This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, October 14th, 2024…
Category: EN
RegreSSHion, Critical RCE Vulnerabilities, and When Should You Be Scared?
On July 1st, 2024, the cybersecurity community was rocked by the discovery of a critical Remote Code Execution (RCE) vulnerability in OpenSSH, aptly named regreSSHion. This revelation triggered a frenzy… The post RegreSSHion, Critical RCE Vulnerabilities, and When Should You…
ConfusedPilot: UT Austin & Symmetry Systems Uncover Novel Attack on RAG-based AI Systems
Executive Summary Researchers at the Spark Research Lab (University of Texas at Austin)1, under the supervision of Symmetry CEO Professor… The post ConfusedPilot: UT Austin & Symmetry Systems Uncover Novel Attack on RAG-based AI Systems appeared first on Symmetry Systems.…
USENIX NSDI ’24 – Spectrumize: Spectrum-Efficient Satellite Networks for the Internet of Things
Authors/Presenters:Vaibhav Singh, Tusher Chakraborty, Suraj Jog, Om Chabra, Deepak Vasisht, Ranveer Chandra Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI ’24) content, placing the…
Teraleak: Pokémon Developer Game Freak Hacked; Decades of Data Leaked
Game Freak’s “Teraleak” exposed nearly 1 terabyte of sensitive Pokémon data, including source code, cancelled games, concept art,… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: Teraleak: Pokémon Developer…
Patch-22: The Catch of Waiting to Fix Cybersecurity Vulnerabilities
One of the biggest dilemmas for security teams is when to patch vulnerabilities. This is a classic “Patch-22” situation—patching immediately can be time-consuming and disruptive, but waiting leaves your organization exposed to cyber threats. It’s a tough balancing act between…
AsyncRAT Malware Exploits Bitbucket to Launch Multi-Stage Attack
G DATA Security Lab has discovered a sophisticated malware operation that used Bitbucket, a popular code hosting platform, to propagate AsyncRAT, a well-known remote access trojan. According to the study, the attackers employed a multi-stage assault strategy, exploiting Bitbucket…
Awaken Likho Targets Russian Agencies with MeshCentral Remote Access Tool
Awaken Likho, also referred to as Core Werewolf or PseudoGamaredon, is a cyber threat group targeting Russian government agencies and industrial entities. Since June 2024, a new campaign has been observed, where attackers have shifted from using UltraVNC to…
Millions of Android Devices at Risk, New Chip Bug Exploited in Targeted Attacks
Overview of the Exploit Hackers recently leveraged a serious security weakness, said to be a “zero-day,” that exists within the Qualcomm chipsets used in many popular Android devices. Qualcomm confirmed that at the time they were first exploited by…
The Role of End-to-End Encryption in Modern Cybersecurity
It is a type of messaging that is protected from everyone, including the messaging service itself, because of end-to-end encryption (E2EE). Using E2EE, a message cannot be decrypted until the sender and the recipient can see it in the…
Meet the Chinese ‘Typhoon’ hackers preparing for war
Of the cybersecurity risks facing the United States today, few loom larger than the potential sabotage capabilities posed by China-backed hackers, which top U.S. officials have described as an “epoch-defining threat.” In recent months, U.S. intelligence officials said Chinese government-backed…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Over 300,000!…
Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A cyber attack…
Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between
Reading, writing, and cyber mayhem, amirite? If we were to draw an infosec Venn diagram, with one circle representing “sensitive info that attackers would want to steal” and the other “limited resources plus difficult-to-secure IT environments,” education would sit in…
Misinformation, Online Scams Surging Following Historic Hurricanes
Bad actors often take advantage of natural disasters, and especially hurricanes, in times of crisis. Hurricanes Helene and Milton pose significant new online threats, including misinformation and fraud. The post Misinformation, Online Scams Surging Following Historic Hurricanes appeared first on…
Casio Hit by Cyberattack Causing Service Disruption Amid Financial Challenges
Japanese tech giant Casio recently experienced a cyberattack on October 5, when an unauthorized individual accessed its internal networks, leading to disruptions in some of its services. The breach was confirmed by Casio Computer, the parent company behind the…
OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf
The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. “The group utilizes sophisticated tactics…
Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two…
Wireshark 4.4.1 Released, (Sun, Oct 13th)
Wireshark release 4.4.1 fixes 2 vulnerabilities and 27 bugs. One of these bugfixes is for the missing IP address plugin on Windows, see “Wireshark 4.4's IP Address Functions”. This article has been indexed from SANS Internet Storm Center, InfoCON: green…
Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale
U.S. and U.K. cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and JetBrains TeamCity servers on a large scale. Russia-linked cyber espionage group APT29 (aka SVR group, BlueBravo, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes) target vulnerable Zimbra and JetBrains TeamCity servers as…