ποΈ 5 SaaS Misconfigurations Leading to Major Fu*%@ Ups ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and apptoapp connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams. Misconfigurations are silent killers, leading to major.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π CISA Warns of Critical Software Vulnerabilities in Industrial Devices π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Multiple vulnerabilities in Rockwell Automation and Mitsubishi products could allow ICS cyberattacks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
CISA Warns of Critical Software Vulnerabilities in Industrial Devices
Multiple vulnerabilities in Rockwell Automation and Mitsubishi products could allow ICS cyber-attacks
β€1
π¦
IT Vulnerability Report: Fortinet, SonicWall, Grafana Exposures Top 1 Million π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Cyble Research and Intelligence Labs CRIL researchers investigated 17 vulnerabilities and nine dark web exploits during the period of Oct. 2329, and highlighted seven vulnerabilities that merit highpriority attention from security teams. This weeks IT vulnerability report affects an unusually high number of exposed devices and instances Vulnerabilities in Fortinet, SonicWall, and Grafana Labs can be found in more than 1 million webfacing assets, and a pair of 10.0severity vulnerabilities in CyberPanel have already been massexploited in ransomware attacks. Security teams should assess which of these vulnerabilities are present in their environments and the risks they pose and apply patches and mitigations promptly. The Weeks Top IT Vulnerabilities Here are the top IT...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
IT Vulnerability Report: Fortinet, SonicWall, Grafana Exposures Top 1 Million - Cyble
Cybleβs weekly IT vulnerability report highlights vulnerabilities in Fortinet, SonicWall, Grafana Labs, CyberPanel and more.
π΅οΈββοΈ Chinese APTs Cash In on Years of Edge Device Attacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The sophisticated Chinese cyberattacks of today rest on important groundwork laid during the pandemic and before.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Chinese APTs Cash In on Years of Edge Device Attacks
The sophisticated Chinese cyberattacks of today rest on important groundwork laid during the pandemic and before.
π΅οΈββοΈ Critical Auth Bugs Expose Smart Factory Gear to Cyberattack π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Factory automation software from Mitsubishi Electric and Rockwell Automation could be subject to remote code execution RCE, denialofservice DoS, and more.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Critical Auth Bugs Expose Smart Factory Gear to Cyberattack
Factory automation software from Mitsubishi Electric and Rockwell Automation could be subject to remote code execution (RCE), denial-of-service (DoS), and more.
π΅οΈββοΈ IT Security Centralization Makes the Use of Industrial Spies More Profitable π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
As organizations centralize IT security, the risk of espionage is silently becoming a more profitable threat.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
IT Security Centralization Makes Industrial Spies Profitable
As organizations centralize IT security, the risk of espionage is silently becoming a more profitable threat.
π¦Ώ Top Tech Conferences & Events to Add to Your Calendar π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
A great way to stay current with the latest technology trends and innovations is by attending conferences. Read and bookmark our tech events guide.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Top Tech Conferences & Events to Add to Your Calendar in 2025
Discover the top tech conferences and events to add to your calendar in 2025, and stay updated on the latest trends and innovations.
βοΈ Booking.com Phishers May Leave You With Reservations βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spearphishing campaign that ensued when a California hotel had its booking.com credentials stolen. We'll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world's most visited travel website.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Booking.com Phishers May Leave You With Reservations
A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We'll also exploreβ¦
π Sophos Warns Chinese Hackers Are Becoming Stealthier π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Sophos provided details of changing tactics by Chinese APT groups over a fiveyear period, involving a shift towards stealthy, targeted attacks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Sophos Warns Chinese Hackers Are Becoming Stealthier
Sophos provided details of changing tactics by Chinese APT groups over a five-year period, involving a shift towards stealthy, targeted attacks
π΅οΈββοΈ EmeraldWhale's Massive Git Breach Highlights Config Gaps π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The largescale operation took advantage of open repositories, hardcoded credentials in source code, and other cloud oversights.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
EmeraldWhale's Massive Git Breach Highlights Config Gaps
The large-scale operation took advantage of open repositories, hardcoded credentials in source code, and other cloud oversights.
