Ionut Arghire

Cisco Patches 27 Vulnerabilities in Network Security Products

Cisco has released software updates to address 27 vulnerabilities in Cisco ASA, FMC, and FTD software.

November 2, 2023

Iranian Cyber Spies Use ‘LionTail’ Malware in Latest Attacks

Check Point reports that an Iranian APT has been observed using a new malware framework in targeted attacks in the Middle East.

November 1, 2023

Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway

Multiple threat actors are exploiting CVE-2023-4966, aka Citrix Bleed, a critical vulnerability in NetScaler ADC and Gateway.

November 1, 2023

Chrome 119 Patches 15 Vulnerabilities

Chrome 119 is rolling out to Linux, macOS, and Windows users with patches for 15 vulnerabilities.

November 1, 2023

Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution

Threat actors are constantly publishing malicious NuGet packages to automatically execute code on developers’ machines.

November 1, 2023

SIEM and Log Management Provider Graylog Raises $39 Million

Graylog secured $39 million in funding to accelerate product development and scale its go-to-market operations.

November 1, 2023

Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability

Atlassian warns that a critical vulnerability in Confluence Data Center and Server could lead to significant data loss if exploited.

October 31, 2023

IAM Credentials in Public GitHub Repositories Harvested in Minutes

A threat actor is reportedly harvesting IAM credentials from public GitHub repositories within five minutes of exposure.

October 31, 2023

Attackers Exploiting Critical F5 BIG-IP Vulnerability

Exploitation of a critical vulnerability (CVE-2023-46747) in F5’s BIG-IP product started less than five days after public disclosure and PoC exploit code was published.

October 31, 2023

Florida SIM Swapper Sentenced to Prison for Cryptocurrency Theft

A 20-year-old Floridian was sentenced to prison for his role in a hacking scheme that led to the theft of $1 million in cryptocurrency.

October 30, 2023

Boeing Investigating Ransomware Attack Claims

The LockBit ransomware gang claims to have stolen large amounts of data from aerospace giant Boeing.

October 30, 2023

Apple Improves iMessage Security With Contact Key Verification

New capability detects attacks on iMessage servers and allows users to verify a conversation partner’s identity.

October 30, 2023

Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack

Researchers document the Wiki-Slack attack, a new technique that uses modified Wikipedia pages to target end users on Slack.

October 30, 2023

Hackers Earn Over $1 Million at Pwn2Own Toronto 2023

Hackers have demonstrated 58 zero-days and earned more than $1 million in rewards at Pwn2Own Toronto 2023.

October 30, 2023

Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools

The StripedFly malware has APT-like capabilities, but remained unnoticed for five years, posing as a cryptocurrency miner.

October 27, 2023

F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP

A critical-severity vulnerability in F5 BIG-IP CVE-2023-46747 allows unauthenticated attackers to execute code remotely.

October 27, 2023

Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data

Mirth Connect versions prior to 4.4.1 are vulnerable to CVE-2023-43208, a bypass for an RCE vulnerability.

October 26, 2023

Hackers Earn $350k on Second Day at Pwn2Own Toronto 2023

Smart speakers, printers, routers, NAS devices, and mobile phones were hacked on the second day at Pwn2Own Toronto 2023.

October 26, 2023

CISA, HHS Release Cybersecurity Healthcare Toolkit

CISA and the HHS have released resources for healthcare and public health organizations to improve their security.

October 26, 2023

Google Announces Bug Bounty Program and Other Initiatives to Secure AI

Google announces a bug bounty program and other initiatives for increasing the safety and security of AI.

October 26, 2023

SECURITYWEEK NETWORK:

ICS:

Ionut Arghire

Cisco Patches 27 Vulnerabilities in Network Security Products

Iranian Cyber Spies Use ‘LionTail’ Malware in Latest Attacks

Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway

Chrome 119 Patches 15 Vulnerabilities

Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution

SIEM and Log Management Provider Graylog Raises $39 Million

Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability

IAM Credentials in Public GitHub Repositories Harvested in Minutes

Attackers Exploiting Critical F5 BIG-IP Vulnerability

Florida SIM Swapper Sentenced to Prison for Cryptocurrency Theft

Boeing Investigating Ransomware Attack Claims

Apple Improves iMessage Security With Contact Key Verification

Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack

Hackers Earn Over $1 Million at Pwn2Own Toronto 2023

Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools

F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP

Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data

Hackers Earn $350k on Second Day at Pwn2Own Toronto 2023

CISA, HHS Release Cybersecurity Healthcare Toolkit

Google Announces Bug Bounty Program and Other Initiatives to Secure AI

Featured

Vulnerabilities

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

Vulnerabilities

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

Hacker Conversations

Hacker Conversations: Isira Adithya, the Evolution of an Ethical Hacker

Artificial Intelligence

AI and Cybersecurity – Everything You Wanted to Know, But Were Afraid to Ask

ICS/OT

Cal Water Investigating Iranian Hackers’ Claims

Network Security

Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks

Ransomware

Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer

Latest News

Identity & Access

Webinar Today: How Modern Breaches Bypass MFA and Evade Detection

Funding/M&A

1Password Acquires Apono in Reported $250M-$300M Deal

Artificial Intelligence

Tenet Security Emerges From Stealth With $6 Million Seed Funding

ICS/OT

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software

Malware & Threats

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

Vulnerabilities

Oracle’s Second Monthly Security Updates Deliver 245 Patches

Vulnerabilities

Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities

Daily Briefing Newsletter