Ionut Arghire

CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability

CISA has added five bugs to its Known Exploited Vulnerabilities catalog, including the recent WordPad, Skype, and HTTP/2 zero-days.

October 11, 2023

Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal

A Mirai botnet variant tracked as IZ1H9 has updated its arsenal with 13 exploits targeting various routers, IP cameras, and other IoT devices.

October 10, 2023

SAP Releases 7 New Notes on October 2023 Patch Day

SAP has released seven new notes as part of its October 2023 Security Patch Day, all rated ‘medium severity’.

October 10, 2023

New ‘Grayling’ APT Targeting Organizations in Taiwan, US

A previously unknown APT group is targeting organizations in biomedical, IT, and manufacturing sectors in Taiwan.

October 10, 2023

Magecart Web Skimmer Hides in 404 Error Pages

A newly identified Magecart web skimming campaign is tampering with ‘404’ error pages to hide malicious code.

October 10, 2023

Credential Harvesting Campaign Targets Unpatched NetScaler Instances

Threat actors are targeting Citrix NetScaler instances unpatched against CVE-2023-3519 to steal user credentials.

October 9, 2023

Patches Prepared for ‘Probably Worst’ cURL Vulnerability

A high-severity vulnerability in the data transfer project cURL will be addressed with libcurl and curl updates this week.

October 9, 2023

DC Board of Elections Discloses Data Breach

The District of Columbia Board of Elections says voter records were compromised in a data breach at hosting provider DataNet.

October 9, 2023

Google Expands Bug Bounty Program With Chrome, Cloud CTF Events

Google is hosting capture the flag (CTF) events focused on Chrome’s V8 engine and on Kernel-based Virtual Machine (KVM).

October 9, 2023

Android Devices With Backdoored Firmware Found in US Schools

A global cybercriminal operation called BadBox has infected the firmware of more than 70,000 Android smartphones, CTV boxes, and tablets with the Triada malware.

October 6, 2023

Microsoft Releases New Report on Cybercrime, State-Sponsored Cyber Operations

US, Ukraine, and Israel remain the most heavily attacked by cyberespionage and cybercrime threat actors, Microsoft says.

October 6, 2023

Organizations Warned of Top 10 Cybersecurity Misconfigurations Seen by CISA, NSA

CISA and the NSA are urging network defenders and software developers to address the top ten cybersecurity misconfigurations.

October 6, 2023

GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks

GitHub beefs up its secret scanning feature, now allowing users to check the validity of exposed credentials for major cloud services.

October 5, 2023

Red Cross Publishes Rules of Engagement for Hacktivists During War

ICRC is telling hacktivists involved in conflict during war to avoid targeting civilian objectives and hospitals, or making threats of violence.

October 5, 2023

CISA, NSA Publish Guidance on IAM Challenges for Developers, Vendors

New US government guidance details the challenges that application developers and vendors face in identity and access management (IAM).

October 5, 2023

Hundreds Download Malicious NPM Package Capable of Delivering Rootkit

Threat actor uses typosquatting to trick hundreds of users into downloading a malicious NPM package that delivers the r77 rootkit.

October 5, 2023

New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks

Supermicro has released BMC IPMI firmware updates to address multiple vulnerabilities impacting select motherboard models.

October 4, 2023

Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions

A local privilege escalation vulnerability (CVE-2023-4911) in the GNU C Library (glibc) can be exploited to gain full root privileges.

October 4, 2023

Google, Yahoo Boosting Email Spam Protections

Google and Yahoo are introducing new requirements for bulk senders, to improve phishing and spam protections.

October 4, 2023

US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform

An open redirection vulnerability in the popular job search platform Indeed has been exploited in a series of phishing attacks.

October 3, 2023

SECURITYWEEK NETWORK:

ICS:

Ionut Arghire

CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability

Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal

SAP Releases 7 New Notes on October 2023 Patch Day

New ‘Grayling’ APT Targeting Organizations in Taiwan, US

Magecart Web Skimmer Hides in 404 Error Pages

Credential Harvesting Campaign Targets Unpatched NetScaler Instances

Patches Prepared for ‘Probably Worst’ cURL Vulnerability

DC Board of Elections Discloses Data Breach

Google Expands Bug Bounty Program With Chrome, Cloud CTF Events

Android Devices With Backdoored Firmware Found in US Schools

Microsoft Releases New Report on Cybercrime, State-Sponsored Cyber Operations

Organizations Warned of Top 10 Cybersecurity Misconfigurations Seen by CISA, NSA

GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks

Red Cross Publishes Rules of Engagement for Hacktivists During War

CISA, NSA Publish Guidance on IAM Challenges for Developers, Vendors

Hundreds Download Malicious NPM Package Capable of Delivering Rootkit

New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks

Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions

Google, Yahoo Boosting Email Spam Protections

US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform

Featured

Vulnerabilities

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

Vulnerabilities

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

Hacker Conversations

Hacker Conversations: Isira Adithya, the Evolution of an Ethical Hacker

Artificial Intelligence

AI and Cybersecurity – Everything You Wanted to Know, But Were Afraid to Ask

ICS/OT

Cal Water Investigating Iranian Hackers’ Claims

Network Security

Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks

Ransomware

Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer

Latest News

Identity & Access

Webinar Today: How Modern Breaches Bypass MFA and Evade Detection

Funding/M&A

1Password Acquires Apono in Reported $250M-$300M Deal

Artificial Intelligence

Tenet Security Emerges From Stealth With $6 Million Seed Funding

ICS/OT

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software

Malware & Threats

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

Vulnerabilities

Oracle’s Second Monthly Security Updates Deliver 245 Patches

Vulnerabilities

Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities

Daily Briefing Newsletter