π΅οΈββοΈ Privacy Anxiety Pushes Microsoft Recall AI Release Again π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The Recall AI tool will be available to Copilot PC subscribers in December, and can be used to record images of every interaction on the device for review later. Critics say this introduces major privacy and security concerns along with useful functionality.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Privacy Anxiety Pushes Microsoft Recall AI Release Again
The Recall AI tool will be available to Copilot+ PC subscribers in December, and can be used to record images of every interaction on the device for review later. Critics say this introduces major privacy and security concerns along with useful functionality.
ποΈ Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? Its a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage. Cybersecurity and IT.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a new version of a wellknown Android malware family dubbed FakeCall that employs voice phishing aka vishing techniques to trick users into parting with their personal information. "FakeCall is an extremely sophisticated Vishing attack that leverages malware to take almost complete control of the mobile device, including the interception of incoming.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π’ Hackers have been posing as IT support on Microsoft Teams π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The social engineering campaign combines a traditional email spam campaign with Microsoft Teamsbased manipulation.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Hackers have been posing as IT support on Microsoft Teams
The social engineering campaign combines a traditional email spam campaign with Microsoft Teams-based manipulation
ποΈ Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It) ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
As the holiday season approaches, retail businesses are gearing up for their annual surge in online and instore traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain. Imperva, a Thales company, recently published its annual holiday shopping cybersecurity guide. Data from the Imperva Threat Research teams.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Googleβs AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google said it discovered a zeroday vulnerability in the SQLite opensource database engine using its large language model LLM assisted framework called Big Sleep formerly Project Naptime. The tech giant described the development as the "first realworld vulnerability" uncovered using the artificial intelligence AI agent. "We believe this is the first public example of an AI agent finding.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π UK Council Sites Recover Following Russian DDoS Blitz π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Several UK council websites are back online after being disrupted by Russian hacktivist DDoS attacks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Council Sites Recover Following Russian DDoS Blitz
Several UK council websites are back online after being disrupted by Russian hacktivist DDoS attacks
π¦
CISA Warns of Critical Vulnerabilities in Rockwell Automationβs FactoryTalk ThinManager π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Cybersecurity and Infrastructure Security Agency CISA has alerted about new vulnerabilities in Rockwell Automation FactoryTalk ThinManager. The alert, designated ICSA2430501, outlines serious security risks that could affect users of the software. With a CVSS v4 score of 9.3, these vulnerabilities demand immediate attention from security teams to safeguard industrial control systems. The vulnerabilities identified in Rockwell Automation's FactoryTalk ThinManager include "Missing Authentication for Critical Function" and "OutofBounds Read." These issues can allow remote attackers to manipulate databases or cause denialofservice conditions. The successful exploitation of these vulnerabilities poses a risk to users. Attackers could send specially crafted messages to ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Rockwell Automation FactoryTalk ThinManager Vulnerabilities
CISA warns of critical vulnerabilities in Rockwell Automation's FactoryTalk ThinManager, demanding urgent action from security teams.
ποΈ German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
German law enforcement authorities have announced the disruption of a criminal service called dstat.cc that made it possible for other threat actors to easily mount distributed denialofservice DDoS attacks. "The platform made such DDoS attacks accessible to a wide range of users, even those without any indepth technical skills of their own," the Federal Criminal Police Office aka.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
ποΈ THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03) ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
This week was a total digital dumpster fire! Hackers were like, "Let's cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. You know, the ones they use in spy movies? We're talking passwordstealing bots, sneaky extensions that spy on you, and even cloudhacking ninjas! It's enough to make you want to chuck your phone in the ocean.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Supply Chain Attack Uses Smart Contracts for C2 Ops π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Checkmarx has observed a novel npm supply chain attack using Ethereum smart contracts to manage commandandcontrol C2 operations.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Supply Chain Attack Uses Smart Contracts for C2 Ops
Checkmarx has observed a novel npm supply chain attack using Ethereum smart contracts to manage command-and-control (C2) operations