βCyber Command leader says budget powers are shaving time to complete tasks that once took years
https://cyberscoop.com/cyber-command-leader-says-budget-powers-are-shaving-time-to-complete-tasks-that-once-took-years/
https://cyberscoop.com/cyber-command-leader-says-budget-powers-are-shaving-time-to-complete-tasks-that-once-took-years/
CyberScoop
Cyber Command leader says budget powers are shaving time to complete tasks that once took years
One example, said Gen. Timothy Haugh, was moving $140 million swiftly for training improvements.
βLABScon23 Replay | They Spilled Oil in My Health-Boosting Smoothie
https://www.sentinelone.com/labs/labscon23-replay-they-spilled-oil-in-my-health-boosting-smoothie/
https://www.sentinelone.com/labs/labscon23-replay-they-spilled-oil-in-my-health-boosting-smoothie/
βWatch our new documentary, "The Light We Keep: A Project PowerUp Story"
https://blog.talosintelligence.com/watch-our-new-documentary-the-light-we-keep-a-project-powerup-story/
https://blog.talosintelligence.com/watch-our-new-documentary-the-light-we-keep-a-project-powerup-story/
Cisco Talos Blog
Watch our new documentary, "The Light We Keep: A Project PowerUp Story"
The Light We Keep documentary tells the story of the consequences of electronic warfare in Ukraine and its effect on power grids across the country.
π2
βThe best and worst ways to get users to improve their account security
https://blog.talosintelligence.com/threat-source-newsletter-sept-5-2024/
https://blog.talosintelligence.com/threat-source-newsletter-sept-5-2024/
Cisco Talos Blog
The best and worst ways to get users to improve their account security
In my opinion, mandatory enrollment is best enrollment.
π2
βExploiting Exchange PowerShell After ProxyNotShell: Part 1 - MultiValuedProperty
https://www.thezdi.com/blog/2024/9/4/exploiting-exchange-powershell-after-proxynotshell-part-1-multivaluedproperty
https://www.thezdi.com/blog/2024/9/4/exploiting-exchange-powershell-after-proxynotshell-part-1-multivaluedproperty
Zero Day Initiative
Zero Day Initiative β Exploiting Exchange PowerShell After ProxyNotShell: Part 1 - MultiValuedProperty
As you may know, I recently presented my Exchange-related talk during OffensiveCon 2024. This series of four blog posts is meant to supplement the talk and provide additional technical details. For those who did not attend OffensiveCon, you can also watchβ¦
βMusician charged with $10M streaming royalties fraud using AI and bots
https://www.bleepingcomputer.com/news/security/musician-charged-with-10m-streaming-royalties-fraud-using-ai-and-bots/
https://www.bleepingcomputer.com/news/security/musician-charged-with-10m-streaming-royalties-fraud-using-ai-and-bots/
BleepingComputer
Musician charged with $10M streaming royalties fraud using AI and bots
North Carolina musician Michael Smith was indicted for collecting over $10 million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music using AI-generated songs streamed by thousands of bots in a massive streaming fraud scheme.
βLiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks
https://www.bleepingcomputer.com/news/security/litespeed-cache-bug-exposes-6-million-wordpress-sites-to-takeover-attacks/
https://www.bleepingcomputer.com/news/security/litespeed-cache-bug-exposes-6-million-wordpress-sites-to-takeover-attacks/
BleepingComputer
LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks
Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites.
