November, 2024
November 30, 2024 – Vulnerabilities
Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP Full Text
Abstract
Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges.The Hacker News
November 30, 2024 – Vulnerabilities
Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks Full Text
Abstract
Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild.The Hacker News
November 30, 2024 – Phishing
New Rockstar 2FA phishing service targets Microsoft 365 accounts Full Text
Abstract
Like other AiTM platforms, Rockstar 2FA enables attackers to bypass multifactor authentication (MFA) protections on targeted accounts by intercepting valid session cookies.Bleeping Computer
November 29, 2024 – Malware
SMOKEDHAM Backdoor: UNC2465’s Stealth Weapon for Extortion and Ransomware Campaigns Full Text
Abstract
Once embedded, SMOKEDHAM grants attackers initial access to a target’s system, paving the way for network reconnaissance, lateral movement, and, eventually, ransomware deployment.Security Online
November 29, 2024 – Vulnerabilities
Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC Full Text
Abstract
“An attacker can craft a CSR to include application policies that are preferred over the configured Extended Key Usage attributes specified in the template,” according to the TrustedSec analysis.Security Online
November 29, 2024 – Vulnerabilities
Integer Overflow Vulnerability in Windows Driver Enables Privilege Escalation, PoC Published Full Text
Abstract
The flaw, which allows a local attacker to exploit an integer overflow for privilege escalation, has been successfully demonstrated and highlighted during the prestigious TyphoonPWN 2024 event, earning second place.Security Online
November 29, 2024 – Vulnerabilities
Contiki-NG IoT OS Patches Critical Vulnerabilities Full Text
Abstract
While the SNMP module is disabled by default in Contiki-NG, developers who have enabled it are strongly urged to update their systems. Patches for CVE-2024-41125 and CVE-2024-41126 are available in pull requests #2936 and #2937, respectively.Security Online
November 29, 2024 – Botnet
XorBot Botnet Resurfaces with Advanced Evasion and Exploits, Threatens IoT Devices Full Text
Abstract
XorBot operators have shifted their focus to profitability, openly advertising distributed denial-of-service (DDoS) attacks as a service under the alias “Masjesu Botnet.” They use Telegram for recruiting customers and promoting services.Security Online
November 29, 2024 – Attack
MUT-8694 Supply Chain Attack Targets npm and PyPI Ecosystems Full Text
Abstract
Datadog’s analysis revealed 42 malicious PyPI packages and 18 npm packages linked to the campaign, each mimicking legitimate libraries. The PyPI packages falsely claimed to resolve DLL and API issues, while many npm packages referenced Roblox.Security Online
November 28, 2024 – Phishing
Return of ANEL Backdoor in the Recent Earth Kasha Spear-Phishing Campaign in 2024 Full Text
Abstract
The campaign’s primary intrusion vector involved carefully crafted spear-phishing emails. These messages, often sent from compromised or free email accounts, contained links to malicious OneDrive-hosted ZIP files.Trend Micro
November 28, 2024 – Vulnerabilities
HPE Insight Remote Support Hit with Critical Vulnerabilities, Urgent Patch Released Full Text
Abstract
HPE has issued an urgent security bulletin addressing critical vulnerabilities in its Insight Remote Support service. These flaws could allow attackers to gain unauthorized access to sensitive information or even execute malicious code remotely.Security Online
November 28, 2024 – Vulnerabilities
Bootkitty: Analyzing the First UEFI Bootkit for Linux Full Text
Abstract
Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks.WeLiveSecurity
November 28, 2024 – Vulnerabilities
Jenkins Users Beware: Multiple Security Vulnerabilities Discovered Full Text
Abstract
Jenkins has issued a security advisory addressing multiple vulnerabilities impacting both its core system and plugins. These flaws, ranging from denial of service to cross-site scripting, pose significant risks to Jenkins users if left unpatched.Security Online
November 28, 2024 – Policy and Law
Geico, Travelers Fined $11.3M for Lax Data Security Full Text
Abstract
The two auto insurance companies will pay a hefty penalty for what the State of New York says was inadequate security that allowed hackers to compromise the personal data of more than 12,000 state residents.Dark Reading
November 28, 2024 – Government
US National Security Officials Brief Telecom Executives Full Text
Abstract
The White House hosted a meeting with executives of the U.S. telecommunications sector to share intelligence pertaining to China's "significant cyberespionage campaign targeting the sector."Bank Infosecurity
November 28, 2024 – Phishing
Scammers use you’re fired lures in phishing campaign Full Text
Abstract
The attack begins with an email that appears to be a legal notice informing recipients their employment has been terminated. In one of these scams, the email uses the subject line "Action Required: Tribunal Proceedings Against You".The Register
November 28, 2024 – Vulnerabilities
CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix Full Text
Abstract
Zabbix, a popular open-source IT infrastructure monitoring tool used by organizations worldwide, has been found to contain a critical SQL injection vulnerability (CVE-2024-42327) with a CVSS score of 9.9.Security Online
November 28, 2024 – Malware
What’s up India? PixPirate is back and spreading via WhatsApp Full Text
Abstract
A new iteration of the PixPirate malware has been detected , marking the resurgence of a highly sophisticated threat. The malware is known for targeting financial services and now leverages WhatsApp as a primary vector for its propagation.Security Intelligence
November 28, 2024 – General
Black Friday Fake Stores Surge 110%: How LLMs and Cheap Domains Empower Cybercrime Full Text
Abstract
In its report, Netcraft revealed, “Between November 18 to 21 alone, Netcraft’s systems identified more than 9,000 new fake store domains hosted through SHOPYY. Over 66% of SHOPYY-powered domains analyzed by Netcraft were found to be fake stores.Security Online
November 26, 2024 – Government
CISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks Full Text
Abstract
The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that could be exploited to achieve arbitrary code execution remotely. Fixes were released in version 9.4.0.484 in March 2023.The Hacker News
November 26, 2024 – Attack
Zyxel Firewalls Targeted in Recent Ransomware Attacks Full Text
Abstract
