π¦
High-Risk CVE-2024-7965 Vulnerability in Chromeβs V8 Engine Requires Quick Fix π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways CISA has included a type of confusion vulnerability affecting Google Chrome and potentially other Chromiumbased browsers in its Known Exploited Vulnerabilities KEV catalog, highlighting its seriousness and potential for exploitation. CVE20247965 affects Chrome's V8 JavaScript engine, allowing attackers to exploit heap corruption through specially crafted HTML pages. Its high CVSS score of 8.8 indicates a severe threat to system confidentiality and integrity. Google has acknowledged that CVE20247965 is actively being exploited. A critical patch has been released in Chrome versions 128.0.6613.84 for Linux and 128.0.6613.84.85 for Windows and Mac. Due to the active exploitation of this vulnerability, it is crucial for all users to update their browsers immediat...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Urgent Fix Needed For Chrome V8 Engine CVE-2024-7965
CVE-2024-7965 is a critical flaw in Chrome's V8 engine, posing high-risk to browsers. Update now to protect against security threats. Learn more at Cyble.
βοΈ New 0-Day Attacks Linked to Chinaβs βVolt Typhoonβ βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Malicious hackers are exploiting a zeroday vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
New 0-Day Attacks Linked to Chinaβs βVolt Typhoonβ
Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltratingβ¦
β€1
π MOVEit Hack Exposed Personal Data of Half Million TDECU Users π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Texas Dow Employees Credit Union told the Maine Attorney General the MOVEit data breach compromised information of over 500,000 members.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
MOVEit Hack Exposed Personal Data of Half Million TDECU Users
The Texas Dow Employees Credit Union told the Maine Attorney General the MOVEit data breach compromised information of over 500,000 members
π¦
Cloud Storage Bucket Security: PII Leak Brings Renewed Focus to Storage Bucket Access Controls π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways News of a Google Cloud Storage bucket data leak has once again drawn public attention to the risks of misconfigured cloud storage buckets, one of the most common cloud security issues and causes of data leaks. Alices Table, a former contestant on ABCs Shark Tank, inadvertently leaked the personally identifiable information PII of more than 83,000 customers from a misconfigured Google Cloud Storage bucket. The leak underscores the importance of cloud storage bucket access controls as well as regularly auditing permissions and monitoring for data leaks. Cloud storage bucket leaks are very common Cyble Odin is presently detecting more than 500,000 such exposures between AWS and Google Cloud Storage. We look at best practices for cloud storage bucket access con...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
π₯2
π΅οΈββοΈ PoC Exploit for Zero-Click Vulnerability Made Available to the Masses π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
PoC Exploit for Zero-Click Vulnerability Made Available to the Masses
The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.
π Microsoft 365 Copilot Vulnerability Exposes User Data Risks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The flaw in Microsoft 365 Copilot allowed data theft using ASCII smuggling and prompt injection.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Microsoft 365 Copilot Vulnerability Exposes User Data Risks
The flaw in Microsoft 365 Copilot allowed data theft using ASCII smuggling and prompt injection
ποΈ macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the attackers' server," Kaspersky researcher Sergey Puzan said. HZ RAT was first.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Nozomi Networks unveils new Mandiant-powered security tools π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The Nozomi TI Expansion Pack provides customers with access to both Nozomi and Mandiant threat intelligence capabilities.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
channelpro
Nozomi Networks unveils new Mandiant-powered security tools
The Nozomi TI Expansion Pack provides customers with access to both Nozomi and Mandiant threat intelligence capabilities
π’ Volt Typhoon is wreaking havoc again β this time on US internet providers π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Chinese statebacked hackers are thought to be actively exploiting a zeroday in SDWAN software to infect corporate networks at US internet providers.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Volt Typhoon is wreaking havoc again β this time on US internet providers
Chinese state-backed hackers are thought to be actively exploiting a zero-day in SD-WAN software to infect corporate networks at US internet providers
π΅οΈββοΈ Hitachi Energy Vulnerabilities Plague SCADA Power Systems π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Hitachi Energy Vulnerabilities Plague SCADA Power Systems
The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.
