in support of critical infrastructure, all software manufacturers are strongly encouraged to

30
TripleHelix
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Malicious ads exploited Internet Explorer zero day to drop malware

October 16 2024 By Bill Toulas The North Korean hacking group ScarCruft launched a large-scale attack in May that leveraged an Internet Explorer zero-day flaw to infect targets with the RokRAT malware and exfiltrate data.ScarCruft (aka "APT37" or "RedEyes") is a state-sponsored cyber-espionage threat actor known for targeting systems in South Korea and Europe, as well as North Korean human rights activists and defectors, using phishing, watering hole, and Internet Explorer zero-days.A new joint report by South Korea's National Cyber Security Center (NCSC) and AhnLab (ASEC) outlines a recent ScarCruft campaign dubbed "Code on Toast," which leveraged toast pop-up ads to perform zero-click malware infections.The flaw used in zero-day attacks is tracked as CVE-2024-38178 and is a high-severity type confusion flaw in Internet Explorer.ASEC and NCSC, responding to the campaign, informed Microsoft immediately, and the tech giant released a security update to address CVE-2024-39178 in August 2

30
Jasper_The_Rasper
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Varsity Brands Data Breach Impacts 65,000 People

Apparel giant Varsity Brands has disclosed some information about a data breach impacting more than 65,000 individuals. October 16 2024 By Eduard Kovacs Apparel giant Varsity Brands this week disclosed a data breach impacting a significant number of individuals. Varsity provides uniforms, apparel and services for sports teams, schools, and student-athletes. The company was recently acquired by investment firm KKR, reportedly for $4.75 billion.Varsity informed the Maine Attorney General’s Office this week that it detected “unusual activity” on its systems in May 2024. “Upon detection, we promptly took steps to stop the activity and took certain systems offline. An investigation was launched with assistance from external cybersecurity experts. We also notified law enforcement,” Varsity said in a letter sent to impacted individuals. >>Full Article<<

20
Jasper_The_Rasper
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Sidewinder Casts Wide Geographic Net in Latest Attack Spree

The long-active, India-sponsored cyber-threat group targeted multiple entities across Asia, Africa, the Middle East, and even Europe in a recent attack wave that demonstrated the use of a previously unknown post-exploit tool called StealerBot.   October 16 2024 By Elizabeth Montalbano The elusive, India-based advanced persistent threat (APT) group SideWinder has unleashed a new flurry of attacks against high-profile entities and strategic infrastructure targets that span numerous countries in Asia, the Middle East, Africa, and even Europe, signaling an expansion of its geographic reach. The attacks also show the group is using an advanced post-exploitation toolkit dubbed "StealerBot" to further its cyber-espionage activity, researchers have found.The state-sponsored group — active since 2012, publicly outed in 2018, and mainly known for attacking rivals in Pakistan, Afghanistan, China, and Nepal — has demonstrated a widening of its geographic scope in the last six months. The latest at

20
Jasper_The_Rasper
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
GitHub addressed a critical vulnerability in Enterprise Server

October 16 2024 By Pierluigi Paganini GitHub addressed a critical vulnerability in Enterprise Server that could allow unauthorized access to affected instances.Code hosting platform GitHub addressed a critical vulnerability, tracked as CVE-2024-9487 (CVSS score of 9.5), in GitHub Enterprise Server that could lead to unauthorized access to affected instances.An attacker could exploit a cryptographic signature verification flaw in GitHub Enterprise Server to bypass SAML SSOand unauthorized user access.The flaw is an improper verification of cryptographic signature vulnerability that resides in GitHub Enterprise Server. GitHub warns that attackers could exploit a cryptographic signature verification flaw in GitHub Enterprise Server, allowing SAML SSO bypass and unauthorized user access.To exploit this vulnerability, the attacker needed GitHub Enterprise Server’s encrypted assertions feature enabled, direct network access, and a signed SAML response or metadata document. >>Full Artic

20
Jasper_The_Rasper
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Critical Kubernetes Image Builder flaw gives SSH root access to VMs

October 16 2024 By Bill Toulas A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project.Kubernetes is an open-source platform that helps automate the deployment, scale, and operate virtual containers - lightweight environments for applications to run.With Kubernetes Image Builder, users can create virtual machine (VM) images for various Cluster API (CAPI) providers, like Proxmox or Nutanix, that run the Kubernetes environment. These VMs are then used to set up nodes (servers) that become part of a Kubernetes cluster.According to a security advisory on the Kubernetes community forums, the critical vulnerability affects VM images built with the Proxmox provider on Image Builder version 0.1.37 or earlier.The issue is currently tracked as CVE-2024-9486 and consists in the use of default credentials enabled during the image-building process and not disabled afterward. >>Full Artic

30
Jasper_The_Rasper
Moderator
8 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
AI scammers target Gmail accounts, say they have your death certificate

October 15 2024 By Pieter Arntz Several reputable sources are warning about a very sophisticated Artificial Intelligence (AI) supported type of scam that is bound to trick a lot of people into compromising their Gmail account.The most recent warning comes from CEO of Y Combinator Garry Tan who posted on X, saying the scammers using AI voices tell you someone has issued a death certificate for you and is trying to recover your account. The scammers claim to be checking that you are alive and whether they should disregard a filed death certificate. If you click “Yes, it’s me” on the fake account recovery screen then you’ll likely lose access to your Google account. >>Full Article<<

388
TripleHelix
Moderator
8 days ago
TylerM
Administrator
TylerMSr. Security Analyst & Community Manager
published in Threat Reports
Key Insights from the OpenText 2024 Threat PerspectiveReport

As we navigate through 2024, the cyber threat landscape continues to evolve, bringing new challenges for both businesses and individual consumers. The latest OpenText Threat Report provides insight into these changes, offering vital insights that help us prepare and protect ourselves against emerging threats. Here’s what you need to know: The Resilience of RansomwareRansomware remains a formidable adversary, with groups like LockBit demonstrating an uncanny ability to bounce back even after significant law enforcement actions. Despite a recent crackdown that saw authorities dismantle its infrastructure, LockBit swiftly resumed operations, even taunting law enforcement agencies in the process. This adaptability highlights how resourceful ransomware groups have become, enabling them to evade detection and persistently challenge defenders.For businesses, this means implementing a comprehensive incident response plan that includes secure, immutable backups and regular testing to ensure rap

11423
H
New Member
8 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Google Chrome Stable Channel Update for Desktop Tuesday October 15, 2024

The Stable channel has been updated to 130.0.6723.58/.59 for Windows, Mac and 130.0.6723.58 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. This update includes 17 security fixes. Below, we highlight fixes that were contributed by external researchers. https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html Webroot users make sure to re-add back to Privacy Protection!  

40
TripleHelix
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
EDRSilencer red team tool used in attacks to bypass security

October 15 2024 By Bill Toulas A tool for red-team operations called EDRSilencer has been observed in malicious incidents attempting to identify security tools and mute their alerts to management consoles.Researchers at cybersecurity company Trend Micro say that attackers are trying to integrate EDRSilencer in attacks to evade detection.“Our internal telemetry showed threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading detection.” - Trend Micro.“Muting” EDR productsEndpoint Detection and Response (EDR) tools are security solutions that monitor and protect devices from cyber threats.They use advanced analytics and constantly updated intelligence to identify threats, both known and new, and respond automatically while sending a detailed report to defenders about the origin, impact, and spread of the threat.EDRSilencer is an open-source tool inspired by MdSec NightHawk FireBlock, a proprietary pen-testing tool, which detects running EDR

20
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Finland seizes servers of 'Sipultie' dark web drugs market

October 15 2024 By Bill Toulas  The Finnish Customs office took down the website and seized the servers for the darknet marketplace ‘Sipulitie’ where criminals sold illegal narcotics anonymously.The agency's announcement earlier today says that the site catered to both Finnish and English-speaking users, and that its operator claimed a turnover of 1.3 million Euros (approximately $1.42 million).The operation was possible thanks to an international collaboration involving the Finnish Customs, Europol, the Swedish police, Polish law enforcement authorities, and researchers at Bitdefender cybersecurity company.Seizure banner >>Full Article<<

30
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Microsoft issues guidance on how best to hit back against Kerberoasting AD attacks

Kerberoasting is growing more effective, Microsoft warns October 15 2024 By Sead Fadilpašić  (Image credit: Shutterstock / Blue Andy) Cybersecurity researchers from Microsoft have warned the effectiveness of a cyberattack method called Kerberoasting is growing.To help businesses engage their defenses against this attack, the company published a new blog, explaining the methodology, the risks involved, and protection guidance.According to Microsoft, the technique has grown more effective lately because hackers are increasingly using GPUs to accelerate password cracking. >>Full Article<<

20
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Volkswagen Says IT Infrastructure Not Affected After Ransomware Gang Claims Data Theft

Volkswagen has issued a statement after the 8Base ransomware group claimed to have stolen valuable data from the company’s systems. October 15 2024 By Eduard Kovacs The Volkswagen Group has issued a statement after a known ransomware group claimed to have stolen valuable information from the carmaker’s systems.“This incident is known,” a Volkswagen spokesperson told SecurityWeek, adding, “The IT infrastructure of the Volkswagen Group is not affected. We are continuing to monitor the situation closely.”The Volkswagen Group owns car brands such as Volkswagen, Skoda, Seat, Audi, Lamborghini, Porsche, Cupra, and Bentley. >>Full Article<<

80
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Cyberattackers Unleash Flood of Potentially Disruptive Election-Related Activity

Organizations should be on high alert until next month's US presidential election to ensure the integrity of the voting process, researchers warn.   October 15 2024 By Elizabeth Montalbano Cyber-threat actors have ramped up their targeting of the 2024 US elections with a flood of malicious activity expected to peak over the next month, aimed at causing disruption to voters and the election process and requiring increased vigilance on the part of stakeholders.Specifically, attackers have bolstered election-related threat activity since the beginning of the year with an increase in the sale of phishing kits targeting US voters and campaign donors; the registration of more than 1,000 domains aimed at exploiting election-related content for malicious purposes; and increased ransomware activity targeting government entities, according to research from FortiGuard Labs Threat Research released today. >>Full Article<<

30
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
A new Linux variant of FASTCash malware targets financial systems

October 15 2024 By Pierluigi Paganini North Korea-linked actors deploy a new Linux variant of FASTCash malware to target financial systems, researcher HaxRob revealed.The cybersecurity researcher HaxRob analyzed a new variant of the FASTCash “payment switch” malware which targets Linux systems. The variant discovered by the researcher was previously unknown and targets Ubuntu 22.04 LTS distributions.In November 2018, Symantec first discovered the FastCash Trojan, which was used by the North Korea-linked APT group Lazarus in a series of attacks against ATMs.The experts reported that the ATP group has been using this malware at least since 2016 to siphon millions of dollars from ATMs of small and midsize banks in Asia and Africa. >>Full Article<<

10
Jasper_The_Rasper
Moderator
9 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Over 200 malicious apps on Google Play downloaded millions of times

October 15 2024 By Bill Toulas Google Play, the official store for Android, distributed over a period of one year more than 200 malicious applications, which cumulatively counted nearly eight million downloads.The data was collected between June 2023 and April 2024 by threat intelligence researchers at Zscaler, who identified and analyzed malware families both on Google Play and other distribution platforms.The most common threats the researchers discovered on the official Android app store include:Joker (38.2%): Info-stealer and SMS message grabber that subscribes victims to premium services Adware (35.9%): Apps that consume internet bandwidth and battery to load either intrusive foreground ads or invisible ads in the background, generating fraudulent ad impressions Facestealer (14.7%): Facebook account credential stealers that overlay phishing forms on top of legitimate social media applications Coper (3.7%): Info-stealer and SMS message interceptor that can also perform keylogging a

60
Jasper_The_Rasper
Moderator
9 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Alert CISA Adds Three Known Exploited Vulnerabilities to Catalog Release Date October 15, 2024

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.CVE-2024-30088·  Microsoft Windows Kernel TOCTOU Race Condition Vulnerability·  CVE-2024-9680·  Mozilla Firefox Use-After-Free Vulnerability·  CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential VulnerabilityThese types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.A

70
TripleHelix
Moderator
9 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Alert CISA Releases Two Industrial Control Systems Advisories Release Date October 15, 2024

Related topics:Industrial Control System Vulnerabilities, Industrial Control SystemsCISA released two Industrial Control Systems (ICS) advisories on October 15, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.ICSA-24-289-01 Siemens Siveillance Video Camera ICSA-24-289-02 Schneider Electric Data Center ExpertCISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.This product is provided subject to this Notification and this Privacy & Use policy.Vendor Siemens Schneider Electrichttps://www.cisa.gov/news-events/alerts/2024/10/15/cisa-releases-two-industrial-control-systems-advisories

60
TripleHelix
Moderator
9 days ago

Badges

Show all badges

Join the Conversation

Terms & Conditions