Zyxel warns that a ransomware gang has been exploiting a recently patched command injection vulnerability, CVE-2024-42057, in its firewalls for initial compromise. Remote, unauthenticated attackers could exploit the flaw to execute OS commands.Security Affairs
November 26, 2024 – Business
Haveli Purchases AppViewX to Strengthen Identity Automation Full Text
Abstract
The Austin-based private equity firm said acquiring a majority interest in AppViewX will help the New York-based firm capture the growing market opportunity due to emerging compliance standards and security challenges.Bank Info Security
November 26, 2024 – Vulnerabilities
Critical WordPress Plugin Flaw Exposes 200,000 Sites Full Text
Abstract
These vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, could allow unauthenticated attackers to compromise websites by installing malicious plugins and executing arbitrary code.Security Online
November 26, 2024 – Outage
UK Drinking Water Supplies Disrupted by Record Number of Undisclosed Cyber Incidents Full Text
Abstract
In 2024, there were at least six incidents affecting drinking water infrastructure, according to data collected by Recorded Future News using the Freedom of Information (FOI) Act. In previous years there were no more than two.The Record
November 26, 2024 – Criminals
Cybercriminals Turn to Pen Testers to Test Ransomware Efficiency Full Text
Abstract
Any good developer knows that software needs to be tested before deploying in production environments. This is also true for ransomware gangs. They want to ensure that their ransomware can be deployed successfully against organizations.Help Net Security
November 26, 2024 – Phishing
Three-Quarters of Black Friday Spam Emails Identified as Scams Full Text
Abstract
Bitdefender said the growing prevalence of Black Friday scams “underscores the greed and daring of cybercriminals, who increasingly leverage fake offers and phishing tactics to exploit consumer shopping behaviors and trends.”Infosecurity Magazine
November 26, 2024 – Botnet
PROSPERO & Proton66: Tracing Uncovering the Links Between Bulletproof Hosting Networks Full Text
Abstract
Intrinsec’s analysis reveals operational similarities between PROSPERO and Proton66. Both systems share nearly identical peering agreements and are linked to the same internet exchange point in St. Petersburg.Intrinsec
November 26, 2024 – Phishing
Government IDs and Facial Recognition: A New Phishing Threat Full Text
Abstract
A recent report by Harsh Patel and Brandon Cook from the Cofense Phishing Defense Center highlights a dangerous new tactic aimed at exploiting online users by combining phishing for government IDs with facial recognition video capture.Security Online
November 26, 2024 – Policy and Law
DeliveryHero Subsidiary Fined $5.2 Million for Tracking Drivers’ Geolocation Full Text
Abstract
Italy’s data privacy regulator on Friday announced that it has levied a €5 million ($5.2 million) fine against an Italian GPS-based food delivery service for tracking the geolocation of its drivers, including outside of working hours.The Record
November 23, 2024 – Attack
China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign Full Text
Abstract
A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit.The Hacker News
November 23, 2024 – Malware
Faux ChatGPT, Claude API Packages Deliver JarkaStealer Full Text
Abstract
Two Python packages posing as tools to integrate with popular chatbots and provide API access are actually delivering "JarkaStealer," an infostealer designed to target potentially thousands of victims.Dark Reading
November 23, 2024 – Breach
Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’ Full Text
Abstract
Russian state hackers APT28 breached a U.S. company through its enterprise WiFi network while being thousands of miles away, by leveraging a novel technique called "nearest neighbor attack.Bleeping Computer
November 23, 2024 – Phishing
APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware Full Text
Abstract
The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file.The Hacker News
November 23, 2024 – Attack
China-linked hackers target Linux systems with new spying malware Full Text
Abstract
According to the researchers, a China-linked state-sponsored threat actor has been targeting Linux systems with previously unknown malware strains in a new espionage campaign.The Record
November 23, 2024 – Malware
Hackers Use Telegram Channels To Deliver Lumma Stealer Sophisticatedly Full Text
Abstract
Lumma Stealer, a sophisticated information-stealing malware, is spreading through Telegram channels, exploiting the platform’s popularity to bypass traditional security measures and target unsuspecting users, potentially compromising sensitive data.GBHackers
November 23, 2024 – APT
Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations Full Text
Abstract
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India, Taiwan, and Japan, leveraging spear-phishing and exploiting vulnerabilities in public-facing applications like SSL-VPN and file storage services.GBHackers
November 22, 2024 – Malware
Unraveling Raspberry Robin’s Layers: Analyzing Obfuscation Techniques and Core Mechanisms Full Text
Abstract
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection and analysis by infiltrating systems primarily via USB drives, utilizing TOR network for covert communication with its C2 servers.ZScalar
November 22, 2024 – Phishing
Meta says it has removed 2 million accounts linked to pig butchering scams Full Text
Abstract
Meta has taken down more than 2 million accounts this year connected to pig butchering scams conducted from Southeast Asia and the United Arab Emirates, the company said Thursday.The Record
November 22, 2024 – Vulnerabilities
CVE-2024-10126 & CVE-2024-10127: M-Files Addresses File Inclusion and Authentication Bypass Flaws Full Text
Abstract
M-Files, a leading provider of information management solutions, has released security updates to address two vulnerabilities in its server software. The vulnerabilities are identified as CVE-2024-10126 and CVE-2024-10127.Security Online
November 21, 2024 – Vulnerabilities
Fortinet VPN design flaw hides successful brute-force attacks Full Text
Abstract
Researchers at Pentera discovered that a successful login is recorded only if the process passes both the authentication and the authorization steps; otherwise, FortiClient VPN will log a failed authentication.Bleeping Computer
November 21, 2024 – Attack
Dozens of Central Asian targets hit in recent Russia-linked cyber-espionage campaign Full Text
Abstract
Researchers have identified an ongoing Russia-linked cyber-espionage campaign targeting human rights groups, private security companies, and state and educational institutions in Central Asia, East Asia, and Europe using custom malware.The Record
November 21, 2024 – Vulnerabilities
NTLM Privilege Escalation: The Unpatched Microsoft Vulnerabilities No One is Talking About Full Text
Abstract
The Microsoft Outlook application in particular has become a primary target for initial access due to its frequent and often silent network connections, which can trigger unintended NTLM authentication.MorphiSec
November 21, 2024 – Phishing
Now BlueSky hit with crypto scams as it crosses 20 million users Full Text
Abstract
A BlueSky post from last week featured an AI-generated image of Mark Zuckerberg and promoted crypto assets like "MetaChain" and "MetaCoin." The post misleads viewers into associating the advertised products with Meta.Bleeping Computer
November 21, 2024 – Malware
Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine Full Text
Abstract
The first backdoor, WolfsBane, is a Linux version of Gelsevirine, a Windows backdoor used by Gelsemium. WolfsBane is a Linux equivalent of Gelsemium’s Gelsevirine backdoor and the WolfsBane dropper is analogous to the Gelsemine dropper.WeLiveSecurity
November 21, 2024 – General
Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online Full Text
Abstract
New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures.The Hacker News
November 21, 2024 – Vulnerabilities
Google’s AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects Full Text
Abstract
These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets. Google added the ability to leverage LLMs to improve fuzzing coverage in OSS-Fuzz.The Hacker News
November 21, 2024 – Vulnerabilities
CVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses, PoC Published Full Text
Abstract
A newly discovered vulnerability in popular remote desktop software AnyDesk could allow attackers to uncover users’ IP addresses, posing significant privacy risks. The flaw is tracked as CVE-2024-52940.Security Online
November 21, 2024 – Vulnerabilities
WorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts Full Text
Abstract
This vulnerability, dubbed the “WorkflowKit Race Vulnerability,” targets the extraction and signing processes of shortcuts within WorkflowKit, potentially allowing a malicious app to intercept and modify shortcut files during import.Security Online
November 21, 2024 – Vulnerabilities
CVE-2024-42450 (CVSS 10): Versa Networks Addresses Critical Vulnerability in Versa Director Full Text
Abstract
Versa Networks has issued a security advisory addressing a critical vulnerability (CVE-2024-42450) affecting its Versa Director software. The vulnerability, carries a CVSS score of 10, could allow unauthenticated attackers to access sensitive data.Security Online
November 20, 2024 – Phishing
“Sad announcement” email leads to tech support scam Full Text
Abstract
Tech support scammers are again stooping low with their email campaigns. This one hints that one of your contacts may have met an untimely end. It all starts with an email titled “Sad announcement” followed by a full name of someone you know.Malware Bytes
November 20, 2024 – Attack
Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments Full Text
Abstract
The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic.The Hacker News
November 20, 2024 – Phishing
Amazon and Audible flooded with ‘forex trading’ and warez listings Full Text
Abstract
Amazon, Amazon Music, and Audible, an Amazon-owned online audiobook and podcast service, have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software.Bleeping Computer
November 20, 2024 – Vulnerabilities
Decades-Old Security Vulnerabilities Found in Ubuntu’s Needrestart Package Full Text
Abstract
Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction.The Hacker News
November 20, 2024 – Criminals
Cybercriminals Exploit Weekend Lull to Launch Ransomware Attacks Full Text
Abstract
Ransomware gangs are increasingly targeting weekends and holidays, when cybersecurity teams are typically less staffed, according to a new report. 86% of study participants who experienced a ransomware attack were targeted on a weekend or holiday.Infosecurity Magazine
November 20, 2024 – Vulnerabilities
CVE-2024-51503: Trend Micro Deep Security Agent RCE Vulnerability Fixed Full Text
Abstract
A recently discovered vulnerability in the Trend Micro Deep Security 20 Agent could have allowed attackers to execute arbitrary code on affected machines. The vulnerability, identified as CVE-2024-51503, has been addressed in the latest update.Security Online
November 20, 2024 – Hacker
Unveiling LIMINAL PANDA - Threats to Telecom Sector Full Text
Abstract
LIMINAL PANDA has used compromised telecom servers to initiate intrusions into further providers in other geographic regions. The adversary conducts elements of their intrusion activity using protocols that support mobile telecommunications.Crowdstrike
November 20, 2024 – Vulnerabilities
D-Link urges users to retire VPN routers impacted by unfixed RCE flaw Full Text
Abstract
D-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices.Bleeping Computer
November 20, 2024 – Vulnerabilities
CVE-2024-47533 (CVSS 9.8): Cobbler Vulnerability Exposes Linux Servers to Compromise Full Text
Abstract
A critical vulnerability has been discovered in Cobbler, a popular Linux installation server used for network-based deployments. The vulnerability is tracked as CVE-2024-47533 and assigned a CVSS score of 9.8.Security Online
November 20, 2024 – Phishing
AiTM Phishing, Hold the Gabagool: Analyzing the Gabagool Phishing Kit Full Text
Abstract
The threat actor would initially compromise the user’s mailbox and begin sending phishing emails to other employees. These emails prompt recipients to view an image attached to the email.Medium
November 19, 2024 – Government
CISA Warns of Actively Exploited Vulnerabilities in Kemp LoadMaster and Palo Alto Networks PAN-OS Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about three actively exploited vulnerabilities affecting popular networking and security products.Security Online
November 19, 2024 – Malware
FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications Full Text
Abstract
FrostyGoop is the ninth reported OT-centric malware, but the first that used Modbus TCP communications to impact the power supply to heating services for over 600 apartment buildings.Palo Alto Networks
November 19, 2024 – Criminals
Ransomware Gangs on Recruitment Drive for Pen Testers Full Text
Abstract
Threat actors are actively seeing pen testers to join various ransomware affiliate programs, including Apos, Lynx and Rabbit Hole. Now, ransomware gangs are hiring people with the same level of expertise.Infosecurity Magazine
November 19, 2024 – Attack
Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts Full Text
Abstract
The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events.The Hacker News
November 19, 2024 – Botnet
Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices Full Text
Abstract
Two-thirds of these proxies are based in the U.S." "The network maintains a daily average of roughly 35,000 working bots, with 40% remaining active for a month or longer.The Hacker News
November 19, 2024 – Vulnerabilities
Palo Alto Networks patches two firewall zero-days used in attacks Full Text
Abstract
The first flaw, tracked as CVE-2024-0012, is an authentication bypass found in the PAN-OS management web interface that remote attackers can exploit to gain administrator privileges without requiring authentication or user interaction.Bleeping Computer
November 19, 2024 – Vulnerabilities
Critical RCE bug in VMware vCenter Server now exploited in attacks Full Text
Abstract
?Broadcom has warned that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw. The RCE vulnerability was reported during China's 2024 Matrix Cup hacking contest.Bleeping Computer
November 19, 2024 – Criminals
Ransomware gang Akira leaks unprecedented number of victims’ data in one day Full Text
Abstract
Akira, a ransomware-as-a-service gang with a growing profile in the cybercrime underworld, has published a record number of new victims to its darknet leak site in a single day, and more apparently still being added.The Record
November 19, 2024 – Phishing
Spotify abused to promote pirated software and game cheats Full Text
Abstract
Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, and "warez" sites. By injecting targeted keywords and links in playlist names and podcast descriptions, threat actors may benefit from boosting SEO.Bleeping Computer
November 19, 2024
New ‘Helldown’ Ransomware Variant Expands Attacks to VMware and Linux Systems Full Text
Abstract
Helldown deploys Windows ransomware derived from the LockBit 3.0 code. Given the recent development of ransomware targeting ESX, it appears that the group could be evolving its current operations to target virtualized infrastructures via VMware.The Hacker News
November 16, 2024 – Phishing
Fraud Network Uses 4,700 Fake Shopping Sites to Steal Credit Cards Full Text
Abstract
A threat group known as SilkSpecter, speculated to be from China, is using thousands of fake online stores to steal credit card information from shoppers in the U.S. and Europe.Bleeping Computer
November 16, 2024 – Attack
New LodaRAT Campaign Targets Global Victims with Updated Capabilities Full Text
Abstract
Researchers at Rapid7 have uncovered a new campaign using LodaRAT, a well-known remote access tool active since 2016. The latest variant expands by targeting cookies and credentials from Microsoft Edge and Brave browsers.Security Online
November 16, 2024 – Breach
Microsoft Power Pages Misconfiguration Leads to Data Exposure Full Text
Abstract
Misconfigurations in Microsoft Power Pages are exposing sensitive data. Excessive access permissions allow unauthorized users to access personal information like employee details and internal files.Infosecurity Magazine
November 16, 2024 – Malware
New Glove Stealer Malware Bypasses Chrome’s Cookie Encryption Full Text
Abstract
The new malware named Glove Stealer can get around Google Chrome's App-Bound encryption to steal browser cookies. Security researchers found this malware during a phishing campaign and noted that it is still in the early stages of development.Bleeping Computer
November 16, 2024 – APT
LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign Full Text
Abstract
DeepData v3.2.1228 framework allows for extensive data theft across platforms like WhatsApp, Telegram, Signal, DingDing, and Feishu. It consists of 12 specialized plugins for extracting messaging data, emails, credentials, and system information.Black Berry
November 16, 2024 – General
Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes Full Text
Abstract
Google has stated that scammers are using tactics such as cloaking to impersonate legitimate websites and conduct scams. Cloaking involves showing different content to search engines and users to manipulate search rankings and deceive people.The Hacker News
November 16, 2024 – Attack
Sliver and Ligolo-ng Attack Leverages Y Combinator Brand Full Text
Abstract
Security researchers at Hunt.io have found a recent cyber operation using the Sliver command-and-control (C2) framework and Ligolo-ng tunneling tool. The operation targeted victims using the trusted name of Y Combinator.Security Online
November 16, 2024 – Attack
Sitting Ducks DNS Attacks Put Global Domains at Risk Full Text
Abstract
Using the Sitting Ducks attack, cybercriminals have taken control of many domain names since 2018, impacting numerous well-known companies, non-profits, and government entities.Infosecurity Magazine
November 15, 2024 – Vulnerabilities
Researchers Find New Zero-Day Vulnerability in Fortinet Products Full Text
Abstract
The new vulnerability found by watchTowr triggers FortiJump and includes two file overwrite vulnerabilities. The company stated that Fortinet's patch for FortiJump is ineffective for all exploit methods.Infosecurity Magazine
November 15, 2024 – Vulnerabilities
Synology Issues Patches for Critical Camera Flaws Discovered at Pwn2Own Full Text
Abstract
Security researchers from Viettel Cyber Security and Zien uncovered the vulnerabilities, which could allow remote attackers to execute arbitrary code or commands on affected devices.Security Online
November 13, 2024 – Government
CISA, FBI, and NSA Reveal Top Routinely Exploited Vulnerabilities of 2023 Full Text
Abstract
Twelve out of the top 15 vulnerabilities were addressed last year, highlighting the importance of patching security flaws before they are exploited. The list included vulnerabilities in products from companies like Citrix, Cisco, Fortinet, and more.CISA
November 13, 2024 – Malware
‘GoIssue’ Cybercrime Tool Targets GitHub Developers for Bulk Credential Theft Full Text
Abstract
A cybercrime tool called GoIssue is being sold for $700 on a forum. It helps cyberattackers steal email addresses from GitHub profiles to use for further attacks like malware delivery and data breaches.Dark Reading
November 13, 2024 – Attack
Hamas Tied to October Wiper Attacks Using Eset Email Full Text
Abstract
Check Point Research indicated that WIRTE has expanded from espionage to include disruptive attacks. Evidence shows that the malware employed by this group is connected to SameCoin, a wiper malware that has previously affected Israeli entities.Healthcare Infosecurity
November 13, 2024 – Hacker
North Korean Hackers Create Flutter Apps to Bypass macOS Security Full Text
Abstract
North Korean hackers have created Flutter apps to bypass macOS security measures. They created trojanized Notepad apps and minesweeper games using Flutter, which were signed and notarized by legitimate Apple developer IDs.Bleeping Computer
November 13, 2024 – Breach
Microchip Technology Reports $21.4M Expense From August Cyberattack Full Text
Abstract
Microchip Technology revealed a $21.4 million cost incurred from a cyberattack in August 2024 in its quarterly report. SVP and CFO Eric Bjornholt stated that most of the expenses were due to the underutilization of factories caused by the incident.Cybersecurity Dive
November 13, 2024 – Vulnerabilities
New Exploit Method Targets Google Chrome Without Needing Zero-Days Full Text
Abstract
A security researcher from Imperva found a new way for attackers to target Chrome users without needing zero-day vulnerabilities. Using the File System Access API, websites can read and write to local files when users give permission.Security Online
November 13, 2024 – Solution
Apple’s 45-Day Certificate Proposal: A Call to Action Full Text
Abstract
Apple has proposed a significant change to shorten the lifespan of TLS certificates from 398 days to just 45 days by 2027, with plans to put this proposal to a vote among Certification Authority Browser Forum (CA/B Forum) members soon.Help Net Security
November 13, 2024 – Malware
Unmasking the SEO Poisoning and Malware Networks Behind Fake E-Commerce Sites Full Text
Abstract
A study by Trend Micro, Japanese authorities, and universities exposed a network of SEO malware families behind fake e-commerce scams targeting Japanese users. Nearly 50,000 fake e-commerce sites were reported in 2023.Security Online
November 13, 2024 – Vulnerabilities
Microsoft November 2024 Patch Tuesday Fixes 91 Flaws, Including Four Zero-Days Full Text
Abstract
Microsoft patched two actively exploited zero-days, including CVE-2024-43451, which exposes NTLM hashes with minimal interaction, and CVE-2024-49039, enabling privilege escalation via crafted applications.Bleeping Computer
November 13, 2024 – Vulnerabilities
Citrix Issues Patches for Zero-Day Recording Manager Bugs Full Text
Abstract
Citrix has released patches for two vulnerabilities in its Virtual Apps and Desktop technology that could allow remote attackers to escalate privileges or execute arbitrary code on affected systems.Dark Reading
November 12, 2024 – Malware
New Node.js-based Wish Stealer Targets Discord, Browsers, and Cryptocurrency Wallets Full Text
Abstract
CYFIRMA recently discovered a new malware called “Wish Stealer” that targets Windows users by stealing sensitive information from various sources like Discord, web browsers, cryptocurrency wallets, and social media accounts.Cyfirma
November 12, 2024 – Vulnerabilities
Schneider Electric Warns of Multiple Vulnerabilities in Modicon Controllers Full Text
Abstract
Schneider Electric has issued a security notification regarding critical vulnerabilities in its Modicon M340, Momentum, and MC80 controllers. These programmable automation controllers (PACs) are used to monitor and control industrial operations.Security Online
November 12, 2024 – Hacker
Breaking Down Earth Estries’ Persistent TTPs in Prolonged Cyber Operations Full Text
Abstract
Trend Micro identified two infection chains: the first uses PsExec and WMI for lateral movement, while the second exploits vulnerabilities in Microsoft Exchange servers with ChinaChopper web shell.Trend Micro
November 12, 2024 – Vulnerabilities
SAP Patches Multiple Vulnerabilities in November 2024 Security Patch Day Full Text
Abstract
SAP released eight new security notes and updated two previously released notes to address critical flaws, including cross-site scripting, missing authorization checks, privilege escalation, information disclosure, and NULL pointer dereference.Security Online
November 12, 2024 – Phishing
Microsoft Visio Files Used in Sophisticated Phishing Attacks Full Text
Abstract
Security researchers have noticed a rise in complex phishing attacks using Microsoft Visio files. These attacks use the . vsdx format of Visio, a file type commonly used for business diagrams, to hide malicious URLs and slip past security scans.Infosecurity Magazine
November 12, 2024 – Vulnerabilities
Critical D-Link DSL-6740C Flaw Spotted, Immediate Replacement Advised Full Text
Abstract
TWCERT/CC has identified critical vulnerabilities in the D-Link DSL-6740C modem. These include flaws like unauthorized modification of passwords, arbitrary file reading, and OS command injection.Security Online
November 12, 2024 – Vulnerabilities
Unpatched Epson Devices at Risk Due to Insecure Initial Password Configuration Full Text
Abstract
A new security vulnerability, CVE-2024-47295, has been discovered in SEIKO EPSON products, allowing attackers to gain control of devices with administrative privileges due to an insecure initial password configuration in the Web Config software.Security Online
November 12, 2024 – Malware
Evasive ZIP File Concatenation Used to Deploy Trojan Targeting Windows Users Full Text
Abstract
According to Perception Point, hackers are increasingly using a technique called ZIP file concatenation to hide malicious payloads in compressed archives in a way that security solutions might miss.Perception Point
November 12, 2024 – Vulnerabilities
XStream Security Advisory Warns of a Denial of Service Vulnerability Full Text
Abstract
The issue stems from how XStream’s BinaryStreamDriver handles string value IDs during deserialization, enabling attackers to create input that triggers an endless recursion loop and stack overflow.Security Online
November 12, 2024 – Malware
Industrial Companies in Europe Targeted with GuLoader Full Text
Abstract
The malware employs memory injection techniques to execute malicious payloads without writing files to the disk, evading antivirus software. It includes anti-debugging tools to hinder analysis and injects shellcode into legitimate Windows processes.Help Net Security
November 9, 2024 – Vulnerabilities
Critical Command Injection Flaw Threatens Over 61,000 D-Link NAS Devices Full Text
Abstract
CVE-2024-10914, a critical vulnerability in D-Link NAS devices, affects over 61,000 systems globally. The flaw allows remote attackers to execute commands via HTTP GET requests. It impacts models like DNS-320, DNS-320LW, DNS-325, and DNS-340L.Security Online
November 9, 2024 – Government
NCSC Issues Security Guidance to Help Banish Malicious Adverts and Drive a Secure Advertising Ecosystem Full Text
Abstract
Brands are advised by the National Cyber Security Centre (NCSC) to ensure that their digital advertising partners prioritize cybersecurity, collaboration, and transparency to reduce the risk of malvertising on their websites.NCSC
