π UK Council Sites Recover Following Russian DDoS Blitz π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Several UK council websites are back online after being disrupted by Russian hacktivist DDoS attacks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Council Sites Recover Following Russian DDoS Blitz
Several UK council websites are back online after being disrupted by Russian hacktivist DDoS attacks
π¦
CISA Warns of Critical Vulnerabilities in Rockwell Automationβs FactoryTalk ThinManager π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Cybersecurity and Infrastructure Security Agency CISA has alerted about new vulnerabilities in Rockwell Automation FactoryTalk ThinManager. The alert, designated ICSA2430501, outlines serious security risks that could affect users of the software. With a CVSS v4 score of 9.3, these vulnerabilities demand immediate attention from security teams to safeguard industrial control systems. The vulnerabilities identified in Rockwell Automation's FactoryTalk ThinManager include "Missing Authentication for Critical Function" and "OutofBounds Read." These issues can allow remote attackers to manipulate databases or cause denialofservice conditions. The successful exploitation of these vulnerabilities poses a risk to users. Attackers could send specially crafted messages to ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Rockwell Automation FactoryTalk ThinManager Vulnerabilities
CISA warns of critical vulnerabilities in Rockwell Automation's FactoryTalk ThinManager, demanding urgent action from security teams.
ποΈ German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
German law enforcement authorities have announced the disruption of a criminal service called dstat.cc that made it possible for other threat actors to easily mount distributed denialofservice DDoS attacks. "The platform made such DDoS attacks accessible to a wide range of users, even those without any indepth technical skills of their own," the Federal Criminal Police Office aka.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
ποΈ THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03) ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
This week was a total digital dumpster fire! Hackers were like, "Let's cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. You know, the ones they use in spy movies? We're talking passwordstealing bots, sneaky extensions that spy on you, and even cloudhacking ninjas! It's enough to make you want to chuck your phone in the ocean.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Supply Chain Attack Uses Smart Contracts for C2 Ops π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Checkmarx has observed a novel npm supply chain attack using Ethereum smart contracts to manage commandandcontrol C2 operations.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Supply Chain Attack Uses Smart Contracts for C2 Ops
Checkmarx has observed a novel npm supply chain attack using Ethereum smart contracts to manage command-and-control (C2) operations
π’ Warning issued after SharePoint flaw puts entire corporate networks at risk π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A threat actor was able to remain undetected on a corporate network for over two weeks after exploiting a highseverity SharePoint vulnerability.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Warning issued after SharePoint flaw puts entire corporate networks at risk
A threat actor was able to remain undetected on a corporate network for over two weeks after exploiting a high-severity SharePoint vulnerability
π΅οΈββοΈ Google: Big Sleep AI Agent Puts SQLite Software Bug to Bed π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A research tool by the company found a vulnerability in the SQLite open source database, demonstrating the "defensive potential" for using LLMs to find vulnerabilities in applications before they're publicly released.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Google: Big Sleep AI Agent Puts SQLite Software Bug to Bed
A research tool by the company found a real-world vulnerability in the SQLite open source database, demonstrating the "defensive potential" for using LLMs to find vulnerabilities in applications before they are publicly released.
π΅οΈββοΈ Name That Edge Toon: Aerialist's Choice π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Feeling creative? Submit your caption and our panel of experts will reward the winner with a 25 Amazon gift card.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Name That Edge Toon: Aerialist's Choice
Feeling creative? Submit your caption for the November Name That Edge Toon Contest and our panel of experts will reward the winner with a $25 Amazon gift card.
π΅οΈββοΈ Can Automatic Updates for Critical Infrastructure Be Trusted? π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The true measure of our cybersecurity prowess lies in our capacity to endure.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Can Auto Updates for Critical Infrastructure Be Trusted?
The true measure of our cybersecurity prowess lies in our capacity to endure.
π¦Ώ How AI Is Changing the Cloud Security and Risk Equation π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Discover how AI amplifies cloud security risks and how to mitigate them, with insights from Tenables Liat Hayun on managing data sensitivity, misconfigurations, and overprivileged access.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
How AI Is Changing the Cloud Security and Risk Equation
Discover how AI amplifies cloud security risks and how to mitigate them, with insights from Tenableβs Liat Hayun.
