π¦
Weekly IT Vulnerability Report for August 20, 2024: Urgent Fixes Recommended for GitHub, PHP, Windows, and SAP π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways CVE20246800 GitHub Enterprise Server poses the risk of data breaches and supply chain attacks. CVE202438063, a critical Remote Code Execution RCE vulnerability in Windows, may enable cyber attacks on a mass scale, affecting both government and private entities. Overview Cyble Research and Intelligence Labs CRIL researchers investigated 12 vulnerabilities from August 14 to August 20, ranging in severity from medium to critical. CRIL researchers also observed five instances of vulnerabilities and Proof of Concept POC exploits discussed on underground channels and cybercrime forums during that period. Based on Cybles assessments of the relative cyber threats presented by the vulnerabilities and exploits, five vulnerabilities stand out as warranting pri...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Weekly IT Vulnerability Report - Aug 2024: Urgent Fixes For GitHub, PHP, Windows & SAP
Weekly IT Vulnerability Report: This vulnerability report flags urgent fixes for critical flaws in GitHub, PHP, Windows, and SAP, including remote code execution risks.
ποΈ SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE202440766 CVSS score 9.3, has been described as an improper access control bug. "An improper access control vulnerability has been identified in the SonicWall SonicOS.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Dutch Regulator Fines Uber β¬290 Million for GDPR Violations in Data Transfers to U.S. ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Dutch Data Protection Authority DPA has fined Uber a record 290 million 324 million for allegedly failing to comply with European Union E.U. data protection standards when sending sensitive driver data to the U.S. "The Dutch DPA found that Uber transferred personal data of European taxi drivers to the United States U.S. and failed to appropriately safeguard the data with regard to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Seattle-Tacoma Airport Suffers System Outages Due to Possible Cyberattack π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
As the entire Port of Seattle struggles to become fully operational once more, the airport recommends that those who are traveling take extra precautions.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Seattle-Tacoma Airport Suffers Outages Due to Possible Cyberattack
As the entire Port of Seattle struggles to become fully operational once more, the airport recommends that those who are traveling take extra precautions.
π΅οΈββοΈ Hackers Use Rare Stealth Techniques to Down Asian Military, Gov't Orgs π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A threat actor resembling APT41 performed "AppDomainManager Injection," which is like DLL sideloading, but arguably easier and stealthier.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Hackers Use Rare Stealth Techniques to Down Asian Military, Gov't Orgs
A threat actor resembling APT41 performed "AppDomainManager Injection," which is like DLL sideloading, but arguably easier and stealthier.
π΅οΈββοΈ Microsoft to Host Windows Security Summit in CrowdStrike Outage Aftermath π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The tech giant seeks to work with endpoint security partners, including CrowdStrike, on how to prevent an outage event of such gravity from happening again.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Microsoft to Host Windows Security Summit Post-CrowdStrike
The tech giant seeks to work with endpoint security partners, including CrowdStrike, on how to prevent an outage event of such gravity from happening again.
π1
π΅οΈββοΈ Cybercriminals Tap Greasy Opal to Create 750M Fake Microsoft Accounts π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Such cyberattack enablement services let attackers breach security measures, establish new fake accounts, and bruteforce servers.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Cybercriminals Tap Greasy Opal to Create 750M Fake Microsoft Accounts
Such cyberattack enablement services let attackers breach security measures, establish new fake accounts, and brute-force servers.