November 9, 2024 – Vulnerabilities
Cisco NDFC Vulnerability Grants Attackers Extensive Control Full Text
Abstract
This flaw allows authenticated remote attackers to execute SQL commands on affected devices, posing a significant security risk. The vulnerability is due to inadequate user input validation in Cisco NDFC's REST API endpoint and management interface.Security Online
November 9, 2024 – APT
North Korean APT BlueNoroff Targets Macs with Fake Crypto News and Novel Persistence Full Text
Abstract
SentinelLabs found a new type of malware being used by North Korean hackers to target businesses that deal with cryptocurrency. This malware is similar to attacks previously linked to BlueNoroff.SentinelOne
November 9, 2024 – Malware
GodFather Malware Now Targets More Than 500 Banking and Crypto Apps Full Text
Abstract
The GodFather malware has now expanded to target over 500 banking and cryptocurrency applications globally, using sophisticated tactics like phishing sites and native code implementation to evade detection.Security Online
November 9, 2024 – Attack
China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait Full Text
Abstract
MirrorFace, a Chinese state-linked threat actor, targeted a diplomatic organization in the European Union for the first time. The attack used the World Expo 2025 in Osaka, Japan, as a lure.The Hacker News
November 9, 2024 – Attack
Silent Skimmer Gets Loud Again Full Text
Abstract
During a Silent Skimmer campaign in May 2024, attackers gained access to servers by exploiting outdated Telerik UI vulnerabilities, deploying reverse shells, and using tools like GodPotato for privilege escalation.Palo Alto Networks
November 9, 2024 – Phishing
Fake Copyright Infringement Emails Spread Rhadamanthys Full Text
Abstract
The emails are automated, and they look like they come from legal representatives of real companies. Many of these companies are in the technology, media, and entertainment industries.Dark Reading
November 8, 2024 – Vulnerabilities
Authentication Bypass Flaw Impacts Apache ZooKeeper Admin Server Full Text
Abstract
This flaw, rated as "important," exposes the ZooKeeper Admin Server to authentication bypass via client IP spoofing due to weak default IP detection configurations in IP address detection.Security Online
November 8, 2024 – Attack
Threat Actors Behind VEILDrive Campaign Exploit Microsoft Services for C2 Full Text
Abstract
The ongoing threat campaign known as VEILDrive is utilizing Microsoft services such as Teams, SharePoint, Quick Assist, and OneDrive in its operations to distribute spear-phishing attacks and store malware.Hunters
November 7, 2024 – Business
CrowdStrike Acquires Adaptive Shield in $300M Deal to Boost SaaS Security Full Text
Abstract
Cybersecurity giant CrowdStrike has acquired Israeli cyber startup Adaptive Shield for approximately $300 million. Adaptive Shield, founded in 2019, focuses on monitoring and controlling security in cloud environments to prevent potential attacks.Calcalis
November 7, 2024 – Policy and Law
Germany Drafts Law to Protect Researchers Who Find Security Flaws Full Text
Abstract
The Federal Ministry of Justice in Germany is working on a law to protect security researchers who discover and report vulnerabilities to vendors, preventing them from facing criminal charges.Bleeping Computer
November 7, 2024 – Policy and Law
Nigerian Man Sentenced to Over 26 Years in Real Estate Phishing Scams Full Text
Abstract
Nigerian Kolade Ojelade, a resident of the UK, has been sentenced to 26 years in a US prison for conducting phishing scams. He used a "man-in-the-middle" email phishing and spoofing attack to compromise the email accounts of real estate businesses.Security Affair
November 7, 2024 – General
Google Cloud to Mandate MFA for all Users in 2025 Full Text
Abstract
Google Cloud announced that it will require multifactor authentication (MFA) for all users by the end of 2025. The company will roll out MFA in phases and start encouraging users to enroll this month.Cybersecurity Dive
November 7, 2024 – Vulnerabilities
Critical Bug in Cisco UWRB Access Points Allows Attackers to Run Commands as Root Full Text
Abstract
The vulnerability (CVE-2024-20418) lets remote, unauthenticated attackers execute commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points.Security Affairs
November 7, 2024 – Solution
Osmedeus: Open-Source Workflow Engine for Offensive Security Full Text
Abstract
Osmedeus is an open-source workflow engine designed for offensive security. It serves as a versatile foundation, enabling users to easily create customized reconnaissance systems and scale them across extensive target lists.Help Net Security
November 7, 2024 – Criminals
Suspect Behind Snowflake Data-Theft Attacks Arrested in Canada Full Text
Abstract
The investigations by Snowflake, Mandiant, and CrowdStrike revealed that an attacker known as UNC5537 utilized stolen customer credentials to target organizations that lacked multi-factor authentication protection on their Snowflake accounts.Bleeping Computer
November 7, 2024 – Vulnerabilities
New Privilege Escalation Vulnerability in Veritas NetBackup on Windows Reported Full Text
Abstract
Veritas has released a security advisory about a privilege escalation vulnerability in NetBackup on Windows systems. This vulnerability affects the primary server, media server, and client components of NetBackup on Windows.Security Online
November 7, 2024 – Criminals
Massive Nigerian Cybercrime Bust Sees 130 Arrested Full Text
Abstract
In a massive law enforcement operation, the Nigeria Police Force (NPF) has arrested 130 individuals over cybercrime accusations. Prince Olumuyiwa Adejobi, the NPF public relations officer, announced the arrests on X on November 3.Infosecurity Magazine
November 7, 2024 – Malware
Recent Keylogger Malware Attributed to North Korean Group Andariel Full Text
Abstract
Known for targeted cyber espionage, Andariel has utilized this keylogger in attacks on U.S. organizations to gather sensitive information through keystroke and mouse logging.Hybrid Analysis
November 6, 2024 – Vulnerabilities
Stealthy Process Injection Technique via New Kernel Callback Table Exposed Full Text
Abstract
Security researcher Hossam Ehab recently detailed a sophisticated method for process injection on Windows systems, involving manipulation of the Kernel Callback Table within the Process Environment Block (PEB).Security Online
November 6, 2024 – Vulnerabilities
ABB Smart Building Software Flaws Invite In Hackers Full Text
Abstract
Vulnerabilities in a smart building energy management system have been identified, including an unpatched flaw from two years ago that hackers could exploit to take over misconfigured instances exposed to the internet.Bank Infosecurity
November 6, 2024 – Phishing
GPT-4o can be Used for Autonomous Voice-based Scams Full Text
Abstract
Researchers have discovered that OpenAI's real-time voice API for OpenAI's GPT-4o can be exploited for financial scams with moderate success rates. GPT-4o is a new AI model from OpenAI that integrates text, voice, and vision inputs and outputs.Bleeping Computer
November 6, 2024 – Malware
GOOTLOADER Malware Continues to Evolve: Google Researchers Uncover Advanced Tactics Full Text
Abstract
Google researchers recently analyzed GOOTLOADER, a JavaScript downloader used by cybercriminals for ransomware attacks and data exfiltration. This malware is distributed through compromised websites, targeting victims via SEO poisoning.Security Online
November 6, 2024 – Phishing
LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store Full Text
Abstract
LastPass warns users of a social engineering campaign through deceptive reviews on its Chrome Web Store app page. Threat actors post fake reviews to lead users to a fake support number, aiming to collect sensitive information.Security Online
November 6, 2024 – Vulnerabilities
Google Patches Two High-Severity Chrome Vulnerabilities Full Text
Abstract
Google has released a new update for Chrome browser (version 130.0.6723.116/.117) to fix two high-severity vulnerabilities (CVE-2024-10826 and CVE-2024-10827), which could be exploited by cybercriminals.Security Online
November 6, 2024 – Hacker
An Introduction to Operational Relay Box (ORB) Networks - Unpatched, Forgotten, and Obscured Full Text
Abstract
The S2 Research Team at Team Cymru has identified Operational Relay Box (ORB) networks as a rising threat in cybersecurity. These networks combine aspects of VPNs and botnets to enhance anonymity and resilience for threat actors.Cymru
November 6, 2024 – Vulnerabilities
Unpatched XSS Flaw in pfSense Allows Remote Exploits, PoC Published Full Text
Abstract
A critical XSS vulnerability (CVE-2024-46538) has been discovered in pfSense v2.5.2 by security researcher physicszq. This flaw in interfacesgroupsedit.php allows attackers to inject malicious scripts, potentially leading to remote code execution.Security Online
November 6, 2024 – General
OWASP Beefs up GenAI Security Advice Amid Growing Deepfakes Full Text
Abstract
OWASP's guidance focuses on building infrastructure for authenticating human identity in video calls, creating processes for financial transactions, and developing incident-response plans.Dark Reading
November 6, 2024 – Vulnerabilities
PoC Exploit Released for Critical Symlink Flaw in Apple’s iOS Full Text
Abstract
Cybersecurity researchers Maloufi and Mina highlighted CVE-2024-44258, a symlink vulnerability in Apple's ManagedConfiguration framework. This flaw allows attackers to redirect files to restricted areas during backup restoration.Security Online
November 5, 2024 – Malware
Custom “Pygmy Goat” Malware Used in Sophos Firewall Hack on Government Network Full Text
Abstract
The UK's National Cyber Security Centre (NCSC) has analyzed a Linux malware called "Pygmy Goat" that was developed to create backdoors in Sophos XG firewall devices as part of recent attacks by Chinese threat actors.Bleeping Computer
November 5, 2024 – Vulnerabilities
QNAP Patches Zero-Day Flaw in QuRouter Following Pwn2Own Ireland 2024 Exploits Full Text
Abstract
The flaw, CVE-2024-50389, could allow hackers to compromise QuRouter devices, leading to a patch for affected versions 2.4.x. Users are urged to update to version 2.4.5.032 or later immediately.Security Online
November 5, 2024 – Malware
HookBot Uses Advanced Techniques Beyond Keylogging for Data Theft Full Text
Abstract
Netcraft's recent study highlighted HookBot, an advanced Android banking trojan discovered in 2023, that uses overlay attacks, keylogging, and SMS interception to steal sensitive information like banking credentials and passwords.Security Online
November 5, 2024 – Vulnerabilities
Google Researchers Claim First Vulnerability Found Using AI Full Text
Abstract
Researchers from Google Project Zero and Google DeepMind discovered a vulnerability using a large language model (LLM). The vulnerability was found in SQLite, an open-source database engine, and reported to developers before its official release.Infosecurity Magazine
November 5, 2024 – Ransomware
New Interlock Ransomware Found Targeting FreeBSD Servers Full Text
Abstract
A new ransomware group named Interlock has been attacking organizations worldwide by targeting FreeBSD servers with a unique encryptor. Launched in September 2024, Interlock has already hit six organizations, including Wayne County, Michigan.Bleeping Computer
November 5, 2024 – Vulnerabilities
Century Systems Routers Vulnerable to Remote Exploitation Full Text
Abstract
Century Systems Co. , Ltd. has issued a security advisory for their FutureNet NXR series routers due to a critical vulnerability (CVE-2024-50357) with a severity score of 9.8. This flaw allows attackers to exploit exposed REST-APIs remotely.Security Online
November 5, 2024 – APT
APT36 Deploys ElizaRAT and ApoloStealer in Attacks on Indian Targets Full Text
Abstract
Over the past year, APT36 has been observed using three different versions of ElizaRAT in separate campaigns targeting Indian entities, with the latest version using Google Drive for command-and-control communications.Dark Reading
November 5, 2024 – Vulnerabilities
Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning Full Text
Abstract
Security researchers have detected six security vulnerabilities in the Ollama artificial intelligence framework that could be used by attackers for malicious activities like denial-of-service, model poisoning, and model theft.The Hacker News
November 5, 2024 – Vulnerabilities
Okta Fixes Auth Bypass Bug After 3-Month Lull Full Text
Abstract
Okta fixed a bug that could let hackers bypass authentication by using long usernames or lengthy domain names. Cybercriminals could exploit this security hole to access Okta AD/LDAP delegated authentication with just a username.Dark Reading
November 5, 2024 – Malware
Beware of chalk-node: Malicious Package Steals Developer Data Full Text
Abstract
A malicious package called “chalk-node” is pretending to be the legitimate “chalk” library. This imposter package contains a script that steals sensitive data from victims' computers and sends it to external servers.Security Online
November 4, 2024 – Outage
Suspected Ukrainian Cyberattack Knocks Out Parking Enforcement in Russian City Full Text
Abstract
A suspected cyberattack believed to be orchestrated by the Ukrainian Cyber Alliance led to the disruption of the parking enforcement system in the Russian city of Tver. Citizens were able to park for free.The Record
