"OnePoint Patient Care data breach impacted 795,916 individuals."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 25 October 2024, 1327 UTC.

Content and Source:  E-mail subscription via https://feedly.com.   https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

68K followers25 articles per week#security#tech

22

Most popular

OnePoint Patient Care data breach impacted 795916 individuals

OnePoint Patient Care data breach

•

by Pierluigi Paganini / 2h

US hospice pharmacy OnePoint Patient Care suffered a data breach that exposed the personal info of approximately 800,000 individuals. OnePoint Patient Care is a U.S.-based pharmacy specializing in hospice and palliative care services, providing customized medications and support for patients with advanced illnesses. It partners with healthcare providers to manage and deliver complex medication re

F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP

2 TTPs

•

27by Pierluigi Paganini / 5d

Technology firm F5 patches a high-severity elevation of privilege vulnerability in BIG-IP and a medium-severity flaw in BIG-IQ. F5 addressed two vulnerabilities in BIG-IP and BIG-IQ enterprise products, respectively tracked as CVE-2024-45844 and CVE-2024-47139. An authenticated attacker, with Manager role privileges or higher, could exploit the vulnerability CVE-2024-45844 to elevate privileges a

U.S. CISA adds Microsoft SharePoint flaw to its Known Exploited Vulnerabilities catalog

2 TTPs

•

by Pierluigi Paganini / 1d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft SharePoint Deserialization Vulnerability CVE-2024-38094 (CVSS v4 score: 7.2) to its Known Exploited Vulnerabilities (KEV) catalog . An attacker with Site Owner permissions ca

Today

From Risk Assessment to Action: Improving Your DLP Response

by Pierluigi Paganini / 3h

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. Data loss prevention (DLP) is a cornerstone of any effective cybersecurity strategy. Protecting sensitive data is what cybersecurity is all about. So, how can you conduct a DLP risk assessment? And how can you translate those findings into real-world improvements? Wha

Yesterday

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

15 TTPs

•

by Pierluigi Paganini / 5h

•

CVE-2024-20482 & 1 other

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability CVE-2024-37383 Rou

Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24

by Pierluigi Paganini / 16h

On the second day of Pwn2Own Ireland 2024, researchers demonstrated an exploit for the Samsung Galaxy S24. On day two of Pwn2Own Ireland 2024 , hackers demonstrated attacks against 51 zero-day vulnerabilities, earning a total of $358,625, prizes that we have sum to the $516,250 earned by participants on the first day of the event . With the $516,250 earned by participants on the first day of the

Cisco fixed tens of vulnerabilities, including an actively exploited one

5 TTPs

•

by Pierluigi Paganini / 20h

•

CVE-2024-20482 & 1 other

Cisco patched vulnerabilities in ASA, FMC, and FTD products, including one actively exploited in a large-scale brute-force attack campaign. Cisco addressed multiple vulnerabilities in Adaptive Security Appliance (ASA), Secure Firewall Management Center (FMC), and Firepower Threat Defense (FTD) products, including an actively exploited flaw tracked as CVE-2024-20481. The vulnerability CVE-2024-204

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

IoC > 1 IP

•

by Pierluigi Paganini / 1d

•

3 TTPs

•

CVE-2024-47575

The “FortiJump” flaw (CVE-2024-47575) has been exploited in zero-day attacks since June 2024, impacting over 50 servers, says Mandiant. A new report published by Mandiant states that the recently disclosed Fortinet FortiManager flaw “FortiJump” CVE-2024-47575 (CVSS v4 score: 9.8) has been exploited since June 2024 in zero-day attacks on over 50 servers. The vulnerability is a missing authenticati

Oct 23, 2024

U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog

3 TTPs

•

by Pierluigi Paganini / 1d

•

CVE-2024-47575

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 (CVSS v4 score: 9.8) to its Known Exploited Vulnerabilities (KEV) catalog . A missing authentication flaw in

Digital Echo Chambers and Erosion of Trust – Key Threats to the US Elections

by Pierluigi Paganini / 1d

Resecurity reports a rise in political content related to the 2024 US elections on social media, with increased activity from foreign sources. Resecurity has detected a substantial increase in the distribution of political content related to the 2024 US elections through social media networks, particularly from foreign jurisdictions. Social media can create echo chambers where users are exposed p

Crooks are targeting Docker API servers to deploy SRBMiner

2 TTPs

•

by Pierluigi Paganini / 2d

•

Attackers exploit Docker API servers

Threat actors are targeting Docker remote API servers to deploy SRBMiner crypto miners on compromised instances, Trend Micro warns. Trend Micro researchers observed attackers targeting Docker remote API servers to deploy SRBMiner crypto miners on compromised instances. The threat actors used the gRPC protocol over h2c to bypass security and execute crypto mining on Docker hosts, manipulating Dock

Oct 22, 2024

Why DSPM is Essential for Achieving Data Privacy in 2024

by Pierluigi Paganini / 2d

Data Security Posture Management (DSPM) helps organizations address evolving data security and privacy requirements by protecting and managing sensitive information. Data Security Posture Management (DSPM) comes into play– an essential solution for addressing evolving data security and privacy requirements Data plays a significant role and will continue to do so in the future. Consider the cloud

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

SEC charges companies for misleading disclosures

•

by Pierluigi Paganini / 2d

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading disclosures about the impact of the SolarWinds Orion hack. The US Securities and Exchange Commission (SEC) charged four companies, Unisys, Avaya, Check Point, and Mimecast for misleading public disclosures related to the supply chain attack on SolarWinds . The SEC fined the four companies for having downplayed the impact of the

Samsung zero-day flaw actively exploited in the wild

5 TTPs

•

by Pierluigi Paganini / 2d

Google’s Threat Analysis Group (TAG) researchers warn of a Samsung zero-day vulnerability that is exploited in the wild. Google’s Threat Analysis Group (TAG) warns of a Samsung zero-day vulnerability, tracked as CVE-2024-44068 (CVSS score of 8.1), which is exploited in the wild. The vulnerability is a use-after-free issue, attackers could exploit the flaw to escalate privileges on a vulnerable An

Experts warn of a new wave of Bumblebee malware attacks

18 TTPs

•

by Pierluigi Paganini / 2d

•

Bumblebee malware loader resurfaces threat

Experts warn of a new wave of attacks involving the Bumblebee malware, months after Europol’s ‘ Operation Endgame ‘ that disrupted its operations in May. The Bumblebee malware loader has resurfaced in new attacks, four months after Europol disrupted it during “ Operation Endgame ” in May. Bumblebee has been active since March 2022 when it was spotted by Google’s Threat Analysis Group (TAG), exper

Oct 21, 2024

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

2 TTPs

•

by Pierluigi Paganini / 3d

•

CVE-2024-9537

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) to its Known Exploited Vulnerabilities (KEV) catalog . ScienceLogic SL1 contains a vulnerability related to a third-party component

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

2 TTPs

•

by Pierluigi Paganini / 3d

VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking contest, for the second time in two months. VMware failed to fully address a remote code execution flaw, tracked as CVE-2024-38812 (CVSS score: 9.8), in its vCenter Server platform. In September, Broadcom released security updates to the vulnerability CVE-2024-38812. vCenter Server is a critical component in VMware v

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Cisco data breach claims emerge

•

by Pierluigi Paganini / 3d

Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment. Cisco confirms that the data posted by the notorious threat actor IntelBroker on a cybercrime forum was stolen from its DevHub environment. IntelBroker claimed to have gained access to Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Cert

Internet Archive was breached twice in a month

IoC > 1 IP

•

by Pierluigi Paganini / 3d

•

Internet Archive suffers major cyberattacks

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The Internet Archive was breached via Zendesk, with users receiving warnings about stolen GitLab tokens due to improper token rotation after repeated alerts. BleepingComputer first reported the news of the incident, after it received several messages from peopl

Oct 20, 2024

Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign

11 TTPs

•

by Pierluigi Paganini / 4d

Hackers exploited a now-patched Roundcube flaw in a phishing attack to steal user credentials from the open-source webmail software. Researchers from Positive Technologies warn that unknown threat actors have attempted to exploit a now-patched vulnerability, tracked as CVE-2024-37383 (CVSS score: 6.1), in the open-source Roundcube webmail software. The attackers have exploited the flaw as part of

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

CVE-2024-38178

•

by Pierluigi Paganini / 5d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Expanding the Investigation: Deep Dive into Latest TrickMo Samples HijackLoader evolution: abusing genuine signing certificates F

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

CVE-2024-38178

•

by Pierluigi Paganini / 5d

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE zero-day in a recent

End of feed