ποΈ Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as part of a renewed statesponsored operation codenamed Crimson Palace, indicating an expansion in the scope of the espionage effort. Cybersecurity firm Sophos, which has been monitoring the cyber offensive, said it comprises three intrusion sets tracked as Cluster.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers. Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new sidechannel attack dubbed PIXHELL could be abused to target airgapped computers by breaching the "audio gap" and exfiltrating sensitive information by taking advantage of the noise generated by the pixels on the screen. "Malware in the airgap and audiogap computers generates crafted pixel patterns that produce noise in the frequency range of 0 22 kHz," Dr. Mordechai Guri, the head of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and the deployment of nextstage payloads, according to new findings from Trend Micro. The cybersecurity firm, which is monitoring the activity cluster under the name Earth Preta, said it observed "the propagation of PUBLOAD via a variant of the worm HIUPAN.".π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Highline Public Schools Forced to Close By Cyber-Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Highline Public Schools in Washington State have now been closed for two days following the incident.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Highline Public Schools Forced to Close By Cyber-Attack
Highline Public Schools in Washington State have now been closed for two days following the incident
π China-Linked Threat Actors Target Taiwan Military Industry π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
TIDRONE group targets military, drone and satellite industries in Taiwan.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
China-Linked Threat Actors Target Taiwan Military Industry
TIDRONE group targets military, drone and satellite industries in Taiwan
π DoJ Distributes $18.5m to Western Union Fraud Victims π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Justice Department has begun the latest round of fraud reimbursement from the Western Union Remission Fund.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
DoJ Distributes $18.5m to Western Union Fraud Victims
The Justice Department has begun the latest round of fraud reimbursement from the Western Union Remission Fund
π Critical SonicWall SSLVPN Bug Exploited By Ransomware Actors π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Researchers have warned that a critical SonicWall vulnerability is being exploited in ransomware attacks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Critical SonicWall SSLVPN Bug Exploited By Ransomware Actors
Researchers have warned that a critical SonicWall vulnerability is being exploited in ransomware attacks
π1
π Senior Python Developer π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
The post Senior Python Developer appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Senior Python Developer - UnderDefense
π SOC Automation: Streamlining Security Operations (+CISOβs Checklist) π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Are you sure your SOC is invincible armor? How often do you hear about the burnout of inhouse SOC analysts? I will not bore you with dry statistics proving that security operation centers SOCs are swamped with tasks, most of which do not require any actions yet missed out on critical. The solution is clear The post SOC Automation Streamlining Security Operations CISOs Checklist appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
SOC Automation: How to Optimize Your Security Operations
Learn how SOC Automation works, its benefits, and how to maximize its potential. We'll also provide a checklist to assess your current level of automation.
π¦
CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways CISA has updated its Known Exploited Vulnerabilities KEV Catalog with three critical vulnerabilities CVE20163714, CVE20171000253, and CVE202440766. These vulnerabilities are being actively exploited by cybercriminals, posing significant risks to both federal and private sector organizations. CISA urges all organizations to prioritize the remediation of these vulnerabilities to strengthen their cybersecurity defenses. Organizations should update software with the latest patches, implement multifactor authentication MFA, and continuously monitor for unusual activities. For detailed information and support, organizations should consult CISAs advisories and the relevant vendor resources. Overview The Cybersecurity and Infrastructure Security Agency CISA...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CISA Adds 3 Critical Vulnerabilities To Exploited List
CISA updates its KEV Catalog with three critical vulnerabilities. Organizations must prioritize remediation to enhance cybersecurity defenses.
π¦
The Re-Emergence of CVE-2024-32113: How CVE-2024-45195 has amplified Exploitation Risks π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview On September 7, 2024, Cyble Global Sensor Intelligence CGSI identified the active exploitation of CVE202432113, a critical path traversal vulnerability in the Apache OFBiz opensource enterprise resource planning ERP system. This flaw was initially addressed on April 12, 2024, with a formal patch released on May 8, 2024. CVE202432113 allows Threat Actors TAs to execute arbitrary commands by sending specially crafted requests, enabling them to gain unauthorized access and execute arbitrary commands. On September 4, 2024, the identification of CVE202445195 reignited concerns surrounding Apache OFBiz by revealing a bypass for several previously addressed vulnerabilities, notably CVE202432113. This development has intensified the exploitation of CVE202432113, as attackers expl...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CVE-2024-32113's Re-Emergence And Amplified Risks
Discover critical CVE-2024-32113 in Apache OFBiz, enabling remote code execution. Learn mitigation strategies and upgrade recommendations.
π΅οΈββοΈ Cyber Staffing Shortages Remain CISOs' Biggest Challenge π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Besides operational issues connected to a talent shortage, the cost of running security platforms and their training costs also keeps CISOs up at night.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Cyber Staffing Shortages Remain CISOs' Biggest Challenge
Besides operational issues connected to a talent shortage, the cost of running security platforms β and their training costs β also keeps CISOs up at night.
π΅οΈββοΈ How a Centuries-Old Company Reached Security Maturity π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
In this case study, a 180yearold life and pension insurer brought its security infrastructure into the modern age.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
How a Centuries-Old Company Reached Security Maturity
In this case study, a 180-year-old life and pension insurer brought its security infrastructure into the modern age.
π΅οΈββοΈ Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Air Gaps Undone by Acoustic Attack via LCD Screens
In the "PixHell" attack, sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps.
π¦Ώ Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
A Mark of the Web security alert vulnerability and three others have been exploited in the wild and are now covered by Redmonds monthly patch batch.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities
A Mark of the Web security alert vulnerability and three others have been exploited in the wild and are now covered by Redmondβs monthly patch batch.
π΅οΈββοΈ Microsoft Discloses 4 Zero-Days in September Update π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
This month's Patch Tuesday contains a total of 79 vulnerabilities the fourth largest of the year.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Microsoft Discloses 4 Zero-Days in September Update
This month's Patch Tuesday contains a total of 79 vulnerabilities β the fourth largest of the year.
βοΈ Bug Left Some Windows PCs Dangerously Unpatched βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebsonsecurity
Bug Left Some Windows PCs Dangerously Unpatched
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug thatβ¦
π΅οΈββοΈ India Needs Better Cybersecurity for Space, Critical Infrastructure π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
As attacks on satellites rise with nationstate conflicts, the South Asian nation joins other spacecapable countries in doubling down on cybersecurity.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
India Needs Better Cybersecurity for Space Systems
As attacks on satellites rise with nation-state conflicts, the South Asian nation joins other space-capable countries in doubling down on cybersecurity.
π₯1
π΅οΈββοΈ Wiz Launches Wiz Code Application Security Tool π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Wiz Code identifies and flags cloud risks in code to help improve collaboration between security and development teams.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Wiz Launches Wiz Code Application Security Tool
Wiz Code identifies and flags cloud risks in code to help improve collaboration between security and development teams.
ποΈ Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity