BleepingComputer.com

"MaginotDNS attacks exploit weak checks for DNS cache poisoning."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 13 August 2023, 1447 UTC.  Content provided by "BleepingComputer.com."

Source:  https://www.bleepingcomputer.com/ ("BleepingComputer.com").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

LATEST ARTICLES

MaginotDNS attacks exploit weak checks for DNS cache poisoning

  • A team of researchers from UC Irvine and Tsinghua University has developed a new powerful cache poisoning attack named 'MaginotDNS,' that targets Conditional DNS (CDNS) resolvers and can compromise entire TLDs top-level domains.

  • Britain UK Flag
     
    SECURITY

UK gov keeps repeating its voter registration website is NOT a scam

  • Every year local government bodies or councils across Britain contact residents, asking them to update their voter details on the electoral register if these have changed. To do so, residents are asked to visit HouseholdResponse.com, a domain that looks anything but official and has often confused people, who mistake it for a scam.

  • Knight
     
    SECURITY

Knight ransomware distributed in fake Tripadvisor complaint emails

  • The Knight ransomware is being distributed in an ongoing spam campaign that pretends to be TripAdvisor complaints.

  • Ford
     
    SECURITY

Ford says cars with WiFi vulnerability still safe to drive

  • Ford is warning of a buffer overflow vulnerability in its SYNC3 infotainment system used in many Ford and Lincoln vehicles, which could allow remote code execution, but says that vehicle driving safety isn't impacted.

  • Hospital
     
    SECURITY

The Week in Ransomware - August 11th 2023 - Targeting Healthcare

  • While some ransomware operations claim not to target hospitals, one relatively new ransomware gang named Rhysida doesn't seem to care.

  • Microsoft Exchange
     
    SECURITY, CLOUD, MICROSOFT

US cyber safety board to analyze Microsoft Exchange hack of govt emails

  • The Department of Homeland Security's Cyber Safety Review Board (CSRB) has announced plans to conduct an in-depth review of cloud security practices following recent Chinese hacks of Microsoft Exchange accounts used by US government agencies.

  • Telegram
     
    TECHNOLOGY, SECURITY

Xiaomi's MIUI now flags Telegram as dangerous in China

  • Asian smartphone giant Xiaomi is now blocking Telegram from being installed on devices using its MIUI system and firmware interface.

  • Police arrests hacker
     
    SECURITY

LOLEKHosted admin arrested for aiding Netwalker ransomware gang

  • Police have taken down the Lolek bulletproof hosting provider, arresting five individuals and seizing servers for allegedly facilitating Netwalker ransomware attacks and other malicious activities.

  • CodeSYS
     
    SECURITY

Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws

  • Millions of PLC (programmable logic controllers) used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS V3 software development kit, allowing remote code execution (RCE) and denial of service (DoS) attacks.

  • Amazon AWS
     
    SECURITY

Amazon AWS distances itself from Moq amid data collection controversy

  • Amazon AWS has withdrawn its association with open source project Moq after the project drew sharp criticism for its quiet addition of data collection features, as first reported by BleepingComputer.

  • Hacker monitors
     
    SECURITY

Lapsus$ hackers took SIM-swapping attacks to the next level

  • The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture.

  • Botnet robot
     
    SECURITY

Gafgyt malware exploits five-years-old flaw in EoL Zyxel router

  • Fortinet has issued an alert warning that the Gafgyt botnet malware is actively trying to exploit a vulnerability in the end-of-life Zyxel P660HN-T1A router in thousands of daily attacks.

  • Microsoft Exchange
     
    MICROSOFT

Microsoft Exchange updates pulled after breaking non-English installs

  • Microsoft has pulled Microsoft Exchange Server's August security updates from Windows Update after finding they break Exchange on non-English installs.

  • Bouncer Bar Guard
     
    SECURITY

MoustachedBouncer hackers use AiTM attacks to spy on diplomats

  • A cyberespionage group named 'MoustachedBouncer' has been observed using adversary-in-the-middle (AitM) attacks at ISPs to hack foreign embassies in Belarus.

  • Barracuda
     
    SECURITY

CISA: New Whirlpool backdoor used in Barracuda ESG hacks

  • The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor malware named 'Whirlpool' used in attacks on compromised Barracuda Email Security Gateway (ESG) devices.

  • Key Decryptor Unlock
     
    SECURITY

Dell Compellent hardcoded key exposes VMware vCenter admin creds

  • An unfixed hardcoded encryption key flaw in Dell's Compellent Integration Tools for VMware (CITV) allows attackers to decrypt stored vCenter admin credentials and retrieve the cleartext password.

VIEW MORE

Comments

Post a Comment

Please leave a comment about our recent post.

Popular posts from this blog

The Cyberwire Daily Briefing

Image
"Fortinet confirms breach of customer data." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 15 September 2024, 1339 UTC. Content and Source:   https://thecyberwire.com/newsletters/daily-briefing/13/176 Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). V13 | Issue 176 | 9.13.24 Daily Briefing for 09.13.24 Announcement Cloud Security in the Age of Generative AI. Artificial Intelligence is revolutionizing business, but it also introduces new risks. Join us on Wednesday, September 18th at 2pm EDT for a compelling live webinar on "Good vs. Evil: Cloud Security in the Age of Generative AI" with N2K CyberWire’s Dave Bittner and Sysdig’s Loris Degioanni.  Learn more and register now . Summary By the CyberWire staff At a glance. Fortinet confirms breach of customer data. Iran's Scarred Manticore deploys ne
Read more

BleepingComputer.com

Image
"Progress LoadMaster vulnerable to 10/10 severity RCE flaw." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 08 September 2024, 1458 UTC. Content and Source:   https://www.bleepingcomputer.com/ Please check link or scroll down to read your selections. Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Latest Articles   Security Progress LoadMaster vulnerable to 10/10 severity RCE flaw Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device. Bill Toulas   September 08, 2024   10:11 AM     0   Deals Get started learning about cybersecurity with this course bundle deal Take a real step towards a job in information security with this intro to cybersecurity. Get the 2024 Cybersecurity Essentials Bundl
Read more

SecurityWeek Briefing

Image
"New RAMBO attack allows air-gapped data theft." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 10 September 2024, 0035 UTC. Content and Source:  https://www.securityweek.com Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net).   Monday, September 9 , 2024 Are you worried about unmanaged devices and apps? LATEST CYBERSECURITY HEADLINES New RAMBO Attack Allows Air-Gapped Data Theft Predator Spyware Resurfaces With Fresh Infrastructure Google Pushes Rust in Legacy Firmware to Tackle Memory Safety Flaws 300,000 Impacted by Data Breach at Car Rental Firm Avis One Million US Kaspersky Customers Transferred to Pango’s UltraAV Two Indicted in US for Running Dark Web Marketplaces Offering Stolen Information Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks CISA Breaks Silence on Controversial ‘Airp
Read more