π TOR Virtual Network Tunneling Tool 0.4.8.13 π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with builtin privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers ISPs. This is the source code release.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
ποΈ Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence AI framework that could be exploited by a malicious actor to perform various actions, including denialofservice, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an attacker to carry out a widerange of malicious actions with a single HTTP request, including.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Columbus Ransomware Attack Exposes Data of 500,000 Residents π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The City of Columbus, Ohio, informed the Maine Attorney Generals Office that approximately 55 of its residents were affected by the breach.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Columbus Ransomware Attack Exposes Data of 500,000 Residents
The City of Columbus, Ohio, informed the Maine Attorney Generalβs Office that approximately 55% of its residents were affected by the breach
π1
π Cybercriminals Exploit DocuSign APIs to Send Fake Invoices π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cybercriminals are exploiting DocuSign APIs to send fake invoices, bypassing security filters and mimicking wellknown brands.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cybercriminals Exploit DocuSign APIs to Send Fake Invoices
Cybercriminals are exploiting DocuSign APIs to send fake invoices, bypassing security filters and mimicking well-known brands
π Nigerian Handed 26-Year Sentence for Real Estate Phishing Scam π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A US district court sentenced a Nigerian man for an elaborate maninthemiddle phishing campaign, which resulted in 12m in losses from realestate transactions.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Nigerian Handed 26-Year Sentence for Real Estate Phishing Scam
A US district court sentenced a Nigerian man for an elaborate βman-in-the-middleβ phishing campaign, which resulted in $12m in losses from real-estate transactions
π Google Researchers Claim First Vulnerability Found Using AI π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The flaw, an exploitable stack buffer underflow in SQLite, was found by Googles Big Sleep team using a large language model LLM.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Google Researchers Claim First Vulnerability Found Using AI
The flaw, an exploitable stack buffer underflow in SQLite, was found by Googleβs Big Sleep team using a large language model (LLM)
π US Says Russia Behind Fake Haitian Voters Video π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
US government agencies said the video, widely shared on social media, is part of Russias broader strategy of undermining the integrity of the Presidential Election.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Says Russia Behind Fake Haitian Voters Video
US government agencies said the video, widely shared on social media, is part of Russiaβs broader strategy of undermining the integrity of the Presidential Election
π¦
ICS Vulnerability Intelligence Report: Key Insights and Recommendations π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Cyble Research Intelligence Labs CRIL has investigated key ICS vulnerabilities this week, providing critical insights issued by the Cybersecurity and Infrastructure Security Agency CISA, focusing on multiple flaws in several ICS products. During this reporting period, CISA issued four security advisories targeting vulnerabilities across various Industrial Control Systems, including those from ICONICS, Mitsubishi Electric, VIMESA, iniNet Solutions, and Deep Sea Electronics. These advisories pinpoint ICS vulnerabilities that security teams should prioritize for immediate patching to mitigate potential risks. The recent vulnerability assessment has revealed a highseverity path traversal vulnerability in SpiderControl SCADA. The Deep Sea Electronics DSE855 has also been ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
ICS Vulnerability Report: Insights & Recommendations
Cyble Research investigates critical ICS vulnerabilities identified by CISA, emphasizing urgent patching for affected products.
π΅οΈββοΈ Okta Fixes Auth Bypass Bug After 3-Month Lull π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The bug affected accounts with 52character user names, and had several preconditions that needed to be met in order to be exploited.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Okta Fixes Auth Bypass Bug After 3-Month Lull
The bug affected accounts with 52-character user names, and had several pre-conditions that needed to be met in order to be exploited.
π΅οΈββοΈ OWASP Beefs Up GenAI Security Guidance Amid Growing Deepfakes π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, nextgeneration threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
OWASP Beefs Up GenAI Security Advice Amid Growing Deepfakes
As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, next-generation threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate.
π1
π¦Ώ Software Makers Encouraged to Stop Using C/C++ by 2026 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation assert that C, C, and other memoryunsafe languages contribute to potential security breaches.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Software Makers Encouraged to Stop Using C/C++ by 2026
CISA and the FBI released a Product Security Bad Practices Report asserting C, C++, and other languages cause potential security breaches.