π΅οΈββοΈ Manufacturing Sector Under Fire From Microsoft Credential Thieves π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The emails impersonate wellknown companies in the industry, fooling the victim into thinking they are communicating with a legitimate entity.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Manufacturing Sector Under Fire From Microsoft Credential Thieves
The emails impersonate well-known companies in the industry, fooling the victim into thinking they are communicating with a legitimate entity.
π΅οΈββοΈ Why LLMs Are Just the Tip of the AI Security Iceberg π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
With the right processes and tools, organizations can implement advanced AI security frameworks that make hidden risks visible, enabling security teams to track and address them before impact.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Why LLMs Are Just the Tip of the AI Security Iceberg
With the right processes and tools, organizations can implement advanced AI security frameworks that make hidden risks visible, enabling security teams to track and address them before impact.
π΅οΈββοΈ Hundreds of LLM Servers Expose Corporate, Health & Other Online Data π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
LLM automation tools and vector databases can be rife with sensitive data and vulnerable to pilfering.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Hundreds of LLM Servers Expose Corporate, Health & Other Online Data
LLM automation tools and vector databases can be rife with sensitive data β and vulnerable to pilfering.
π΅οΈββοΈ Zimbabwe Trains Government Officials in Cybersecurity Skills π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
African nation's proactive approach to cybersecurity comes amid a rise in painful cyberattacks, including the breach of a major bank.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Zimbabwe Trains Government Officials in Cybersecurity Skills
African nation's proactive approach to cybersecurity comes amid a rise in painful cyberattacks, including the breach of a major bank.
π΅οΈββοΈ PoC Exploit for Zero-Click Vulnerability Made Available to the Masses π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
PoC Exploit for Zero-Click Vulnerability Made Available to the Masses
The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.
π΅οΈββοΈ Microsoft's Sway Serves as Launchpad for 'Quishing' Campaign π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The attack is a mashup of QR codes and phishing that gets users to click on links to malicious webpages.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Microsoft's Sway Serves as Launchpad for 'Quishing' Campaign
The attack is a mashup of QR codes and phishing that gets users to click on links to malicious webpages.
π¦Ώ Price Drop: This Complete Ethical Hacking Bundle is Now $40 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Get a comprehensive, potentially lucrative ethical hacking education with 18 courses on today's top tools and tech. This bundle is just 39.97 for a limited time.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Price Drop: This Complete Ethical Hacking Bundle is Now $33
Get a comprehensive, potentially lucrative ethical hacking education with 18 courses on today's top tools and tech. This bundle is just $32.97.
π¦Ώ GDPR Data Breach Notification Letter (Free Download) π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
In the current business environment, it is almost inevitable that an organization will experience a security breach that exposes collected personal data to unauthorized access. Under the provisions of the General Data Protection Regulation, regardless of the severity of the security breach, organizations must inform their EU customers and stakeholders of the incident in a ...π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
GDPR Data Breach Notification Letter (Free Download) | TechRepublic
In the current business environment, it is almost inevitable that an organization will experience a security breach that exposes collected personal data
π¦Ώ What Is Cybersecurity Awareness Training? Why Your Business Needs it π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Organizations of all sizes are being targeted by bad actors, which is why cybersecurity awareness training is more important than ever. Unfortunately, most organizations are not motivated to implement such training. A study by IBM found that barely half 51 of organizations that had already experienced a data breach in the past year planned to ...π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
What Is Cybersecurity Awareness Training? Why Your Business Needs it | TechRepublic
Organizations of all sizes are being targeted by bad actors, which is why cybersecurity awareness training is more important than ever. Unfortunately,
ποΈ Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE20246633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL database. "The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A South Koreaaligned cyber espionage has been linked to the zeroday exploitation of a nowpatched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace. The activity has been attributed to a threat actor dubbed APTC60, according to cybersecurity firms ESET and DBAPPSecurity. The attacks have been found to infect Chinese and East Asian users.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity