Krebs on Security
SEPTEMBER 10, 2024
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.
Schneier on Security
SEPTEMBER 10, 2024
According to Microsoft researchers, North Korean hackers have been using a Chrome zero-day exploit to steal cryptocurrency.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
SEPTEMBER 10, 2024
Cary, NC, Sept. 10, 2024, CyberNewsWire — As cyber threats grow, small to medium-sized businesses (SMBs) are disproportionately targeted. According to the recent Hiscox annual cyber readiness report , 41% of SMBs in the US fell victim to a cyberattack in 2023, a figure that has nearly doubled since 2021. INE Security , a global leader in cybersecurity training and certifications, recognizes this as a critical issue and is leading an initiative for change by working with SMBs to bridge the
Kali Linux
SEPTEMBER 10, 2024
With summer coming to an end, so are package migrations, and Kali 2024.3 can now be released. You can now start downloading or upgrading if you have an existing Kali installation. The summary of the changelog since the 2024.2 release from June is: Qualcomm NetHunter Pro Devices - Qualcomm Snapdragon SDM845 SoC now supported New Tools - 11x new tools in your arsenal Our focus has been on a lot of behind the scenes updates and optimizations since the last release.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Tech Republic Security
SEPTEMBER 10, 2024
A Mark of the Web security alert vulnerability and three others have been exploited in the wild and are now covered by Redmond’s monthly patch batch.
We Live Security
SEPTEMBER 10, 2024
ESET researchers examine the recent activities of the CosmicBeetle threat actor, documentingt its new ScRansom ransomware and highlighting connections to other well-established ransomware gangs.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
SEPTEMBER 10, 2024
Microsoft will disable ActiveX controls by default in the Office suite, starting in October with the release of Office 2024.
The Hacker News
SEPTEMBER 10, 2024
A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the "audio gap" and exfiltrating sensitive information by taking advantage of the noise generated by the pixels on the screen. "Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 - 22 kHz," Dr.
Security Affairs
SEPTEMBER 10, 2024
Poland ‘s security officials announced that they successfully thwarted cyberattacks that were carried out by Russia and Belarus. Poland security services announced they have thwarted a cyber operation orchestrated by Russia and Belarus, aimed at destabilizing the country, according to Deputy Prime Minister and Minister for digital affairs Krzysztof Gawkowski. “The Belarusian and Russian foreign services… had a specific goal – to extort information, to blackmail individual
The Hacker News
SEPTEMBER 10, 2024
Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
Security Affairs
SEPTEMBER 10, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
Security Boulevard
SEPTEMBER 10, 2024
Manufacturing and industrial sectors are becoming bigger cyber-targets, and many of the intrusions are coming from China. Those are among the sobering takeaways from a report Tuesday by Ontinue’s Advanced Threat Operations team in its biannual Threat Intelligence Report. The two sectors endured a 105% increase in attacks during the first half of 2024, highlighting.
The Hacker News
SEPTEMBER 10, 2024
A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as part of a renewed state-sponsored operation codenamed Crimson Palace, indicating an expansion in the scope of the espionage effort.
Security Boulevard
SEPTEMBER 10, 2024
Just-in-time access has emerged as a game-changing approach to enhance the security posture of cloud environments. This innovative method aligns with the principle of least privilege, reducing the attack surface and minimizing potential security risks. The post Just-in-Time Access: Key Benefits for Cloud Platforms appeared first on Security Boulevard.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
eSecurity Planet
SEPTEMBER 10, 2024
Air-gapped systems have long been the go-to solution for sensitive operations, especially in sectors like defense, finance, and critical infrastructure. These systems, disconnected from external networks, are believed to be nearly impervious to cyberattacks. However, the evolving landscape of cybersecurity threats has brought new methods to breach even these fortified digital fortresses.
Security Boulevard
SEPTEMBER 10, 2024
The post Patch Tuesday Update - September 2024 appeared first on Digital Defense. The post Patch Tuesday Update – September 2024 appeared first on Security Boulevard.
Digital Shadows
SEPTEMBER 10, 2024
This report details the various stages of an Inc Ransomware attack intrusion lifecycle, from exploiting a firewall to the use of Windows log manager and PowerShell for defense evasion.
The Hacker News
SEPTEMBER 10, 2024
Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows - CVE-2024-29847 (CVSS score: 10.0) - A deserialization of untrusted data vulnerability that allows a remote unauthenticated attacker to achieve code execution.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
SEPTEMBER 10, 2024
Every business with a digital footprint, regardless of its nature or size, is vulnerable to cyberthreats. But small businesses, in particular, find themselves in a more perilous position. Apart from limited financial resources, there is also a perceived reluctance on the part of many small businesses to implement adequate cybersecurity measures in their business.
The Hacker News
SEPTEMBER 10, 2024
The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South America, while also likely working as an affiliate for RansomHub.
Security Boulevard
SEPTEMBER 10, 2024
Software developers, as key players in the digital ecosystem, must proactively adapt to these changes to ensure compliance and uphold the privacy rights of users. The post Looking Toward U.S. Federal Privacy Regulation, How Software Companies can Prepare appeared first on Security Boulevard.
The Hacker News
SEPTEMBER 10, 2024
The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and the deployment of next-stage payloads, according to new findings from Trend Micro. The cybersecurity firm, which is monitoring the activity cluster under the name Earth Preta, said it observed "the propagation of PUBLOAD via a variant of the worm HIUPAN.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Zero Day
SEPTEMBER 10, 2024
Millions of people with hearing loss go without assistive devices for various reasons. However, many of those millions likely now possess AirPods Pro 2 earbuds that can soon function as clinical-grade hearing aids.
The Hacker News
SEPTEMBER 10, 2024
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers. Shadow apps may include instances of software that the company is already using.
NetSpi Technical
SEPTEMBER 10, 2024
In this blog I’ll introduce SQL Server credential objects and discuss how they can be abused by threat actors to execute code as either a SQL Server login, local Windows user, or Domain user. I’ll also cover how to enable logging that can be used to detect the associated behavior. This should be interesting to penetration testers, red teamers, and DBAs looking for legitimate authentication work arounds.
Security Affairs
SEPTEMBER 10, 2024
The Quad7 botnet evolves and targets new SOHO devices, including Axentra media servers, Ruckus wireless routers and Zyxel VPN appliances. The Sekoia TDR team identified additional implants associated with the Quad7 botnet operation. The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Zero Day
SEPTEMBER 10, 2024
The Amazon Fire TV Omni QLED offers great picture and audio quality for both streaming and console gaming, and you can save $150 on the 55-inch version with this deal.
SecureWorld News
SEPTEMBER 10, 2024
Avis Car Rental has begun notifying close to 300,000 individuals about a data breach that occurred in August 2024, resulting in the theft of sensitive personal information. The breach reportedly exposed customer names, addresses, driver license numbers, and other personal data. Following the discovery of the breach, Avis initiated an incident response plan, including engaging cybersecurity experts to assess the scope of the attack and bolster security.
Malwarebytes
SEPTEMBER 10, 2024
Payment provider Slim CD has disclosed a security incident that may have exposed the full credit card information of anyone paying at a merchant that uses Slim CD’s services. The Florida-based gateway system, which allows merchants to take any kind of electronic payment, said on June 15 it noticed “suspicious activity” within its environment.
Zero Day
SEPTEMBER 10, 2024
The Amazon Fire TV Omni supports Dolby Atmos, HDR10, and comes with 6 months of MGM+ free. And right now at Amazon, you can save $220 on the 75-inch model.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Expert insights. Personalized for you.
212 
Let's personalize your content