ποΈ Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Details have emerged about a nowpatched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling. "ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user interface," security researcher Johann Rehberger said. "This means that an attacker.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE20247965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. "Inappropriate implementation in V8 in Google Chrome prior to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Australia and Google turn to AI to protect critical infrastructure π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Australia's CSIRO partners with Google to develop homegrown AI security tools for infrastructure.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Australia and Google turn to AI to protect critical infrastructure
Australia's CSIRO partners with Google to develop homegrown AI security tools for infrastructure
π A Third of Organizations Suffer SaaS Data Breaches π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
AppOmni report claims number of companies suffering SaaSrelated data breaches has jumped five percentage points over past year.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
A Third of Organizations Suffer SaaS Data Breaches
AppOmni report claims number of companies suffering SaaS-related data breaches has jumped five percentage points over past year
π1
π’ Uber hit with β¬290m fine for storing European driver data in the US π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The fine marks the latest imposed on Uber by the Dutch data protection authority.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Uber hit with β¬290m fine for storing European driver data in the US
The fine marks the latest imposed on Uber by the Dutch data protection authority
π Uber Hit With β¬290m GDPR Fine π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Dutch data protection regulator has imposed a 290m GDPR fine on Uber for storing driver data in the US without adequate safeguards.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Uber Hit With β¬290m GDPR Fine
The Dutch data protection regulator has imposed a β¬290m GDPR fine on Uber for storing driver data in the US without adequate safeguards
π₯1
π’ Teleport partners with TD Synnex to tackle identity-focused cyber attacks π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The new distribution agreement will enable customers to procure secure infrastructure access solutions from a single source.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
channelpro
Teleport partners with TD Synnex to tackle identity-focused cyber attacks
The new distribution agreement will enable customers to procure secure infrastructure access solutions from a single source
π’ North Korean insider attacks are skyrocketing β dozens of US firms didn't spot the hacker in their midst π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A North Korean threat campaign sneaking hackers into US firms as fake IT workers is just the tip of the iceberg, researchers have warned.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
North Korean insider attacks are skyrocketing β dozens of US firms didn't spot the hacker in their midst
North Korean threat campaigns are sneaking hackers into US firms as fake IT workers - and the trend shows no sign of stopping
π΅οΈββοΈ Why Every Business Should Prioritize Confidential Computing π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Confidential computing safeguards data in use, making it a crucial component of cloud security.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Why Every Business Should Prioritize Confidential Computing
Confidential computing safeguards data in use, making it a crucial component of cloud security.
π¦Ώ The 5 Best Free Endpoint Protection Platforms for 2024 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Discover our top picks for reputable free endpoint protection platforms and compare their features, pros and cons in this indepth guide.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
The 5 Best Free Endpoint Protection Platforms for 2024
Discover our top picks for reputable free endpoint protection platforms and compare their features, pros and cons in this in-depth guide.
π§ Cost of data breaches: The business case for security AI and automation π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
As Yogi Berra said, Its dj vu all over again. If the idea of the global average costs of data breaches rising year over year feels like more of the same, thats because it is. Data protection solutions get better, but so do threat actors. The other broken record is the underuse or misuse of The post Cost of data breaches The business case for security AI and automation appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Cost of data breaches: The business case for security AI and automation
IBM's 2024 comprehensive report shows that the use of modern technologies, such as AI automation, reduced breach costs by $2.2 million.
ποΈ CTEM in the Spotlight: How Gartner's New Categories Help to Manage Exposures ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Want to know whats the latest and greatest in SecOps for 2024? Gartners recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this years report Threat Exposure Management, Exposure Assessment Platforms EAP, and Adversarial.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π FBI Flawed Data Handling Raises Security Concerns π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A US Justice Department watchdog has found significant weaknesses in the FBIs physical and online media storage and disposal processes.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
FBI Flawed Data Handling Raises Security Concerns
A US Justice Department watchdog has found βsignificant weaknessesβ in the FBIβs physical and online media storage and disposal processes
π Suspected Cyber-Attack Causes Travel Chaos at Seattle Airport π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Port of Seattle revealed system outages at the citys airport may have been caused by a cyberattack, affecting early Labor Day travel.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Suspected Cyber-Attack Causes Travel Chaos at Seattle Airport
The Port of Seattle revealed system outages at the cityβs airport may have been caused by a cyber-attack, affecting early Labor Day travel
β€1