"Cisco ASA, FTD software under active VPN exploitation."

Views expressed in this cybersecurity, cyber crime summary are those of the reporters and correspondents.  Accessed on 24 October 2024, 1737 UTC.

Content and Source:  E-mail subscription via https://feedly.com.   https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Dark Reading

158K followers46 articles per week#security#tech

30

Today

Cisco ASA, FTD Software Under Active VPN Exploitation

5 TTPs

•

by Dark Reading Staff / 1h

•

CVE-2024-20482 & 1 other

Unauthenticated threat actors can remotely cause a denial-of-service (DoS) cyberattack within the Remote Access VPN software in Cisco's ASA and Firepower software.

AI Chatbots Ditch Guardrails After 'Deceptive Delight' Cocktail

Adversary-in-the-Middle (Enterprise T1557)

•

by Tara Seals, Managing Editor, News, Dark Reading / 1h

•

Deceptive Delight jailbreaks AI models

The latest GenAI jailbreak technique tricks chatbots into returning restricted content by blending different prompt topics together.

Why Cybersecurity Acumen Matters in the C-Suite

by Erik Gaston / 3h

Until CEOs and boards prioritize learning more about mitigating threats, organizations are leaving themselves and their businesses open to the potential for disaster.

Codasip Donates Tools to Develop Memory-Safe Chips

Codasip donates CHERI RISC-V SDK

•

by Dark Reading Staff / 5h

The software development kit will simplify building and testing of CHERI-enabled RISC-V applications.

Yesterday

'Prometei' Botnet Spreads Its Cryptojacker Worldwide

16 TTPs

•

by Nate Nelson, Contributing Writer / 11h

The Russian-language malware primarily enlists computers to mine Monero, but theoretically it can do worse.

Lazarus Group Exploits Chrome Zero-Day in Latest Campaign

5 TTPs

•

by Jai Vijayan, Contributing Writer / 20h

•

CVE-2024-4947

The North Korean actor is going after cryptocurrency investors worldwide leveraging a genuine-looking game site and AI-generated content and images.

Russian Trolls Pose as Reputable Media to Sow US Election Chaos

Russia targets 2024 US election

•

by Becky Bracken, Senior Editor, Dark Reading / 21h

Operation Overload pushes dressed up Russian state propaganda with the aim of flooding the US with election disinformation.

Microsoft SharePoint Vuln Is Under Active Exploit

3 TTPs

•

by Dark Reading Staff / 21h

The risk of exploitation is heightened, thanks to a proof-of-concept that's been made publicly available.

Mobile Apps With Millions of Downloads Expose Cloud Credentials

Hardcoded credentials risk millions

•

by Elizabeth Montalbano, Contributing Writer / 1d

Popular titles on both Google Play and Apple's App Store include hardcoded and unencrypted AWS and Azure credentials in their codebases or binaries, making them vulnerable to misuse by threat actors.

The US Needs a Better Energy Grid to Win the AI Arms Race

by Stephen Kines / 1d

The longer we avoid reform, the further behind we'll fall in AI innovation — and the more vulnerable we'll be.

Bumblebee Malware Is Buzzing Back to Life

8 TTPs

•

by Becky Bracken, Senior Editor, Dark Reading / 1d

•

Bumblebee malware loader resurfaces threat

Despite a law enforcement sweep last May, the sophisticated downloader malware is re-emerging.

Breaking Barriers: Making Cybersecurity Accessible for Neurodiverse Professionals

by Joan Goodchild / 1d

Cybersecurity is not "one size fits all." Employers, recruiters, and managers need to embrace neurodiversity through inclusive hiring practices, tailored training programs, and adaptive management styles.

Oct 22, 2024

Samsung Zero-Day Vuln Under Active Exploit, Google Warns

5 TTPs

•

by Dark Reading Staff / 1d

If it's exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.

OPA for Windows Vulnerability Exposes NTLM Hashes

6 TTPs

•

by Jai Vijayan, Contributing Writer / 1d

The vulnerability affects all versions prior to v0.68.0 and highlights the risks organizations assume when consuming open source software and code.

Honeywell and Google Cloud to Accelerate Auto Operations With AI Agents for the Industrial Sector

Honeywell partners with Google AI

•

1d

[no content]

SoftwareOne Launches Cloud Competency Centre in Malaysia

1d

[no content]

Retail & Hospitality ISAC Launches Program Aimed at Securing Supply Chains

1d

[no content]

Most US Political Campaigns Lack DMARC Email Protection

75% of Senate campaigns lack DMARC

•

by Dark Reading Staff / 1d

Without DMARC, campaigns remain highly susceptible to phishing, domain spoofing, and impersonation.

Swarms of Fake WordPress Plug-ins Infect Sites With Infostealers

11 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 2d

•

Fake WordPress plugins spread malware

GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware.

Tricky CAPTCHA Caught Dropping Lumma Stealer Malware

4 TTPs

•

by Becky Bracken, Senior Editor, Dark Reading / 2d

•

Lumma Stealer uses fake CAPTCHA

The persistent infostealer's latest campaign inserts fake CAPTCHA pages into legitimate applications, fooling users into executing the malicious payload, researchers find.

What Today's SOC Teams Can Learn From Baseball

by Mike Mitchell / 2d

There are more similarities between developing a professional athlete and developing a cybersecurity pro than you might expect.

Name That Toon: The Big Jump

by John Klossner, Cartoonist / 2d

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

EU Adopts Cyber Resilience Act to Regulate Internet of Things

by Jennifer Lawinski, Contributing Writer / 2d

The European Union adopted a new law setting EU-wide cybersecurity requirements for connected devices to ensure their safety.