The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. “The group utilizes sophisticated tactics…
Category: EN
Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two…
Wireshark 4.4.1 Released, (Sun, Oct 13th)
Wireshark release 4.4.1 fixes 2 vulnerabilities and 27 bugs. One of these bugfixes is for the missing IP address plugin on Windows, see “Wireshark 4.4's IP Address Functions”. This article has been indexed from SANS Internet Storm Center, InfoCON: green…
Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale
U.S. and U.K. cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and JetBrains TeamCity servers on a large scale. Russia-linked cyber espionage group APT29 (aka SVR group, BlueBravo, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes) target vulnerable Zimbra and JetBrains TeamCity servers as…
Microsoft’s guidance to help mitigate Kerberoasting
Kerberoasting, a well-known Active Directory (AD) attack vector, enables threat actors to steal credentials and navigate through devices and networks. Microsoft is sharing recommended actions administrators can take now to help prevent successful Kerberoasting cyberattacks. The post Microsoft’s guidance to…
USENIX NSDI ’24 – Known Knowns and Unknowns: Near-Realtime Earth Observation Via Query Bifurcation In Serval
Authors/Presenters:Bill Tao, Om Chabra, Ishani Janveja, Indranil Gupta, Deepak Vasisht Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI ’24) content, placing the organizations enduring…
New Yunit Infostealer Bypasses Windows Defender and Steals Sensitive Data
A new information-stealing malware has been discovered that is capable of exfiltrating a large amount of sensitive information while also disabling antivirus products to create persistence on target endpoints. CYFIRMA cybersecurity researchers have published a detailed investigation of the…
How to Recover a Hacked Gmail Account Even After a Security Breach
Having your Gmail account hacked can feel like a nightmare, especially when recovery details like phone numbers and email addresses have been changed by a hacker. Fortunately, recovering a compromised account is still possible, even if most security and…
Comcast Data Breach Impacts Thousands, Sensitive Information Compromised
Comcast Cable Communications LLC reports that it is a victim of a data breach compromising personal information of more than 237,000 individuals, including 22 residents of Maine. According to an investigation, the breach is traced back to Financial Business…
A cyber attack hit Iranian government sites and nuclear facilities
As Middle East tensions rise, cyberattacks hit Iran’s government branches and nuclear facilities, following Israel’s response to Iran’s October 1 missile barrage. Amid escalating Middle East tensions, Iran faced major cyberattacks Saturday, disrupting its government branches and targeting nuclear facilities.…
GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe
ESET research dives deep into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities This article has been indexed from WeLiveSecurity Read the original article: GoldenJackal jumps the air gap ……
How to Stop Your Data From Being Used to Train AI
Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more. This article has been indexed from Security Latest…
‘Chat control’: The EU’s controversial CSAM-scanning legal proposal explained
The European Union has a longstanding reputation for strong privacy laws. But a legislative plan to combat child abuse — which the bloc formally presented back in May 2022 — is threatening to downgrade the privacy and security of hundreds…
NextGen Identity Management
Federal agencies face a pivotal cybersecurity challenge: prevent unauthorized entities from accessing systems and facilities, while granting authorized federal employees and contractors access commensurate with verified need. Two factors complicate… The post NextGen Identity Management appeared first on Cyber Defense…
Voice Cloning and Deepfake Threats Escalate AI Scams Across India
The rapid advancement of AI technology in the past few years has brought about several benefits for society, but these advances have also led to sophisticated cyber threats. India is experiencing explosive growth in digital adoption, making it one…
American Water Works faces Cyberattack
American Water Works, the country’s largest provider of water services to 14 states, recently reported that it was cyber attacked on its information technology system. The current report has indicated that operational technology systems that control delivery of water within…
Mitigating the Risks of Shadow IT: Safeguarding Information Security in the Age of Technology
In today’s world, technology is integral to the operations of every organization, making the adoption of innovative tools essential for growth and staying competitive. However, with this reliance on technology comes a significant threat—Shadow IT. Shadow IT refers to…
The FBI Made a Crypto Coin Just to Catch Fraudsters
Plus: New details emerge in the National Public Data breach, Discord gets blocked in Russia and Turkey over alleged illegal activity on the platform, and more. This article has been indexed from Security Latest Read the original article: The FBI…
A Mysterious Hacking Group Has 2 New Tools to Steal Data From Air-Gapped Machines
It’s hard enough creating one air-gap-jumping tool. Researchers say the group GoldenJackal did it twice in five years. This article has been indexed from Security Latest Read the original article: A Mysterious Hacking Group Has 2 New Tools to Steal…
Pig Butchering Scams Are Going High Tech
Scammers in Southeast Asia are increasingly turning to AI, deepfakes, and dangerous malware in a way that makes their pig butchering operations even more convincing. This article has been indexed from Security Latest Read the original article: Pig Butchering Scams…