βοΈ Patch Tuesday, October 2024 Edition βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 "Sequoia" update that broke many cybersecurity tools.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Patch Tuesday, October 2024 Edition
Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, andβ¦
ποΈ Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance CSA have come under active exploitation in the wild. The zeroday flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utahbased software services provider said. Successful exploitation of these vulnerabilities could allow an authenticated.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Users searching for game cheats are being tricked into downloading a Luabased malware that is capable of establishing persistence on infected systems and delivering additional payloads. "These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community," Morphisec researcher Shmuel Uzan said in a new report published today, adding "this malware.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π American Water Hit by Cyber-Attack, Billing Systems Disrupted π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
American Water, the largest water utility in the US, discovered a cyberattack impacting internal systems on October 3.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
American Water Hit by Cyber-Attack, Billing Systems Disrupted
American Water, the largest water utility in the US, discovered a cyber-attack impacting internal systems on October 3
π Cloud Security Risks Surge as 38% of Firms Face Exposures π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Tenables latest report reveals 38 of organizations face risks from a toxic cloud triad of security gaps.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cloud Security Risks Surge as 38% of Firms Face Exposures
Tenableβs latest report reveals 38% of organizations face risks from a βtoxic cloud triadβ of security gaps
π¦
Apple Issues Urgent Security Advisory for iOS and iPadOS Vulnerabilities π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Apple has released a new security advisory highlighting the issues affecting Apples iOS and iPadOS platforms. As detailed in the advisory, two vulnerabilities have been identified, both of which affect Apple iOS and iPadOS up to version 18.0. The vendor is Apple, and patches are available for these vulnerabilities. The first vulnerability, CVE202444204, relates to information disclosure and has been assigned a CVSSv3.1 score of 5.5, indicating a medium severity level. This vulnerability allows saved passwords to be read aloud by the VoiceOver feature, posing a significant privacy risk for users on affected iOS and iPadOS versions. A patch is available for this vulnerability. The second vulnerability, CVE202444207, also relates to information disclosure, with a CVSSv3...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Apple Urgently Warns Of IOS And IPadOS Security Flaws
Adobe and Apple release critical updates for FrameMaker, iOS, and iPadOS, addressing vulnerabilities that pose privacy risks. Update now!
π¦
MisterioLNK: The Open-Source Builder Behind Malicious Loaders π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble Research and Intelligence Labs CRIL has uncovered a new, previously undetected loader builder known as "MisterioLNK." This discovery follows our earlier analysis of Quantum Software, another LNK filebased builder that has been gaining traction in the cyber landscape. MisterioLNK, available on GitHub, presents a significant challenge to security defenses, as files generated by this tool currently exhibit minimal or zero detection rates by conventional security systems. As described on GitHub, MisterioLNK is an opensource loader builder that leverages Windows script engines to execute malicious payloads while employing obfuscation as well. It is crafted to operate discreetly, downloading files into temporary directories before launching them, thereby enhancing its evasive capabi...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
MisterioLNK: Open-Source Builder For Malicious Loaders
Explore CRIL's findings on MisterioLNK, an open-source loader builder creating evasive malicious files like LNK and BAT. Stay informed!