βRussian military hackers linked to critical infrastructure attacks
https://www.bleepingcomputer.com/news/security/us-and-allies-link-russian-military-hackers-behind-critical-infrastructure-attacks-to-gru-unit-29155/
https://www.bleepingcomputer.com/news/security/us-and-allies-link-russian-military-hackers-behind-critical-infrastructure-attacks-to-gru-unit-29155/
BleepingComputer
Russian military hackers linked to critical infrastructure attacks
The United States and its allies have linked a group of Russian hackers (tracked as Cadet Blizzard and Ember Bear) behind global critical infrastructure attacks to Unit 29155 of Russia's Main Directorate of the General Staff of the Armed Forces (also knownβ¦
βU.S. charges five Russian military members for destructive cyber ops, hack-and-leak campaigns
https://cyberscoop.com/u-s-charges-five-russian-military-members-for-destructive-cyber-ops-hack-and-leak-campaigns/
https://cyberscoop.com/u-s-charges-five-russian-military-members-for-destructive-cyber-ops-hack-and-leak-campaigns/
CyberScoop
U.S. charges five Russian military members for destructive cyber ops, hack-and-leak campaigns
The hackers were working with a unit in the Russian Main Intelligence Directorate, according to the DOJ.
βMicrosoft removes revenge porn from Bing search using new tool
https://www.bleepingcomputer.com/news/security/microsoft-removes-revenge-porn-from-bing-search-using-new-tool/
https://www.bleepingcomputer.com/news/security/microsoft-removes-revenge-porn-from-bing-search-using-new-tool/
BleepingComputer
Microsoft removes revenge porn from Bing search using new tool
Microsoft announced today that it has partnered with StopNCII to proactively remove harmful intimate images and videos from Bing using digital hashes people create from their sensitive media.
βApache fixes critical OFBiz remote code execution vulnerability
https://www.bleepingcomputer.com/news/security/apache-fixes-critical-ofbiz-remote-code-execution-vulnerability/
https://www.bleepingcomputer.com/news/security/apache-fixes-critical-ofbiz-remote-code-execution-vulnerability/
BleepingComputer
Apache fixes critical OFBiz remote code execution vulnerability
Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers.
βOpenStack Ironic Users Urged to Patch Critical Vulnerability (CVE-2024-44082)
https://securityonline.info/openstack-ironic-users-urged-to-patch-critical-vulnerability-cve-2024-44082/
https://securityonline.info/openstack-ironic-users-urged-to-patch-critical-vulnerability-cve-2024-44082/
Cybersecurity News
OpenStack Ironic Users Urged to Patch Critical Vulnerability (CVE-2024-44082)
Critical security flaw in OpenStack's Ironic project (CVE-2024-44082) exposes sensitive data. Learn more about the vulnerability and its impact.
βBitcoin ATM Scams Surge with Over $110 Million in Losses in 2023
https://securityonline.info/bitcoin-atm-scams-surge-with-over-110-million-in-losses-in-2023/
https://securityonline.info/bitcoin-atm-scams-surge-with-over-110-million-in-losses-in-2023/
Cybersecurity News
Bitcoin ATM Scams Surge with Over $110 Million in Losses in 2023
Beware of Bitcoin ATM scams. The FTC reveals alarming figuresβover $110 million lost in 2023 alone. Learn how criminals exploit these decentralized machines.
βDarkCracks: A New Stealthy Malware Framework Exploiting GLPI and WordPress
https://securityonline.info/darkcracks-a-new-stealthy-malware-framework-exploiting-glpi-and-wordpress/
https://securityonline.info/darkcracks-a-new-stealthy-malware-framework-exploiting-glpi-and-wordpress/
Cybersecurity News
DarkCracks: A New Stealthy Malware Framework Exploiting GLPI and WordPress
Uncover the advanced malware campaign known as DarkCracks. Learn how it exploits vulnerabilities in GLPI and WordPress websites for stealthy control.
βCVE-2024-7012 (CVSS 9.8): Critical Foreman Flaw Exposes Red Hat Satellite to Unauthorized Access
https://securityonline.info/cve-2024-7012-cvss-9-8-critical-foreman-flaw-exposes-red-hat-satellite-to-unauthorized-access/
https://securityonline.info/cve-2024-7012-cvss-9-8-critical-foreman-flaw-exposes-red-hat-satellite-to-unauthorized-access/
Cybersecurity News
CVE-2024-7012 (CVSS 9.8): Critical Foreman Flaw Exposes Red Hat Satellite to Unauthorized Access
Learn about the critical vulnerability, CVE-2024-7012, in Foreman. Discover how this flaw could enable unauthorized access to Red Hat Satellite.
βBlack Bastaβs Evolving Tactics and the Rising Role of LLMs in Cyber Attack
https://securityonline.info/black-bastas-evolving-tactics-and-the-rising-role-of-llms-in-cyber-attack/
https://securityonline.info/black-bastas-evolving-tactics-and-the-rising-role-of-llms-in-cyber-attack/
Cybersecurity News
Black Basta's Evolving Tactics and the Rising Role of LLMs in Cyber Attack
Discover the tactics of Black Basta, one of the most dangerous extortion groups. Explore the use of large language models in cybersecurity.
βCritical Flaws in Veeam ONE Expose Systems to RCE (CVE-2024-42024) and Credential Theft (CVE-2024-42019)
https://securityonline.info/critical-flaws-in-veeam-one-expose-systems-to-rce-cve-2024-42024-and-credential-theft-cve-2024-42019/
https://securityonline.info/critical-flaws-in-veeam-one-expose-systems-to-rce-cve-2024-42024-and-credential-theft-cve-2024-42019/
Cybersecurity News
Critical Flaws in Veeam ONE Expose Systems to RCE (CVE-2024-42024) and Credential Theft (CVE-2024-42019)
Stay protected from critical vulnerabilities in Veeam ONE. Learn about CVE-2024-42024 & CVE-2024-42019 and the risks it poses to your virtual and data protection environments.
βNorth Korean Hackers Launch Job Interview Scam to Deploy BeaverTail and InvisibleFerret Malware
https://securityonline.info/north-korean-hackers-launch-job-interview-scam-to-deploy-beavertail-and-invisibleferret-malware/
https://securityonline.info/north-korean-hackers-launch-job-interview-scam-to-deploy-beavertail-and-invisibleferret-malware/
Cybersecurity News
North Korean Hackers Launch Job Interview Scam to Deploy BeaverTail and InvisibleFerret Malware
Protect yourself from the BeaverTail malware and InvisibleFerret backdoor used by Lazarus Group. Learn how the Contagious Interview campaign targets blockchain professionals and job seekers through deceptive tactics.
βMuddyWaterβs Sneaky New Tactic: Hijacking RMM Software for Espionage
https://securityonline.info/muddywaters-sneaky-new-tactic-hijacking-rmm-software-for-espionage/
https://securityonline.info/muddywaters-sneaky-new-tactic-hijacking-rmm-software-for-espionage/
Cybersecurity News
MuddyWater's Sneaky New Tactic: Hijacking RMM Software for Espionage
Discover the alarming tactics of the MuddyWater hacking group. Find out how they exploit legitimate software in their attacks.
βCVE-2024-7591 (CVSS 10): Critical Vulnerability Discovered in Progress LoadMaster
https://securityonline.info/cve-2024-7591-cvss-10-critical-vulnerability-discovered-in-progress-loadmaster/
https://securityonline.info/cve-2024-7591-cvss-10-critical-vulnerability-discovered-in-progress-loadmaster/
Cybersecurity News
CVE-2024-7591 (CVSS 10): Critical Vulnerability Discovered in Progress LoadMaster
Critical vulnerability (CVE-2024-7591) in Progress LoadMaster ADC and load balancer. Learn how unauthenticated, remote attackers can execute system commands.
βCVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root Compromise
https://securityonline.info/cve-2024-26581-poc-exploit-released-linux-systems-at-risk-of-root-compromise/
https://securityonline.info/cve-2024-26581-poc-exploit-released-linux-systems-at-risk-of-root-compromise/
Daily CyberSecurity
CVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root Compromise
The security researchers have disclosed technical details and PoC exploit code for a CVE-2024-26581 vulnerability within the Linux kernel