Microsoft issues 117 patches – some for flaws already under attack
[The Register - Security] [9 Oct 24 @ 01:30]
Plus: SAP re-patches a failed patch for critical-rated flaw Patch Tuesday It's the second Tuesday of the month, which means Patch Tuesday, bringing with it fixes for numerous flaws, bugs and vuln...
Patch Tuesday, October 2024 Edition
[Krebs on Security] [9 Oct 24 @ 00:21]
Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Ado...
Qualcomm urges device makers to push patches after 'targeted' exploitation
[The Register - Security] [8 Oct 24 @ 23:30]
Given Amnesty's involvement, it's a safe bet spyware is in play Qualcomm has issued 20 patches for its chipsets' firmware, including one Digital Signal Processor (DSP) software flaw that has been e...
Three new Ivanti CSA zero-day actively exploited in attacks
[Security Affairs] [8 Oct 24 @ 23:26]
Software company Ivanti released security patches for three new CSA zero-day vulnerabilities actively exploited in attacks. Ivanti warned of three new security vulnerabilities (CVE-2024-9379, CVE-2...
Trump White House Got in the Way of Brett Kavanaugh Sexual Assault Investigation
[The Intercept] [8 Oct 24 @ 23:21]
Despite Trump’s claim that FBI had “free rein,” his aides limited witness lists and scope of questioning, per a senator’s report. The post Trump White House Got in the Way of Brett Kavanaugh Sexual...
This Law School Dean Sure Is Associated With Lots of Trump’s Alleged Co-Conspirators
[The Intercept] [8 Oct 24 @ 22:02]
Mark Martin crosses paths with plenty of people described in Jack Smith’s latest brief. The post This Law School Dean Sure Is Associated With Lots of Trump’s Alleged Co-Conspirators appeared first ...
MoneyGram confirms customer data breach
[Malwarebytes Unpacked] [8 Oct 24 @ 21:42]
Money transfer giant MoneyGram has notified customers about a data breach that has spilt sensitive customer information.
Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer
[Security Affairs] [8 Oct 24 @ 20:37]
Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer, used to steal sensitive data globally. Ukrainian national Mark Sokolovsky has pleaded guilty in a US court to o...
Using iPhone Mirroring at work? You might have just overshared to your boss
[The Register - Security] [8 Oct 24 @ 20:30]
What does IT see but a dating app on your wee little screen If you're using iPhone Mirroring at work: it's time to stop, lest you give your employer's IT department the capability to snoop through ...
Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited
[THN : The Hacker News] [8 Oct 24 @ 18:38]
Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in con...
Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines
[THN : The Hacker News] [8 Oct 24 @ 18:26]
Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. "These att...
“Agony” and “Suffering” as Alabama Experiments With Nitrogen Executions
[The Intercept] [8 Oct 24 @ 17:30]
The state said Alan Miller’s execution by lethal gas would be “more humane.” He writhed and gasped for air in his final moments. The post “Agony” and “Suffering” as Alabama Experiments With Nitroge...
Exposing the Facebook funeral livestream scam (Lock and Code S05E21)
[Malwarebytes Unpacked] [8 Oct 24 @ 17:30]
This week on the Lock and Code podcast, we speak with Zach Hinkle and Pieter Arntz about the Facebook funeral livestream scam.
Kritiek lek in Ivanti Connect Secure laat aanvaller code op vpn-server uitvoeren
[Security.NL maakt Nederland veilig] [8 Oct 24 @ 17:07]
Een kritieke kwetsbaarheid in Ivanti Connect Secure en Policy Secure maakt het mogelijk voor aanvallers om code op vpn-servers ...
Overheid test haalbaarheid van eigen chatapp voor ministers en ambtenaren
[Security.NL maakt Nederland veilig] [8 Oct 24 @ 16:49]
De Rijksoverheid heeft besloten tot het uitvoeren van een proof-of-concept van een eigen chatapp voor ministers en ambtenaren, ...
Qualcomm fixed a zero-day exploited limited, targeted attacks
[Security Affairs] [8 Oct 24 @ 15:50]
Qualcomm warns of 20 flaws in its products, including a potential zero-day vulnerability, in the DSP service that impacts multiple chipsets. Qualcomm addressed 20 vulnerabilities in its products, i...
Politie houdt vermeende beheerder van illegale online marktplaats aan
[Security.NL maakt Nederland veilig] [8 Oct 24 @ 15:43]
De politie heeft twee vermeende beheerders van de illegale online marktplaats Bohemia/ Cannabia geïdentificeerd en één van ...
GroenLinks-PvdA wil opheldering over uitlezen van telefoons door politie
[Security.NL maakt Nederland veilig] [8 Oct 24 @ 15:04]
GroenLinks-PvdA heeft ministers Van Weel van Justitie en Veiligheid en Uitermark van Binnenlandse Zaken om opheldering gevraagd ...
Ukrainian Malware Operator Pleads Guilty In US Court
[News ≈ Packet Storm] [8 Oct 24 @ 14:41]
Okta Classic Customers Told To Check Logs For Sign-On Bypass
[News ≈ Packet Storm] [8 Oct 24 @ 14:41]
American Water Shuts Down Customer Portal Amid Cybersecurty Incident
[News ≈ Packet Storm] [8 Oct 24 @ 14:41]
You Might Have The Skills That Cyber-Security Wants
[News ≈ Packet Storm] [8 Oct 24 @ 14:41]
Healthcare Orgs Warned Of Trinity Ransomware Attacks
[News ≈ Packet Storm] [8 Oct 24 @ 14:41]
Franse toezichthouder deelt boete uit voor lastiger weigeren van cookies
[Security.NL maakt Nederland veilig] [8 Oct 24 @ 14:31]
De Franse toezichthouder CNIL heeft één of meerdere boetes uitgedeeld aan websites omdat het lastiger was om cookies te ...
Loodgieter aangeklaagd voor plaatsen verborgen camera's en stelen usb-sticks
[Security.NL maakt Nederland veilig] [8 Oct 24 @ 14:22]
In België is een loodgieter aangeklaagd wegens het plaatsen van verborgen camera's in de badkamers van klanten en het stelen ...
Grootse drinkwaterleverancier in VS getroffen door cyberaanval
[Security.NL maakt Nederland veilig] [8 Oct 24 @ 13:54]
American Water, de grootste drinkwaterleverancier van de Verenigde Staten, is vorige week getroffen door een cyberaanval. ...
Door Nederland aan VS uitgeleverde verdachte bekent verkoop Raccoon-malware
[Security.NL maakt Nederland veilig] [8 Oct 24 @ 13:25]
Een Oekraïense man die begin dit jaar door Nederland aan de Verenigde Staten werd uitgeleverd heeft bekend schuldig te zijn ...
Cyberattack Group 'Awaken Likho' Targets Russian Government with Advanced Tools
[THN : The Hacker News] [8 Oct 24 @ 13:17]
Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. "The attackers now prefer using the agent for the legitimate MeshCentral platf...
Beveiligingsbedrijf ADT getroffen door inbraak via gestolen inloggegevens
[Security.NL maakt Nederland veilig] [8 Oct 24 @ 13:11]
Criminelen zijn erin geslaagd om in te breken op het bedrijfsnetwerk van ADT, zo heeft het beveiligingsbedrijf aan de ...
New Case Study: The Evil Twin Checkout Page
[THN : The Hacker News] [8 Oct 24 @ 12:58]
Is your store at risk? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life case st...
GoldenJackal Target Embassies and Air-Gapped Systems Using Malware Toolsets
[THN : The Hacker News] [8 Oct 24 @ 12:58]
A little-known threat actor tracked as GoldenJackal has been linked to a series of cyber attacks targeting embassies and governmental organizations with an aim to infiltrate air-gapped systems usin...
MoneyGram discloses data breach following September cyberattack
[Security Affairs] [8 Oct 24 @ 12:18]
MoneyGram disclosed a data breach following a cyberattack in September, during which threat actors stole customer data. In September, American interstate and international peer-to-peer payments and...
Staatssecretaris: leraren moeten weten hoe AI werkt en digitaal vaardig zijn
[Security.NL maakt Nederland veilig] [8 Oct 24 @ 12:16]
Leraren moeten weten hoe AI werkt en digitaal vaardig zijn, zo stelt staatssecretaris Paul van Onderwijs, die geen inzicht ...
The Value of AI-Powered Identity
[THN : The Hacker News] [8 Oct 24 @ 12:10]
Introduction Artificial intelligence (AI) deepfakes and misinformation may cause worry in the world of technology and investment, but this powerful, foundational technology has the potential to ben...
Lek in WordPressplug-in LatePoint laat aanvaller adminwachtwoord wijzigen
[Security.NL maakt Nederland veilig] [8 Oct 24 @ 11:35]
Een kwetsbaarheid in de WordPressplug-in LatePoint, die op duizenden websites actief is, laat aanvallers door middel van SQL ...
Androidtelefoons bevatten lek dat remote code execution mogelijk maakt
[Security.NL maakt Nederland veilig] [8 Oct 24 @ 11:10]
Een kwetsbaarheid in Android maakt remote code execution mogelijk, waardoor aanvallers code op kwetsbare toestellen kunnen ...
Qualcomm waarschuwt voor actief misbruikt lek in groot aantal chipsets
[Security.NL maakt Nederland veilig] [8 Oct 24 @ 10:51]
Chipfabrikant Qualcomm waarschuwt voor een actief misbruikte kwetsbaarheid die aanwezig is in een groot aantal chipsets. Het ...
EU-hof: commercieel belang kan bij verkoop klantdata gerechtvaardigd belang zijn
[Security.NL maakt Nederland veilig] [8 Oct 24 @ 10:28]
Een commercieel belang kan bij de verkoop van klantgegevens in sommige gevallen een gerechtvaardigd belang zijn, zolang dit ...
MoneyGram meldt diefstal van klant- en transactiegegevens
[Security.NL maakt Nederland veilig] [8 Oct 24 @ 09:28]
Criminelen zijn erin geslaagd om bij betalingsverwerker MoneyGram allerlei persoonlijke gegevens van klanten te stelen, ...
American Water shut down some of its systems following a cyberattack
[Security Affairs] [8 Oct 24 @ 09:24]
American Water, the largest publicly traded water and wastewater utility company in the US, shut down some of its systems following a cyberattack. American Water, the largest U.S. water and wastewa...
Happy birthday, Putin – you've been pwned
[The Register - Security] [8 Oct 24 @ 08:30]
Pro-Ukraine hackers claim credit for Russian state broadcasting shutdown Ukrainian hackers shut down Russian state news agency VGTRK's online broadcasting and streaming services on Monday – preside...
Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday
[THN : The Hacker News] [8 Oct 24 @ 07:49]
Ukraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters. The incident took...
Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits
[THN : The Hacker News] [8 Oct 24 @ 06:07]
Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The hi...
Google brings better bricking to Androids, to curtail crims
[The Register - Security] [8 Oct 24 @ 04:59]
Improved security features teased in May now appearing around the world Google has apparently started a global rollout of three features in Android designed to make life a lot harder for thieves to...
Feds reach for sliver of crypto-cash nicked by North Korea's notorious Lazarus Group
[The Register - Security] [8 Oct 24 @ 02:27]
A couple million will do for a start … but Kim's crews are suspected of stealing much more The US government is attempting to claw back more than $2.67 million stolen by North Korea's Lazarus Group...
American Water rinsed in cyberattack, turns off app
[The Register - Security] [8 Oct 24 @ 02:13]
It's still safe to drink, top provider tells us American Water, which supplies over 14 million people in the US and numerous military bases, has stopped issuing bills and has taken its MyWater app ...
Harnessing AI for Enhanced Security
[Trend Micro Simply Security] [8 Oct 24 @ 02:00]
A deep-dive into how AI-driven solutions from Trend Micro leveraging the NVIDIA AI Enterprise software platform are elevating security across critical industries
China Possibly Hacking US “Lawful Access” Backdoor
[Schneier on Security] [7 Oct 24 @ 22:07]
The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to...
Cops love facial recognition, and withholding info on its use from the courts
[The Register - Security] [7 Oct 24 @ 21:45]
Withholding exculpatory evidence from suspects isn't a great look when the tech is already questionable Police around the United States are routinely using facial recognition technology to help ide...
Comcast and Truist Bank customers impacted by debt collector’s breach
[Malwarebytes Unpacked] [7 Oct 24 @ 21:35]
A data breach at a US debt collection agency has led to the loss of data of some Comcast and Truist Bank customers.