British intelligence services to protect all UK schools from ransomware attacks
GCHQ's National Cyber Security Centre (NCSC) is rolling out a free service that will help protect schools from connecting to malicious internet domains.
cyberveille.decio.ch
Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as being exploited-in-the-wild. This must be the first time real-world attackers have reversed a patch, and reproduced a vulnerability, before some dastardly researchers released a detection artefact generator tool of their own. /s At watchTowr's core, we're all about identifying and validating ways into organisations - sometimes through vulnerabilities in network border appliances - without requiring such luxuries as credentials or asset lists.
New Google Project Aims to Become Global Clearinghouse for Scam, Fraud Data
Google launches Global Signal Exchange (GSE), an initiative aimed at fostering the sharing of online fraud and scam intelligence.
MITRE Announces AI Incident Sharing Project
MITRE’s AI Incident Sharing initiative helps organizations receive and hand out data on real-world AI incidents. Non-profit technology and R&D company MITRE has introduced a new mechanism that enables organizations to share intelligence on real-world AI-related incidents. Shaped in collaboration with over 15 companies, the new AI Incident Sharing initiative aims to increase community knowledge of threats and defenses involving AI-enabled systems.
iPhone Mirroring Exposes Employees' Personal Applications
The iPhone Mirroring feature in macOS Sequoia and iOS 18 may expose employees’ private applications to corporate IT environments.
Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines
Gamers searching for game cheats are falling victim to a global malware campaign delivering RedLine Stealer.
Neo-Nazis head to encrypted SimpleX Chat app, bail on Telegram
App swears there’s no way for law enforcement to track users’ identities.
CTV industry’s unprecedented “surveillance”
48-page report citing Ars Technica urges FTC, FCC investigate connected TV data harvesting. Gen AI, potentially racially discrimniatory practices head concerns.
Ukrainian pleads guilty to operating Raccoon Stealer malware
Ukrainian national Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation.
Dutch police arrest admin of 'Bohemia/Cannabia' dark web market
An international law enforcement operation led to the arrest of one of the three administrators of the dual dark web market 'Bohemia/Cannabia,' known for hosting ads for drug sales and distributed denial of service (DDoS) attacks.
Personal Information Compromised in Universal Music Data Breach
Universal Music Group is informing hundreds of individuals about a recent data breach impacting personal information.
MoneyGram says hackers stole customers' personal information and transaction data | TechCrunch
The money transfer giant said hackers also stole some customer Social Security numbers during the September cyberattack.
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies - zendesk.md
Telekopye transitions to targeting tourists via hotel booking scam
ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms.
Pokemon developer Game Freak hit with hack, internal info leaking
Pokemon developer Game Freak hit with big hack, leaking source code news about MMO-like game Synapse with ILCA, and more.
UK Ambulance Services targeted by Kremlin-protected Russian hackers
A cyber security expert warns the hack, uncovered by i, presents a 'terrible threat to public health safety'
Hackers Advertise Stolen Verizon Push-to-Talk ‘Call Logs’
The breach does not appear to impact the main consumer Verizon network, and instead involves the company’s push to talk (PTT) product, marketed to public sector agencies and enterprises.
A Mysterious Hacking Group Has 2 New Tools to Steal Data From Air-Gapped Machines | WIRED
It's hard enough creating one air-gap-jumping tool. Researchers say the group GoldenJackal did it twice in five years.
Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server
Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security. #Deprecated #L2TP #Microsoft #PPTP #Server #VPN #Windows
Hacked Robot Vacuums Across the U.S. Started Yelling Slurs
"It could have been worse," one owner incredibly concluded.
After breach of billions of records, National Public Data files for bankruptcy | Cybernews
National Public Data, a company responsible for a massive leak of Social Security numbers in the summer, has filed for bankruptcy. That's unsurprising.
U.S., Microsoft seize over 100 websites allegedly used by Russian spies
The FBI and Microsoft have seized more than 100 web domains they say Russian intelligence used for cyber-espionage, according to court documents unsealed Thursday.
Internet Archive hacked, data breach impacts 31 million users
Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.
The PrintNightmare is not Over Yet
Following the publication of my blog post A Practical Guide to PrintNightmare in 2024, a few people brought to my attention that there was a way to bypass the Point and Print (PnP) restrictions recommended at the end. So, rather than just updating this article with a quick note, I decided to dig a little deeper, and see if I could find a better way to protect against the exploitation of PnP configurations.
CVE-2024-31227: Finding a DoS Vulnerability in Redis
A case study on advanced fuzzing techniques for network services.
File hosting services misused for identity phishing
Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks.
AI girlfriend site breached, user fantasies stolen
Chatbot companion platform muah.ai was hacked and had its chatbot prompts stolen.
Hackers targeted Android users by exploiting zero-day bug in Qualcomm chips
EXC: Security researchers at Google and Amnesty International discovered hackers exploiting the bug in an active hacking campaign.
From Perfctl to InfoStealer
From Perfctl to InfoStealer, Author: Xavier Mertens
Zero Day Initiative — The October 2024 Security Update Review
It’s the spooky season, and there’s nothing spookier than security patches – at least in my world. Microsoft and Adobe have released their latest patches, and no bones about it, there are some skeletons in those closets. Take a break from your regular activities and join us as we review the details