November 4, 2024 – Malware
New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics Full Text
Abstract
Cybersecurity researchers have identified an enhanced version of an Apple iOS spyware known as LightSpy, which not only improves its functionalities but also adds destructive capabilities to prevent a compromised device from booting up.The Hacker News
November 4, 2024 – Attack
Supply Chain Attack on Popular Animation Library Lottie-Player Targets Web3 Users Full Text
Abstract
Malicious actors executed a sophisticated supply chain attack on the widely-utilized JavaScript library lottie-player, infecting versions 2.0.5, 2.0.6, and 2.0.7 with malicious code that prompts a fake Web3 wallet connection.Security Online
November 4, 2024 – Business
Detectify Eyes AppSec Expansion After Insight Partners Buy Full Text
Abstract
Venture capital and private equity firm Insight Partners acquired a majority stake in the Swedish cybersecurity company, Detectify, to combine application security and attack surface management capabilities.Healthcare Infosecurity
November 4, 2024 – Vulnerabilities
Hackers Target Critical Zero-Day Vulnerability in PTZ Cameras Full Text
Abstract
Hackers are targeting PTZOptics pan-tilt-zoom live streaming cameras using two zero-day vulnerabilities, CVE-2024-8956 and CVE-2024-8957. GreyNoise discovered these flaws in April 2024 after noticing unusual activity on its honeypot.Bleeping Computer
November 4, 2024 – Vulnerabilities
PoC Exploit Releases for Critical Flaw in Synology TC500 and BC500 Camera to Get Root Access Full Text
Abstract
Synacktiv cybersecurity researcher Baptiste MOINE discovered a critical format string vulnerability in the Synology TC500 security camera, running on ARM 32-bit architecture.Security Online
November 4, 2024 – Vulnerabilities
Popular WordPress AI Plugin Exposed to Critical Security Risk Full Text
Abstract
This flaw, with a 9.8 CVSS score, allows unauthenticated attackers to upload harmful files to websites, gaining full control. The issue lies in the plugin’s image upload function, failing to validate file types properly.Security Online
November 4, 2024 – Phishing
Xiū Gǒu Phishing Kit Targets the U.S., U.K, Spain, Australia and Japan Full Text
Abstract
The new phishing kit called "Xiu Gou" has been targeting users in the US, UK, Spain, Australia, and Japan since at least September 2024. Discovered by Netcraft, it features a cartoon mascot and over 2000 phishing websites targeting various sectors.Netcraft
November 4, 2024 – Attack
Sophos Mounted Counter-Offensive Operation to Foil Chinese Attackers Full Text
Abstract
Sophos research uncovered adversarial tactics including the Cloud Snooper backdoor, Asnarök botnet campaign, UEFI bootkit exploits, and the CVE-2022-1040 zero-day vulnerability, all intercepted before harming targeted organizations.Help Net Security
November 4, 2024 – Business
Bugcrowd Receives $50M Growth Capital Facility from Silicon Valley Bank Full Text
Abstract
The company intends to use the funds to further scale its AI-powered platform globally, accelerate continued innovation, and leverage opportunities for strategic M&A, providing added value to clients, partners, and the hacker community.Finsmes
November 2, 2024 – Vulnerabilities
LiteSpeed Cache Plugin Vulnerability Poses Admin Access Risk Full Text
Abstract
A vulnerability in the LiteSpeed Cache plugin for WordPress allows unauthorized users to gain administrator-level access, potentially leading to the installation of malicious plugins.Infosecurity Magazine
November 2, 2024 – Government
US and Israel Warn of Iranian Threat Actor’s New Tradecraft Full Text
Abstract
The advisory highlighted new tactics used by Cotton Sandstorm, including new infrastructure tradecraft, harvesting open-source information, and incorporating generative AI in its operations.Infosecurity Magazine
November 1, 2024 – Breach
Attackers Gain Domain Access via Microsoft SharePoint Server Exploit Full Text
Abstract
A recent report by Rapid7 detailed a significant compromise of a Microsoft SharePoint server, resulting in complete domain access for an attacker who utilized various sophisticated techniques.Security Online
November 1, 2024 – Malware
Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware Full Text
Abstract
The malware is distributed through malvertising on platforms like Facebook, YouTube, and LinkedIn, targeting men aged 45 and above with enticing ads to steal browser data. Victims are lured to deceptive sites impersonating legitimate brands.The Hacker News
November 1, 2024 – Vulnerabilities
Hikvision Patches Security Flaw in Network Cameras, Preventing Cleartext Credential Transmission Full Text
Abstract
Hikvision, a prominent provider of network cameras and surveillance systems, has recently issued firmware updates to rectify a security flaw that could compromise users’ Dynamic DNS credentials.Security Online
November 1, 2024 – Malware
Android Malware FakeCall Now Reroutes Bank Calls to Attackers Full Text
Abstract
Beyond voice phishing, FakeCall can capture live audio and video streams from compromised devices without user interaction. The new variant manipulates outgoing calls by setting itself as the default call handler, intercepting and redirecting calls.Bleeping Computer
November 1, 2024 – Vulnerabilities
18-Year-Old Bug in X.Org Server Leaves Systems Vulnerable to Attack Full Text
Abstract
A critical flaw was unearthed in the X.Org Server after being present in the codebase for 18 years. The vulnerability lies in the _XkbSetCompatMap() function, allowing attackers to seize control of affected systems through a buffer overflow attack.Security Online
November 1, 2024 – Breach
Abstract Security Raises $15M in Series A Funding Full Text
Abstract
The Series A round was led by Munich Re Ventures, with participation from existing investors Crosslink Capital and Rally Ventures. The company intends to use the funds to continue its growth trajectory and expand its reach in the industry.Finsmes
November 1, 2024 – Government
CISA Releases Its First Ever International Strategic Plan Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) has released its first international strategic plan to enhance collaboration in combating cyber threats to critical infrastructure.CISA
November 1, 2024 – Vulnerabilities
Critical Vulnerability Patched in Waitress WSGI Server Full Text
Abstract
The Pylons Project has issued a crucial security advisory regarding a vulnerability in the Waitress WSGI server, identified as CVE-2024-49768 with a CVSS score of 9.1. This flaw poses a significant threat to applications utilizing Waitress.Security Online