September, 2024
September 28, 2024 – Vulnerabilities
HPE Patches Three Critical Security Holes in Aruba PAPI Full Text
Abstract
HPE has released patches for three critical security vulnerabilities in Aruba's networking access points, which could allow attackers to run code on the systems by sending specially crafted packets to UDP port 8211.The Register
September 28, 2024 – Attack
BBTok Targeting Brazil Using the AppDomain Manager Injection Technique Full Text
Abstract
The Brazilian-targeted threat BBTok has a complex infection chain that starts with an email containing an ISO image. The malware compiles C# code directly on the infected machine and uses the AppDomain Manager Injection technique.GData Software
September 28, 2024 – Vulnerabilities
Critical RCE Vulnerability Found in OpenPLC Full Text
Abstract
The most severe issue is a stack-based buffer overflow vulnerability (CVE-2024-34026) that allows an attacker to execute remote code. Users are advised to update to the latest version of OpenPLC to protect against these security risks.Security Affairs
September 28, 2024 – Vulnerabilities
Kia Dealer Portal Flaw Could Let Attackers Hack Millions of Cars Full Text
Abstract
The vulnerabilities could be exploited to remotely control Kia vehicles equipped with remote hardware in under 30 seconds, exposing the sensitive personal information of car owners.Bleeping Computer
September 28, 2024 – Breach
China-linked APT group Salt Typhoon compromised some US ISPs Full Text
Abstract
Experts are investigating whether the hackers gained access to Cisco Systems routers, a key component of ISP infrastructures, but Cisco has not found any indication of router involvement.Security Affair
September 28, 2024 – Hacker
Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities Full Text
Abstract
SloppyLemming has been active since at least July 2021 and has targeted the government, law enforcement, energy, education, telecommunications, and technology sectors in countries such as Pakistan, Sri Lanka, Bangladesh, China, Nepal, and Indonesia.The Hacker News
September 28, 2024 – Attack
Hackers Deploy AI-Written Malware in Targeted Attacks Full Text
Abstract
Hackers are now using AI-generated malware in targeted attacks. In a recent email campaign in France, researchers found malicious code crafted with the help of generative AI to distribute the AsyncRAT malware.Bleeping Computer
September 28, 2024 – Vulnerabilities
ChatGPT macOS Flaw Could’ve Enabled Long-Term Spyware via Memory Function Full Text
Abstract
A security flaw in OpenAI's ChatGPT app for macOS, now patched, could have allowed attackers to implant persistent spyware into the AI tool's memory. This could lead to continuous data exfiltration of user information across chat sessions.The Hacker News
September 27, 2024 – Vulnerabilities
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems From Multiple Vendors Full Text
Abstract
Security researchers at Bitsight discovered critical vulnerabilities in Automated Tank Gauge (ATG) systems, including Maglink LX, Maglink LX4, OPW SiteSentinel, Proteus OEL8000, Alisonic Sibylla, and Franklin TS-550.Bitsight
September 27, 2024 – Vulnerabilities
Critical Flaw in HashiCorp Vault Enables Unrestricted SSH Access, Threatens System Security Full Text
Abstract
HashiCorp has released updated versions (1.17.6, 1.16.10, 1.15.15) to fix the flaw, along with a new configuration option to enhance security. Users are advised to upgrade or adjust their configurations to protect against exploitation.Security Online
September 23, 2024 – Vulnerabilities
FreeBSD Issues Critical Security Advisory for CVE-2024-41721 (CVSS 9.8) Full Text
Abstract
The flaw, CVE-2024-41721, in bhyve's USB emulation functionality could lead to malicious code execution, posing a serious threat to systems running vulnerable versions of FreeBSD.Security Online
September 23, 2024 – Vulnerabilities
Critical Dragonfly2 Flaw Due to Hardcoded Key Threatens Admin Access Full Text
Abstract
The flaw, tracked as CVE-2023-27584, stems from a hard-coded cryptographic key used in the authentication process, posing a serious risk of unauthorized access, including admin-level privileges.Security Online
September 23, 2024 – Vulnerabilities
Critical Grafana Plugin SDK Flaw Exposes Sensitive Information Full Text
Abstract
This flaw, tracked as CVE-2024-8986 with a CVSS score of 9.1, could lead to the unintentional exposure of sensitive information, such as repository credentials, due to the build metadata being included in compiled binaries.Security Online
September 23, 2024 – Vulnerabilities
Keycloak Vulnerability Puts SAML Authentication at Risk Full Text
Abstract
The vulnerability lies in Keycloak's XMLSignatureUtil class, which incorrectly verifies SAML signatures, disregarding the vital "Reference" element that specifies the signed portion of the document.Security Online
September 23, 2024 – Government
DOJ, FBI Need Better Metrics for Tracking Ransomware Disruption Efforts, Audit Finds Full Text
Abstract
An audit found that both the DOJ and FBI need to improve in three key areas to enhance their fight against ransomware. While the FBI reported an improvement in taking action within 72 hours in 47% of incidents, there is still room for progress.The Record
September 23, 2024 – Cryptocurrency
More Than $44 Million in Cryptocurrency Stolen From Singaporean Platform Bingx Full Text
Abstract
Singaporean cryptocurrency platform BingX was hit by a cyberattack resulting in the theft of over $44 million. The attack was detected by two blockchain security firms, leading to a temporary suspension of withdrawals and emergency asset transfers.The Record
September 23, 2024 – Policy and Law
US DoJ Charged Two Men With Stealing and Laundering $230 Million Worth of Cryptocurrency Full Text
Abstract
Two suspects, Malone Lam and Jeandiel Serrano, were arrested by the US Department of Justice for stealing and laundering over $230 million worth of cryptocurrency in Miami.Security Affairs
September 23, 2024 – Business
Picus Security Raises $45M in Funding Full Text
Abstract
Picus Security, a San Francisco, CA-based security validation company, raised $45M in funding. The round, which brought total funds raised to $80M, was led by Riverwood Capital, with participation from existing investor Earlybird Digital East Fund.Finsmes
September 23, 2024 – Solution
GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging Full Text
Abstract
The GSM Association is working on implementing end-to-end encryption for Rich Communications Services (RCS) messaging between Android and iOS. This important step aims to enhance user protection and secure messages across platforms.The Hacker News
September 23, 2024 – Breach
AT&T Pays $13 Million FCC Settlement Over 2023 Data Breach Full Text
Abstract
The breach occurred when threat actors gained access to customer data of about 9 million AT&T wireless accounts stored by a vendor. This exposed sensitive customer information like account numbers, phone numbers, and email addresses.Bleeping Computer
September 21, 2024 – Vulnerabilities
Patch this Critical Safeguard for Privileged Passwords Authentication Bypass Flaw Full Text
Abstract
Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access.Help Net Security
September 21, 2024
CISA Adds Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and MSSQL Server Bugs to its KEV Catalog Full Text
Abstract
These vulnerabilities can lead to remote code execution and privilege escalation, posing a significant risk to affected systems. For example, the Oracle JDeveloper vulnerability can allow attackers to compromise the software and take over the system.Security Affairs
September 21, 2024 – Attack
Clever ‘GitHub Scanner’ Campaign Abusing Repositories to Push Malware Full Text
Abstract
A sophisticated campaign is using GitHub repositories to spread the Lumma Stealer malware, targeting users interested in open-source projects or receiving email notifications from them.Bleeping Computer
September 21, 2024 – Cryptocurrency
Germany Seizes 47 Crypto Exchanges Used by Ransomware Gangs Full Text
Abstract
These exchanges allowed users to trade cryptocurrencies anonymously, creating a safe environment for cybercriminals to launder their proceeds without fear of prosecution.Bleeping Computer
September 21, 2024 – Vulnerabilities
Microsoft Entra ID’s Administrative Units Weaponized to Gain Stealthy Persistence Full Text
Abstract
Datadog Security Labs recently revealed a security risk within Microsoft Entra ID, showing how its administrative units (AUs) can be weaponized by attackers to create persistent backdoor access.Security Online
September 20, 2024 – Malware
Hackers Deliver Popular Crypto-Miner Through Malicious Email Auto Replies, Researchers Say Full Text
Abstract
Hackers are distributing a popular crypto-miner via malicious email auto-replies, as per researchers. They compromised email accounts to send innocent automatic replies with links to crypto-mining malware, specifically XMRig.The Record
September 20, 2024 – APT
UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks Full Text
Abstract
UNC1860 has been observed using victim networks as staging areas for additional operations, targeting entities in Saudi Arabia and Qatar. They overlap with APT34, assisting in lateral movement within compromised organizations.September 20, 2024 – Vulnerabilities
Acronis Backup Plugins Hit by CVE-2024-8767: CVSS 9.9 Severity Alert Full Text
Abstract
Acronis Backup Plugins have been affected by a critical security flaw, CVE-2024-8767 (CVSS 9.9). The vulnerability impacts Linux-based plugins for cPanel & WHM, Plesk, and DirectAdmin, potentially leading to data breaches and unauthorized operations.Security Online
September 20, 2024 – Botnet
Experts Warn of China-Linked APT’s Raptor Train IoT Botnet Full Text
Abstract
The attribution of the Raptor Train botnet to a Chinese nation-state actor is based on various factors, including operational timelines, targeting sectors aligned with Chinese interests, and the use of the Chinese language.Security Affairs
September 20, 2024 – Vulnerabilities
CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet FortiClient EMS Full Text
Abstract
Cybersecurity researchers at Darktrace have discovered cybercriminals exploiting Fortinet’s FortiClient EMS. The attackers targeted a critical vulnerability, CVE-2023-48788, to gain unauthorized access through an SQL injection flaw.Security Online
September 19, 2024 – Vulnerabilities
Microsoft Confirms CVE-2024-37985 as Zero-Day Bug in Windows Full Text
Abstract
Microsoft has confirmed CVE-2024-37985 as a zero-day bug in Windows with a CVSS score of 5.9. It is a Windows Kernel information disclosure vulnerability, allowing attackers to access heap memory from a privileged process on a vulnerable server.Security Online
September 19, 2024 – Attack
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC Region Full Text
Abstract
In this campaign aimed at the APAC region, Earth Baxia used a new backdoor named EAGLEDOOR, which supports multiple communication protocols for information gathering and payload delivery.TrendMicro
September 19, 2024 – Government
CISA Warns of Actively Exploited Adobe Flash Player Vulnerabilities Full Text
Abstract
The CISA has directed federal agencies to remove Flash Player by October 8, 2024, to safeguard sensitive data and critical operations. Adobe officially ended Flash Player support in 2020, recognizing its security risks.Security Online
September 19, 2024 – Ransomware
Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector Full Text
Abstract
Microsoft said Vanilla Tempest has been active since at least July 2022, with previous attacks targeting education, healthcare, IT, and manufacturing sectors using various ransomware families such as BlackCat, Quantum Locker, Zeppelin, and Rhysida.The Hacker News
September 19, 2024 – Business
BlackCloak Raises $17M to Boost Cybersecurity for Executives Full Text
Abstract
Using the fresh funding, the company plans to improve its threat modeling and deepfake protection services to safeguard high-profile individuals from cyber threats in their personal lives.Bank Infosecurity
September 19, 2024 – Vulnerabilities
Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution Full Text
Abstract
Broadcom has released a patch for a critical security flaw in VMware vCenter Server, allowing remote code execution through a heap overflow vulnerability in the DCE/RPC protocol (CVE-2024-38812).The Hacker News
September 19, 2024 – Solution
Snowflake Moves to MFA, 14-Character Passwords Full Text
Abstract
Snowflake, a cloud-based data warehousing platform, has implemented default multifactor authentication and a minimum 14-character password requirement following cyberattacks in June affecting multiple customers.Bank Infosecurity
September 19, 2024 – Criminals
Marko Polo Cybercrime Gang Targets Cryptocurrency Users, Influencers With Scams Full Text
Abstract
The group primarily focuses on online gaming personalities, cryptocurrency influencers, and technology professionals, enticing them with fake job opportunities on social media that lead to downloading malicious software.The Record
September 19, 2024 – Business
RunSafe Security Raises $12M to Drive Global Expansion and Product Development Full Text
Abstract
The Series B funding was led by Critical Ventures and SineWave Venture Partners, with other key investors joining in to support RunSafe's mission to protect critical systems from global threats.Silicon Angel
September 19, 2024 – Vulnerabilities
Update: PKfail Secure Boot Bypass Remains a Significant Risk Two Months Later Full Text
Abstract
Approximately nine percent of tested firmware images use non-production cryptographic keys that are publicly known, making Secure Boot devices vulnerable to UEFI bootkit malware attacks.Bleeping Computer
September 17, 2024 – Policy and Law
US Hits Intellexa Spyware Maker With More Sanctions Full Text
Abstract
The US has imposed further sanctions on Intellexa, the maker of the Predator spyware, targeting individuals and entities associated with the company due to its opaque corporate structure designed to evade accountability.The Record
September 17, 2024 – Vulnerabilities
Update: PoC Exploit Released for Windows Hyper-V Zero-Day Vulnerability Full Text
Abstract
This critical flaw, actively exploited in the wild, allows attackers to elevate privileges to SYSTEM level, posing a significant risk to organizations using Microsoft's Hyper-V virtualization technology.Security Online
September 17, 2024 – Malware
EchoStrike: Generate Undetectable Reverse Shells, Perform Process Injection Full Text
Abstract
EchoStrike features an interactive Python wizard for easy customization, various persistence techniques, binary padding for evasion, AES payload encryption, and dynamic binary download.Help Net Security
September 17, 2024 – Cryptocurrency
North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware Full Text
Abstract
North Korean hackers are using RustDoor malware to target cryptocurrency users on LinkedIn, posing as recruiters for legitimate decentralized finance (DeFi) companies like STON.fi.THe Hacker News
September 17, 2024 – Encryption
Chrome Switching to NIST-Approved ML-KEM Quantum Encryption Full Text
Abstract
Google is updating Chrome's post-quantum cryptography to defend against quantum computer attacks. The new encryption system, ML-KEM, replaces Kyber for enhanced security.Bleeping Computer
September 17, 2024 – Vulnerabilities
Supply Chain Attack on Google Cloud Composer Could Have Resulted in Remote Code Execution Full Text
Abstract
Google has addressed a critical security flaw in Google Cloud Platform (GCP) Composer that could have allowed remote code execution via a supply chain attack known as dependency confusion.Tenable
September 17, 2024 – Vulnerabilities
Critical Vulnerability in AutoGPT Puts Over 166,000 Projects at Risk Full Text
Abstract
A critical vulnerability, CVE-2024-6091 (CVSS 9. 8), has been found in AutoGPT, a popular AI tool with over 166,000 projects at risk. The flaw allows for OS Command Injection, potentially enabling unauthorized actions.Security Online
September 17, 2024 – Cryptocurrency
Rising Clipper Malware Attacks Target Cryptocurrency Users Full Text
Abstract
The malicious software called ClipBankers can monitor clipboard activity and replace cryptocurrency addresses with those controlled by attackers, diverting digital asset transfers to rogue wallets.The Hacker News
September 17, 2024 – Vulnerabilities
Zero-Click Calendar Invite: Critical macOS Vulnerability Chain Uncovered Full Text
Abstract
The vulnerability, tracked as CVE-2022-46723, enables attackers to manipulate files within the macOS Calendar app environment and execute remote code during system upgrades.Security Online
September 17, 2024 – Breach
23andMe Pledges $30 Million to the 6.4 Million People Affected by Data Breach Full Text
Abstract
23andMe has pledged $30 million to compensate the 6.4 million people affected by a data breach in October 2023. The breach occurred when a hacker used stolen credentials to access a significant amount of account information, including health data.The Record
September 14, 2024 – Vulnerabilities
GitLab Warns of Critical Pipeline Execution Vulnerability Full Text
Abstract
GitLab released updates covering versions 17.1.7, 17.2.5, and 17.3.2 for GitLab Community Edition (CE) and Enterprise Edition (EE), addressing a total of 18 security issues.Bleeping Computer
September 14, 2024 – Malware
TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud Full Text
Abstract
Cybersecurity researchers at Cleafy discovered a new variant of the TrickMo Android banking trojan that evades analysis and displays fake login screens to steal banking credentials.The Hacker News
September 14, 2024 – Attack
Fileless Remcos RAT Campaign Leverages CVE-2017-0199 Flaw Full Text
Abstract
In a newly uncovered advanced malware campaign, threat actors are using a complex, fileless approach to deliver the Remcos Remote Access Trojan (RAT), leveraging a benign-looking Excel document as the attack vector.Security Online
September 14, 2024 – Government
Chinese-Made Port Cranes in US Included ‘Backdoor’ Modems, House Report Says Full Text
Abstract
A recent congressional investigation revealed that Chinese-made port cranes in the United States contained hidden modems that could provide unauthorized access to the machines.The Record
September 14, 2024 – Malware
New Android Malware Ajina.Banker Steals 2FA Codes, Spreads via Telegram Full Text
Abstract
Discovering the threat in May 2024, Group-IB highlighted that the malware is spread through Telegram channels disguised as legitimate banking and government service applications.HackRead
September 14, 2024 – Government
Hackers Have Sights Set on Four Microsoft Vulnerabilities, CISA Warns Full Text
Abstract
Federal civilian agencies have until the end of the month to address these issues. The vulnerabilities are part of Microsoft's monthly security release, with CVE-2024-43491 considered the most concerning due to its severity score.The Record
September 14, 2024 – Attack
Targeted Campaigns in Retail Sector Involve Domain Fraud, Brand Impersonation, and Ponzi Schemes Full Text
Abstract
Threat actors are actively engaging in domain fraud, brand impersonation, and Ponzi schemes targeting the retail sector, which plays a significant role in the global economy.Domain Tools
September 14, 2024 – Malware
New Vo1d Malware Infects 1.3 Million Android Streaming Boxes Full Text
Abstract
The Vo1d malware campaign targets specific Android firmware versions like Android 7.1.2 and Android 10.1. The malware modifies system files to launch itself on boot and persist on the device.Bleeping Computer
September 14, 2024 – Attack
Update: Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities Full Text
Abstract
Trend Micro researchers uncovered remote code execution attacks targeting Progress Software's WhatsUp Gold using the vulnerabilities tracked as CVE-2024-6670 and CVE-2024-6671.Trend Micro
September 14, 2024 – Vulnerabilities
Citrix Workspace App Users Urged to Update Following Two Privilege Escalation Flaws Full Text
Abstract
Users of Citrix Workspace App are advised to update due to two privilege escalation flaws. Cloud Software Group disclosed vulnerabilities (CVE-2024-7889 & CVE-2024-7890) in the Windows app, allowing attackers to gain high-level access.Security Online
September 12, 2024 – General
Global Cybersecurity Workforce Growth Flatlines, Stalling at 5.5 Million Pros Full Text
Abstract
According to ISC2, the global cybersecurity workforce growth has stagnated at 5. 5 million professionals, increasing by just 0. 1% in a year, marking the sector's first stall since 2019.Cybersecurity Dive
September 12, 2024 – Solution
DockerSpy: Search for Images on Docker Hub, Extract Sensitive Information Full Text
Abstract
Created to combat data leaks within publicly available Docker images, DockerSpy automates the process of scanning for secrets to enhance security and compliance. Its scanning engine can identify various secret types and provides detailed analysis.Help Net Security
September 12, 2024 – Ransomware
Inc Ransom Attack Analysis: Extortion Methodologies Full Text
Abstract
The attack lifecycle involved initial access gained through a firewall vulnerability, followed by enumeration of network shares and lateral movement using Impacket and pass-the-hash attacks.ReliaQuest
September 12, 2024 – Government
India Needs Better Cybersecurity for Space Systems Full Text
Abstract
Dr. Sreedhara Panicker Somanath, chairman of the Indian Space Research Organization, emphasized the importance of cybersecurity for the entire system during the recent inauguration of a cybersecurity training center.Dark Reading
September 12, 2024 – Education
Cybersecurity is a Fundamental Component of Patient Care and Safety Full Text
Abstract
A multipronged cybersecurity approach is necessary for the healthcare sector, involving technology investments, staff training, and collaboration between stakeholders to develop industry-wide standards and best practices.Help Net Security
September 12, 2024 – Vulnerabilities
Microsoft Fixes Windows Smart App Control Zero-Day Exploited Since 2018 Full Text
Abstract
Threat actors have been using this flaw, now labeled as CVE-2024-38217, to bypass Smart App Control and MotW security features to run potentially dangerous applications without warnings.Bleeping Computer
September 12, 2024 – General
Cyber Staffing Shortages Remain CISOs’ Biggest Challenge Full Text
Abstract
A recent report by Command Zero highlights the struggles CISOs and their teams are dealing with, including navigating the skills gap in the cyber field and operating commonly used tools effectively.Dark Reading
September 12, 2024 – Criminals
New RansomHub Attack Uses TDSSKiller and LaZagne, Disables EDR Full Text
Abstract
The RansomHub ransomware gang has been found using Kaspersky's TDSSKiller tool to disable EDR software on target systems, allowing for credential harvesting with LaZagne.Threat Down
September 12, 2024 – Solution
Kali Linux 2024.3 Released: 11 New Tools, Qualcomm Snapdragon SDM845 SoC Support Full Text
Abstract
Kali Linux 2024. 3 has been released with 11 new tools and added support for Qualcomm Snapdragon SDM845 SoC devices. This release emphasizes behind-the-scenes updates and optimization.Help Net Security
