Security Affairs

"US. CISA adds microsoft windows and others to its known exploited vulnerabilities catalog."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 20 September 2024, 0327 UTC.

Content and Source:  Email subscription via https://feedly.com.   https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

67K followers26 articles per week#security#tech
19

Most popular

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabil
Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability that is being exploited in attacks in the wild against a limited number of customers. Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability, tracked as CVE-2024-8963 (CVSS score of 9.4), actively exploited in attacks in the wild against a limited number of customers. The vulnerability is a path traversal security is
An international law enforcement operation infiltrated the encrypted messaging app Ghost, which was widely used by criminals, resulting in the arrest of dozens of individuals. An international law enforcement operation infiltrated the encrypted communications app Ghost, designed for criminal use, leading to numerous arrests. The alleged administrator of the app, Jay Je Yoon Jung (32), was charged

Yesterday

Small and medium-sized enterprises (SMEs) are a frequent target for cybercriminals. How can SIEM help them improve their cybersecurity? Contrary to what they might believe, small and medium-sized enterprises (SMEs) are a favorite target for cybercriminals. Research from the Identity Theft Resource Center (ITRC) recently found that 73% of US small business owners experienced a cyberattack in 2023.
Russian anti-virus firm Doctor Web (Dr.Web) disconnected all servers following a cyberattack over the weekend. This week, the Russian anti-malware firm Doctor Web (Dr.Web) announced that it had disconnected all servers following a cyberattack on Saturday, September 14. The company revealed it has detected “signs of unauthorised interference” to its IT infrastructure. The company pointed out that
Researchers warn of a new IoT botnet called Raptor Train that already compromised over 200,000 devices worldwide. Cybersecurity researchers from Lumen’s Black Lotus Labs discovered a new botnet, named Raptor Train, composed of small office/home office (SOHO) and IoT devices. The experts believe the botnet is controlled by a Chine-linked APT group Flax Typhoon (also called Ethereal Panda or RedJul
Credential Flusher is a method that allows hackers to steal login credentials directly from the victim’s web browser. The cyber attacks have become increasingly sophisticated, putting our personal information at risk. One of the latest and most insidious techniques is Credential Flusher, a method that allows hackers to steal login credentials directly from the victim’s web browser. The following
The U.S. Department of Treasury issued new sanctions against five executives and one entity linked to the Intellexa Consortium. The Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued new sanctions against five individuals and one entity associated with the Intellexa Consortium for their role in developing, operating, and distributing commercial spyware. The Intellexa Cons

Sep 17, 2024

Broadcom addressed a critical vulnerability in the VMware vCenter Server that could allow remote attackers to achieve code execution. Broadcom released security updates to address a critical vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), in VMware vCenter Server that could lead to remote code execution. vCenter Server is a critical component in VMware virtualization and cloud computi
Remote attack on pagers used by Hezbollah in Lebanon and Syria caused their explosion; at least 8 nine people dead and more than 2,800 injured. At least nine eight individuals, including a child, were killed and over 2,800 were injured due to the explosion of their pagers across Lebanon. A Hezbollah official told Reuters that this incident is the “biggest security breach” in nearly a year of conf
US DoJ charged a Chinese national who used spear-phishing emails to obtain sensitive info from NASA, the U.S. Air Force, Navy, Army, and the FAA. The U.S. DoJ charged a Chinese national, Song Wu (39), who used spear-phishing emails to target employees of NASA, the U.S. Air Force, Navy, Army, and the FAA.” The man, who remails at large, used fake email accounts posing as US-based researchers and e

Sep 16, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows MSHTML Platform and Progress WhatsUp Gold bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions for
Why do consumers refuse to consent to their data being shared? Ensuring transparency on their usage and consent. In the digital world, trust is essential for the relationships between brands and consumers. However, trust is not a once-off exercise; it’s a continuous process in which each interaction helps build and nurture loyalty over time. This is why it’s crucial to understand the factors cont
The personal information of a million individuals was published online following a ransomware attack that in June disrupted NHS hospitals in London. In June, a ransomware attack on pathology and diagnostic services provider Synnovis has severely impacted the operations at several major NHS hospitals in London. The attack forced the impacted hospitals to cancel some healthcare procedures, in some
D-Link fixed multiple critical flaws in its WiFi 6 routers that allow remote attackers to execute arbitrary code or gain hardcoded credentials. D-Link has addressed three critical vulnerabilities, tracked as CVE-2024-45694 , CVE-2024-45695 , CVE-2024-45697 , impacting three wireless router models. The flaws can allow attackers to remotely execute arbitrary code or access the devices using hardcod
Microsoft warns that a recently patched Windows flaw, tracked as CVE-2024-43461, was actively exploited as a zero-day before July 2024. Microsoft warns that attackers actively exploited the Windows vulnerability CVE-2024-43461 as a zero-day before July 2024. The vulnerability CVE-2024-43461 is a Windows MSHTML platform spoofing issue. MSHTML is a platform used by Internet Explorer. Although the b
SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager. SolarWinds released security updates to address a critical-severity remote code execution vulnerability, tracked as CVE-2024-28991 (CVSS score of 9.0), in SolarWinds Access Rights Manager (ARM) The flaw is a deserialization of untrusted data remote code execution vulnerability
Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the risk of “threat intelligence” information exposure. Apple is seeking to drop its lawsuit against Israeli spyware company NSO Group , citing the risk of “threat intelligence” information exposure. Apple wants to dismiss its lawsuit against NSO Group due to three key developments. First, continuing the lawsuit could com

Sep 15, 2024

A hacker tricked ChatGPT into providing instructions to make homemade bombs demonstrating how to bypass the chatbot safety guidelines. A hacker and artist, who goes online as Amadon, tricked ChatGPT into providing instructions to make homemade bombs bypassing the safety guidelines implemented by the chatbot. Initially, the expert asked for detailed instructions to create a fertilizer bomb similar

End of feed

Comments

Popular posts from this blog

BleepingComputer.com

The Cyberwire Daily Briefing

SecurityWeek Briefing