π¦
The Re-Emergence of CVE-2024-32113: How CVE-2024-45195 has amplified Exploitation Risks π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview On September 7, 2024, Cyble Global Sensor Intelligence CGSI identified the active exploitation of CVE202432113, a critical path traversal vulnerability in the Apache OFBiz opensource enterprise resource planning ERP system. This flaw was initially addressed on April 12, 2024, with a formal patch released on May 8, 2024. CVE202432113 allows Threat Actors TAs to execute arbitrary commands by sending specially crafted requests, enabling them to gain unauthorized access and execute arbitrary commands. On September 4, 2024, the identification of CVE202445195 reignited concerns surrounding Apache OFBiz by revealing a bypass for several previously addressed vulnerabilities, notably CVE202432113. This development has intensified the exploitation of CVE202432113, as attackers expl...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CVE-2024-32113's Re-Emergence And Amplified Risks
Discover critical CVE-2024-32113 in Apache OFBiz, enabling remote code execution. Learn mitigation strategies and upgrade recommendations.
π΅οΈββοΈ Cyber Staffing Shortages Remain CISOs' Biggest Challenge π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Besides operational issues connected to a talent shortage, the cost of running security platforms and their training costs also keeps CISOs up at night.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Cyber Staffing Shortages Remain CISOs' Biggest Challenge
Besides operational issues connected to a talent shortage, the cost of running security platforms β and their training costs β also keeps CISOs up at night.
π΅οΈββοΈ How a Centuries-Old Company Reached Security Maturity π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
In this case study, a 180yearold life and pension insurer brought its security infrastructure into the modern age.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
How a Centuries-Old Company Reached Security Maturity
In this case study, a 180-year-old life and pension insurer brought its security infrastructure into the modern age.
π΅οΈββοΈ Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Air Gaps Undone by Acoustic Attack via LCD Screens
In the "PixHell" attack, sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps.
π¦Ώ Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
A Mark of the Web security alert vulnerability and three others have been exploited in the wild and are now covered by Redmonds monthly patch batch.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities
A Mark of the Web security alert vulnerability and three others have been exploited in the wild and are now covered by Redmondβs monthly patch batch.
π΅οΈββοΈ Microsoft Discloses 4 Zero-Days in September Update π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
This month's Patch Tuesday contains a total of 79 vulnerabilities the fourth largest of the year.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Microsoft Discloses 4 Zero-Days in September Update
This month's Patch Tuesday contains a total of 79 vulnerabilities β the fourth largest of the year.
βοΈ Bug Left Some Windows PCs Dangerously Unpatched βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebsonsecurity
Bug Left Some Windows PCs Dangerously Unpatched
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug thatβ¦
π΅οΈββοΈ India Needs Better Cybersecurity for Space, Critical Infrastructure π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
As attacks on satellites rise with nationstate conflicts, the South Asian nation joins other spacecapable countries in doubling down on cybersecurity.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
India Needs Better Cybersecurity for Space Systems
As attacks on satellites rise with nation-state conflicts, the South Asian nation joins other space-capable countries in doubling down on cybersecurity.
π₯1
π΅οΈββοΈ Wiz Launches Wiz Code Application Security Tool π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Wiz Code identifies and flags cloud risks in code to help improve collaboration between security and development teams.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Wiz Launches Wiz Code Application Security Tool
Wiz Code identifies and flags cloud risks in code to help improve collaboration between security and development teams.
ποΈ Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager EPM, including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows CVE202429847 CVSS score 10.0 A deserialization of untrusted data vulnerability that allows a remote unauthenticated attacker to achieve code execution.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Cyber workforce growth slows as tight budgets hit hiring targets β and itβs going to create a more dangerous threat landscape and send burnout through the roof π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The cyber workforce gap has grown to a record high of 4.8 million, with a total of 10.2 million security professionals now required to keep organizations protected globally.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Cyber workforce growth slows as tight budgets hit hiring targets β and itβs going to create a more dangerous threat landscape andβ¦
The cyber workforce gap has grown to a record high of 4.8 million, with a total of 10.2 million security professionals now required to keep organizations protected globally
π΅οΈββοΈ SOAR Is Dead, Long Live SOAR π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Business intelligence firm Gartner labels security orchestration, automation, and response as "obsolete," but the fight to automate and simplify security operations is here to stay.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
SOAR Is Dead, Long Live SOAR
Gartner labels security orchestration, automation, and response as "obsolete," but the fight to automate and simplify security operations is here to stay.
π1
π΅οΈββοΈ Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
In the "PixHell" attack, sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Air Gaps Undone by Acoustic Attack via LCD Screens
In the "PixHell" attack, sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps.
π΅οΈββοΈ 'Ancient' MSFT Word Bug Anchors Taiwanese Drone-Maker Attacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
An attack dubbed "WordDrone" that uses an old flaw to install a backdoor could be related to previously reported cyber incidents against Taiwan's military and satellite industrial supply chain.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
'Ancient' MSFT Word Bug Anchors Taiwanese Drone-Maker Attacks
An attack dubbed 'WordDrone' that uses an old flaw to install a backdoor could be related to previously reported cyber-incidents against Taiwan's military and satellite industrial supply chain.
ποΈ Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Singapore Police Force SPF has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9, 2024, simultaneously at several locations. The six men, aged between 32 and 42, are suspected of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Why Is It So Challenging to Go Passwordless? ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, "If it sounds too good to be true, it probably is." If your organization is like many, you may be contemplating a move to passwordless authentication. But the reality is that a passwordless security approach comes with its own.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. "The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews," ReversingLabs researcher Karlo Zanki said. The activity has been assessed to be part of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π CosmicBeetle steps up: Probation period at RansomHub π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
CosmicBeetle, after improving its own ransomware, tries its luck as a RansomHub affiliate.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
CosmicBeetle steps up: Probation period at RansomHub
ESET researchers examine the recent activities of the CosmicBeetle threat actor, documentingt its new ScRansom ransomware and highlighting connections to other well-established ransomware gangs.
π Crypto Scams Reach New Heights, FBI Reports $5.6bn in Losses π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Federal Bureau of Investigation's Internet Crime Complaint Center IC3 reported a 45 increase in cryptocurrencyrelated scams in 2023.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Crypto Scams Reach New Heights, FBI Reports $5.6bn in Losses
The Federal Bureau of Investigation's Internet Crime Complaint Center (IC3) reported a 45% increase in cryptocurrency-related scams in 2023
π Cybersecurity Workforce Gap Rises by 19% Amid Budget Pressures π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ISC2 found that the cybersecurity workforce gap is now at 4.8 million, a 19 increase from 2023.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cybersecurity Workforce Gap Rises by 19% Amid Budget Pressures
ISC2 found that the cybersecurity workforce gap is now at 4.8 million, a 19% increase from 2023