September 12, 2024 – Vulnerabilities
Microsoft Discloses Four Zero-Days in September Update Full Text
Abstract
Microsoft recently revealed four zero-day vulnerabilities in its September update, part of the Patch Tuesday release containing 79 vulnerabilities, making it the fourth-largest release of the year.Dark Reading
September 11, 2024 – Government
UK’s ICO and NCA Sign Memorandum to Boost Reporting and Resilience Full Text
Abstract
The UK’s data protection watchdog and serious and organized crime agency have signed a memorandum of understanding (MoU) designed to enhance cooperation and reaffirm their commitment to helping victim organizations.Infosecurity Magazine
September 11, 2024 – General
Tech Stack Uniformity has Become a Systemic Vulnerability Full Text
Abstract
By recognizing the importance of diversity in technology stacks and incorporating it into security protocols and incident response plans, companies can proactively protect their infrastructure and reduce the likelihood of catastrophic events.Help Net Security
September 11, 2024 – Policy and Law
DoJ Distributes $18.5 Million to Western Union Fraud Victims Full Text
Abstract
The U.S. Department of Justice has distributed $18. 5m to about 3000 victims of fraud facilitated by Western Union. This is part of the second phase of the Western Union Remission program, which aims to fully compensate victims.Infosecurity Magazine
September 11, 2024 – General
Security Budgets Continue Modest Growth, but Staff Hiring Slows Considerably, Research Finds Full Text
Abstract
Security budgets are seeing modest growth in 2024, with an 8% increase compared to a 6% growth in 2023. However, hiring of security staff has significantly slowed down, according to a report by IANS Research and Artico Search.Cybersecurity Dive
September 11, 2024 – Denial Of Service
DDoS Attacks Double With Governments Most Targeted Full Text
Abstract
DDoS attacks have doubled, with governments being the most targeted sector, according to StormWall's report. The number of DDoS incidents globally increased by 102% in the first half of 2024 compared to the same period in 2023.Infosecurity Magazine
September 11, 2024 – Botnet
Quad7 Botnet Targets More SOHO and VPN Routers, Media Servers Full Text
Abstract
Quad7 botnet is expanding its reach by targeting additional SOHO devices with custom malware for Zyxel VPN appliances, Ruckus wireless routers, and Axentra media servers, in addition to previously reported TP-Link and ASUS routers.Bleeping Computer
September 11, 2024 – Education
AI Cybersecurity Needs to be as Multi-Layered as the System it’s Protecting Full Text
Abstract
LLMs can be manipulated to generate harmful outputs through malicious prompts, posing risks to enterprises. To counter these attacks, companies must focus on the design, development, deployment, and operation of their AI systems.Help Net Security
September 11, 2024 – Attack
Chinese ‘Crimson Palace’ Espionage Campaign Keeps Hacking Southeast Asian Governments Full Text
Abstract
A sophisticated trio of Chinese cyberespionage groups known as Cluster Alpha, Cluster Bravo, and Cluster Charlie are behind the Crimson Palace espionage campaign targeting government organizations in Southeast Asia.The Record
September 11, 2024 – Government
DHS Cyber Review Board Will Announce Next Investigation ‘Soon’ Full Text
Abstract
The DHS Cyber Safety Review Board, led by Homeland Security officials, is preparing to announce its next investigation soon, as hinted by DHS undersecretary Rob Silvers. Silvers mentioned criteria for incident review but did not reveal details.The Record
September 11, 2024 – Government
CISA adds SonicWall SonicOS, ImageMagick, and Linux Kernel Bugs to its Known Exploited Vulnerabilities catalog Full Text
Abstract
. The ImageMagick vulnerability (CVE-2016-3714) could allow remote code execution through crafted images. Linux Kernel flaw (CVE-2017-1000253) enables privilege escalation for unpatched systems.Security Affairs
September 10, 2024 – Government
CISA Flags ICS Bugs in Baxter, Mitsubishi Products Full Text
Abstract
CISA has identified vulnerabilities in industrial control system products from Baxter and Mitsubishi that are commonly used in healthcare and critical manufacturing sectors. Both the firms have released advisories with mitigation measures.Dark Reading
September 10, 2024 – Criminals
Poland Dismantles Cyber Sabotage Group Linked to Russia, Belarus Full Text
Abstract
Poland has dismantled a cyber sabotage group with links to Russia and Belarus. The group attempted to disrupt the country through cyberattacks, extorting information from local government agencies and state companies related to security matters.The Record
September 10, 2024 – Attack
Kimsuky-linked Hackers Use Similar Tactics to Attack Russia and South Korea Full Text
Abstract
Known as Konni, the threat actor uses similar tactics in both countries since at least 2021, targeting entities like the Russian Ministry of Foreign Affairs, the Russian Embassy in Indonesia, and South Korean businesses, including a tax law firm.The Record
September 10, 2024 – Malware
Predator Spyware Roars Back with New Infrastructure, Evasive Tactics Full Text
Abstract
Researchers have warned of the resurgence of Predator spyware, previously thought to be inactive due to sanctions and exposure, thanks to new infrastructure and evasive tactics.Security Online
September 10, 2024 – APT
Chinese APT Group Abuses Visual Studio Code to Target Government in Asia Full Text
Abstract
Chinese APT group Stately Taurus exploited Visual Studio Code to target government entities in Southeast Asia for cyberespionage. They utilized the software's reverse shell feature to infiltrate networks, a technique first detected in 2023.Palo Alto Networks
September 10, 2024 – Attack