ποΈ Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities and devices and conduct business email compromise BEC attacks, which ultimately result.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1
ποΈ Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromiumbased.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Microsoft Fixes Five Zero-Days in October Patch Tuesday π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Octobers Patch Tuesday saw Microsoft patch over 100 CVEs including five zeroday vulnerabilities.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Microsoft Fixes Five Zero-Days in October Patch Tuesday
Octoberβs Patch Tuesday saw Microsoft patch over 100 CVEs including five zero-day vulnerabilities
π¦Ώ How to Safeguard Enterprises from Exploitation of AI Applications π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Artificial intelligence may be about to transform the world. But there are security risks that need to be understood and several areas that can be exploited. Find out what these are and how to protect the enterprise in this TechRepublic Premium feature by Drew Robb. Featured text from the download LLM SECURITY WEAKNESSES Research by ...π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
How to Safeguard Enterprises from Exploitation of AI Applications | TechRepublic
Artificial intelligence may be about to transform the world. But there are security risks that need to be understood and several areas that can be
π Australia Introduces First Standalone Cybersecurity Law π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Australian governments Cyber Security Bill 2024 will mandate cybersecurity standards for smart devices and introduce ransomware reporting requirements.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Australia Introduces First Standalone Cybersecurity Law
The Australian governmentβs Cyber Security Bill 2024 will mandate cybersecurity standards for smart devices and introduce ransomware reporting requirements
π New EU Body to Centralize Complaints Against Facebook, TikTok, YouTube π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Appeals Centre Europe is supported by Metas Oversight Board Trust and certified by Ireland's media regulator.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New EU Body to Centralize Complaints Against Facebook, TikTok, YouTube
The Appeals Centre Europe is supported by Metaβs Oversight Board Trust and certified by Ireland's media regulator
π Ivanti: Three CSA Zero-Days Are Being Exploited in Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Ivantis Cloud Services Appliance is being targeted by threat actors exploiting three zeroday bugs.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ivanti: Three CSA Zero-Days Are Being Exploited in Attacks
Ivantiβs Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs
π¦
Security Updates for Adobe FrameMaker: Addressing Critical Vulnerabilities π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Adobe has released new updates across several of its products, including Adobe FrameMaker, Adobe Substance 3D Printer, Adobe Commerce and Magento Open Source, Adobe Dimension, Adobe Animate, Adobe Lightroom, Adobe InCopy, Adobe InDesign, and Adobe Substance 3D Stager. The primary reason for these updates is the swarm of vulnerabilities across Adobe products, as covered by the Cybersecurity and Infrastructure Security Agency CISA, as these updates address critical vulnerabilities that could allow malicious actors to execute arbitrary codes on affected systems. Although Adobe has stated that it is not aware of any exploits in the wild targeting these vulnerabilities, the potential risks necessitate immediate action from users to secure their installations. The vulnerabili...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Security Updates For Adobe FrameMaker: Addressing Critical Vulnerabilities - Cyble
Adobe has released critical security updates for FrameMaker and other products to address vulnerabilities that could allow arbitrary code execution.
π’ Amazon Aurora deep dive π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Deploy servers with a secure approach.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Amazon Aurora deep dive
Deploy servers with a secure approach
π1
π’ Fortify your future: How HPE ProLiant Servers deliver top-tier cyber security, management, and performance π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Deploy servers with a secure approach.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Fortify your future: How HPE ProLiant Servers deliver top-tier cyber security, management, and performance
Deploy servers with a secure approach
π’ Three secrets to success for the MSSP π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
MSSPs can capitalize on growing demand to outsource security workloads amid ongoing economic hurdles and skills shortages here's how.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ChannelPro
Three secrets to success for the MSSP
MSSPs can capitalize on growing demand to outsource security workloads amid ongoing economic hurdles and skills shortages β here's how
π΅οΈββοΈ AI-Augmented Email Analysis Spots Latest Scams, Bad Content π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Multimodal AI systems can help enterprise defenders weed out fraudulent emails, even if the system has not seen that type of message before.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
AI-Augmented Email Analysis Spots Latest Scams
Cybercriminals and other bad actors use images to bypass email security, but multimodal AI systems can also help enterprise defenders weed out fraudulent emails.
π΅οΈββοΈ Building Cyber Resilience in SMBs βWith βLimited Resources π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
With careful planning, ongoing evaluation, and a commitment to treat cybersecurity as a core business function, SMBs can transform their vulnerabilities into strengths.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Building Cyber Resilience in SMBs βWith βLimited Resources
βββWith careful planning, ongoing evaluation, and a commitment to treat cybersecurity as a core business function, SMBs can transform their vulnerabilities into strengthsββ.
π΅οΈββοΈ Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Since April, attackers have increased their use of Dropbox, OneDrive, and SharePoint to steal the credentials of business users and conduct further malicious activity.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks
Since April attackers have increased their use of Dropbox, OneDrive, and SharePoint to steal the credentials of business users and conduct further malicious activity.