‘TIDrone’ Cyberattackers Target Taiwan’s Drone Manufacturers Full Text
Abstract
TIDrone, linked to Chinese-speaking groups, deploys advanced malware through ERP software or remote desktop tools. Trend Micro identified the threat actor as actively pursuing military and satellite industrial supply chains in Taiwan.Dark Reading
September 10, 2024 – General
Underground Demand for Malicious LLMs is Robust Full Text
Abstract
The underground market for malicious large language models (LLMs) is thriving, according to researchers from Indiana University Bloomington. They found 212 malicious LLMs for sale from April through September 2024.Bank Infosecurity
September 10, 2024 – General
Key Cyber Insurance Stakeholders Urge Government To Help Close $900B in Uncovered Risk Full Text
Abstract
Marsh McLennan and Zurich Insurance Group have issued a white paper highlighting the need for a public-private partnership to help close this significant coverage gap, which poses a threat to both businesses and the economy.Cybersecurity Dive
September 10, 2024 – Attack
Cybercriminals Target Latin American Banks with Mekotio, BBTok, and Grandoreiro Trojans Full Text
Abstract
These campaigns aim to steal sensitive banking credentials using innovative tactics, expanding beyond traditional regions like Brazil and Argentina to industries such as manufacturing, retail, and financial services.Security Online
September 10, 2024 – Malware
Spyware Vendors’ Nebulous Ecosystem Helps Them Evade Sanctions Full Text
Abstract
Spyware vendors have developed a complex ecosystem that enables them to evade sanctions effectively by utilizing a network of interconnected entities across various jurisdictions.Infosecurity Magazine
September 7, 2024 – Attack
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar Full Text
Abstract
The BlindEagle APT group has recently targeted the Colombian insurance sector. The attack chain starts with a phishing email impersonating DIAN, the Colombian tax authority.ZScalar
September 7, 2024 – Vulnerabilities
Veeam Backup & Replication Faces RCE Flaw Allows Full System Takeover Full Text
Abstract
A critical Remote Code Execution (RCE) flaw, CVE-2024-40711, with a CVSS score of 9. 8 has been discovered in Veeam Backup & Replication, allowing unauthorized attackers to take full control over systems.Security Online
September 7, 2024 – Vulnerabilities
Apache fixes critical OFBiz remote code execution vulnerability Full Text
Abstract
Apache has addressed a critical remote code execution vulnerability in its OFBiz software, which could allow attackers to run malicious code on Linux and Windows servers. OFBiz is a CRM and ERP suite that serves as a Java-based web framework.Bleeping Computer
September 7, 2024 – Ransomware
Fog Ransomware Now Targeting the Financial Sector Full Text
Abstract
Fog, a variant of STOP/DJVU family, targets various sectors, exploiting VPN vulnerabilities to infiltrate network defenses. After infiltration, Fog ransomware disables protective measures, encrypts vital files, and demands ransom via the Tor network.Adlumin
September 7, 2024 DarkCracks
New Stealthy Malware Campaign Dubbed DarkCracks Exploits GLPI and WordPress Sites Full Text
Abstract
DarkCracks isn’t your typical malware campaign—it’s a sophisticated Launcher designed for long-term exploitation. It deploys malicious payloads through public websites, like school portals and booking systems, to infect unsuspecting users.Security Online
September 7, 2024 – Cryptocurrency
Penpie DeFi platform files reports with FBI, Singapore police after $27 million crypto theft Full Text
Abstract
The Penpie DeFi platform recently reported a $27 million cryptocurrency theft to the FBI and Singapore police. Hackers targeted the protocol, stealing ethereum and prompting Penpie to halt withdrawals and deposits.The Record
September 7, 2024 – Ransomware
CyberVolk Ransomware: A New and Evolving Threat to Global Cybersecurity Full Text
Abstract
CyberVolk, infamous for DDoS attacks and data breaches, has gained particular notoriety for its ransomware, detected in July 2024, due to its advanced features and capabilities.Security Online
September 6, 2024 – Vulnerabilities
OpenStack Ironic Users Urged to Patch Critical Vulnerability Full Text
Abstract
The flaw, discovered by security researchers at Red Hat and G-Research, could lead to unauthorized access to sensitive data through mishandled images processed by qemu-img.Security Online
September 6, 2024 – Cryptocurrency
New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition Full Text
Abstract
A new mobile malware called SpyAgent has been uncovered by McAfee's Mobile Research Team. This malware targets mnemonic keys used for cryptocurrency wallets by scanning for images containing them on your device.Macfee
September 6, 2024 – Government
Sami Khoury, Head of Canada’s Cyber Agency, Starts New Role in Government Full Text
Abstract
Sami Khoury, the head of Canada's cyber agency, is moving to a new role as the government's senior official for cybersecurity after leading the Canadian Centre for Cyber Security (CCCS) since August 2021.The Record
September 5, 2024 – Vulnerabilities
Litespeed Cache Flaw Exposes Millions of WordPress Sites to Takeover Attacks Full Text
Abstract
Discovered by security researcher Rafie Muhammad, the flaw allows unauthorized users to take control of logged-in accounts, potentially gaining administrator privileges on WordPress sites.Security Online
September 5, 2024 – Attack
Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government Full Text
Abstract
This campaign, active since July, utilizes at least three malicious ISO files to compromise Malaysian entities, containing components like a malicious executable and a decoy PDF file, ultimately delivering the Babylon RAT as a final payload.Cyble
September 5, 2024 – Vulnerabilities
Cisco Fixes Root Escalation Vulnerability With Public Exploit Code Full Text
Abstract
Local attackers can exploit this weakness through malicious CLI commands without user interaction, but only if they have Administrator privileges. So far, there is no evidence of this vulnerability being exploited in the wild.Bleeping Computer
September 5, 2024 – Vulnerabilities
Cisco Warns of Backdoor Admin Account in Smart Licensing Utility Full Text
Abstract
Cisco has issued a warning about a backdoor admin account discovered in the Cisco Smart Licensing Utility (CSLU), allowing unauthorized access to unpatched systems. This critical flaw (CVE-2024-20439) enables remote access with admin privileges.Bleeping Computer
September 5, 2024 – Vulnerabilities
EUCLEAK Attack Allows Yubico Security Keys to be Cloned Full Text
Abstract
Despite this, the risk is limited as attackers would need physical access to the device, specific knowledge of targeted accounts, and specialized equipment for the attack.Help Net Security
September 5, 2024 – Vulnerabilities
Google Fixed Actively Exploited Android Privilege Escalation Flaw (CVE-2024-32896) Full Text
Abstract
Google has patched a high-severity vulnerability, known as CVE-2024-32896, in its Android OS actively exploited in the wild. The issue involves a privilege escalation in the Android Framework component.Security Affairs
September 5, 2024 – Attack
Revival Hijack Attack Puts 22,000 PyPI Packages at Risk of Hijack Full Text
Abstract
This method could potentially lead to numerous malicious package downloads. The attack involves hijacking popular projects by registering new projects under the names of removed packages on PyPI.JFrog
September 5, 2024 – Government
CISA Warns of Three Actively Exploited Vulnerabilities That Demand Immediate Attention Full Text
Abstract
Two vulnerabilities, CVE-2021-20123 and CVE-2021-20124, pose serious risks for Draytek VigorConnect routers, potentially leading to unauthorized access to sensitive files. Another vulnerability, CVE-2024-7262, affects Kingsoft WPS Office.Security Online
September 5, 2024 – Ransomware
RomCom Group’s Underground Ransomware Exploits Microsoft Zero-Day Flaw Full Text
Abstract
A new ransomware variant named Underground, linked to the Russia-based RomCom group, encrypts files on victims’ Windows machines and demands a ransom for decryption. It has been active since July 2023.Security Online
September 5, 2024 – Government
FBI Warns Crypto Firms of Aggressive Social Engineering Attacks Full Text
Abstract
The FBI issued a warning about aggressive social engineering attacks by North Korean hacking groups targeting cryptocurrency firms. The attacks involve deploying malware to steal crypto assets through highly targeted tactics that are hard to detect.Bleeping Computer
September 4, 2024 – Government
US Government Isn’t Ready for Cyber Chaos in the Food and Agriculture Sector Full Text
Abstract
The industry remains largely unscathed by cyber threats, but recent events like the JBS ransomware attack highlight vulnerabilities. The sector's increased automation makes it a target for hackers, posing risks to the US food supply.The Record
September 4, 2024 – General
Initial Access Brokers Target $2bn Revenue Companies Full Text
Abstract
Initial Access Brokers (IABs) are now targeting companies with revenues reaching $2 billion, particularly in the US and business services sector, according to new research from Cyberint.Infosecurity Magazine
September 4, 2024 – General
Ransomware Crisis Deepens as Attacks and Payouts Rise Full Text
Abstract
The ransomware crisis is escalating, with a surge in attacks and payouts. New ransomware groups like PLAY and Medusa have led a wave of attacks in the second quarter, following the takedown of LockBit and BlackCat.Help Net Security
September 4, 2024 – Phishing
Travelers Targeted in New Booking.com Phishing Scam Full Text
Abstract
The attack involves compromising hotel managers' accounts to access customer reservation systems, ultimately tricking hotel guests via the Booking.com app. The scheme utilizes a fake domain to deceive users and harvest sensitive data.Security Online
September 4, 2024 – Malware
Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion Full Text
Abstract
The highly obfuscated KTLVdoor malware has versions for both Microsoft Windows and Linux, allowing attackers to perform tasks like file manipulation, command execution, and remote port scanning.Trend Micro
September 4, 2024 – Policy and Law
Dutch Privacy Watchdog Fines Clearview AI $34 Million for ‘Illegal’ Database of Faces Full Text
Abstract
The Dutch Data Protection Authority (Dutch DPA) fined Clearview AI $34 million for the illegal creation of a facial image database. If Clearview AI does not comply, an additional fine of up to $5.5 million will be imposed.The Record
September 4, 2024 – Malware
Emansrepo Stealer: Multi-Vector Attack Chains Full Text
Abstract
The Python-based infostealer collects user information, text files, PDF files, browser data, crypto wallets, game platforms, browser extensions, and cookies. The stolen data is sent via email to the attacker.Fortinet
September 4, 2024 – General
Ransomware Gangs Pummel Southeast Asia Full Text
Abstract
According to telemetry data from Trend Micro, Ransomware attacks in Southeast Asia are on the rise in 2024, with major incidents in countries like Thailand, Japan, South Korea, Singapore, Taiwan, and Indonesia.Dark Reading
September 4, 2024 – Vulnerabilities
VMware Fixed a Code Execution Flaw in Fusion Hypervisor Full Text
Abstract
VMware has patched a high-severity code execution flaw in its Fusion hypervisor. The vulnerability, tracked as CVE-2024-38811, is caused by an insecure environment variable.Security Affairs
September 4, 2024 – Policy and Law
Complying with PCI DSS Requirements by 2025 Full Text
Abstract
The latest version 4.0.1 of the Payment Card Industry Data Security Standard (PCI DSS) has introduced key changes to address the evolving digital landscape. While some requirements are already in effect, others will come into play by April 2025.Help Net Security
September 3, 2024 – Vulnerabilities
Canonical Addresses Critical Linux Kernel AWS Vulnerabilities with New Patches Full Text
Abstract
Security researchers have identified six vulnerabilities, including a race condition in the Bluetooth RFCOMM protocol driver that can crash the system, a race condition in the Bluetooth subsystem, and a double-free error in the net/mlx5e module.The Cyber Express
September 3, 2024 – Criminals
Researchers Link ManticoraLoader Malware to Ares Malware Developer Full Text
Abstract
Researchers have traced the new ManticoraLoader malware-as-a-service (MaaS) to the cybercriminal group 'DarkBLUP,' previously associated with distributing AresLoader and AiDLocker ransomware from the DeadXInject group.The Cyber Express
September 3, 2024 – Vulnerabilities
Researchers Find SQL Injection Flaw to Bypass Airport TSA Security Checks Full Text
Abstract
Security researchers discovered a SQL injection vulnerability in FlyCASS, a third-party web service used by airlines to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS).Bleeping Computer
September 3, 2024 – APT
North Korea-linked APT Citrine Sleet Exploit Chrome Zero-Day to Deliver FudModule Rootkit Full Text
Abstract
A North Korean APT used a Google Chrome zero-day flaw, CVE-2024-7971, to deploy the FudModule rootkit. Microsoft researchers linked these attacks to Citrine Sleet (AppleJeus, Labyrinth Chollima, UNC4736, or Hidden Cobra) with medium confidence.Security Affairs
September 3, 2024 – Attack
Roblox Developers Under Attack by New Malicious NPM Campaign Full Text
Abstract
Roblox developers are being targeted by a new malicious npm campaign. Cybercriminals have created fake Roblox npm packages with the aim of deploying a remote access trojan called Quasar.Tech Radar
September 3, 2024 – Phishing
Novel Attack on Windows Spotted in Chinese Phishing Campaign Full Text
Abstract
The malicious DLL implant for the Cobalt Strike attack toolkit gets injected into the Windows binary "runonce.exe," giving total control to the attackers. The campaign further deploys various malicious tools for reconnaissance and data exfiltration.The Register
September 2, 2024 – General
A Macro Look at the Most Pressing Cybersecurity Risks Full Text
Abstract
A Forescout report highlighted a 43% increase in published vulnerabilities, with 23,668 reported in H1 2024. Ransomware attacks also rose by 6%, totaling 3,085 incidents, with the U.S. being the most targeted country.Help Net Security
September 2, 2024 – Ransomware
A New Variant of Cicada Ransomware Targets VMware ESXi Systems Full Text
Abstract
The group behind Cicada3301 has been recruiting affiliates on cybercrime forums since June. It is speculated that Cicada3301 could be related to the now-defunct ALPHV group, as both ransomware share similarities.Security Affairs
September 2, 2024 – Business
Uniqkey Raises $5.92M in Funding Full Text
Abstract
Backers included BackingMinds, in combination with industry veterans such as Jesper Zerlang (ex-CEO of Logpoint), Lars Ankjer, Otto Krabbe, Rolf Bladt, and several angels and key employees.Finsmes
September 2, 2024 – Attack
GreenCharlie Infrastructure Targeting US Political Entities with Advanced Phishing and Malware Full Text
Abstract
GreenCharlie attackers use dynamic DNS providers to register domains for phishing attacks, with deceptive themes like cloud services and document visualization to trick victims into revealing sensitive information or downloading malware payloads.Recorded Future
September 2, 2024 – Solution
Sinon: Open-Source Automatic Generative Burn-in for Windows Deception Hosts Full Text
Abstract
Sinon is an open-source tool designed to automate the burn-in process of Windows-based deception hosts. It simplifies the orchestration of deception hosts at scale by incorporating generative capabilities to introduce diversity and randomness.Help Net Security
September 2, 2024 – Phishing
Fake Palo Alto GlobalProtect Tool Used as Lure to Backdoor Enterprises Full Text
Abstract
A fake Palo Alto GlobalProtect VPN access tool is being used as bait by threat actors targeting Middle Eastern organizations. The malware, disguised as a legitimate tool, can steal data and execute remote commands to infiltrate networks further.Bleeping Computer
September 2, 2024 – Government
NIST Releases New Draft of Digital Identity Proofing Guidelines Full Text
Abstract
The new draft of NIST's digital identity proofing guidelines includes updates to accommodate passkeys and mobile driver's licenses, as well as options for identification without using biometrics like facial recognition.NextGov
September 2, 2024 – Government
CISA Launches Cyber Incident Reporting Portal To Streamline Breach Disclosure Full Text
Abstract
The CISA has launched a cyber incident reporting portal to make breach disclosure easier. It allows organizations to report cyberattacks, vulnerabilities, and data breaches voluntarily.Cybersecurity Dive
September 2, 2024 – Attack
North Korean Cyberattacks Persist: Developers Targeted via npm Packages Full Text
Abstract
The campaign, known as "Contagious Interview," tricks developers into downloading fake npm packages or installers. The attackers deploy a Python payload named InvisibleFerret to steal data from cryptocurrency wallets.Security Online
September 2, 2024 – General
Cyber Threats That Shaped the First Half of 2024 Full Text
Abstract
According to a report by Critical Start Cyber Research Unit, the manufacturing industry was the top target for cyber threats in H1 2024, professional services saw a 15% increase in attacks, and healthcare experienced a 180% surge in incidents.Help Net Security