Troy Hunt
SEPTEMBER 29, 2023
Ah, home 😊 It's been more than a month since I've been able to sit at this desk and stream a weekly video. And now I'm doing it with the glorious spring weather just outside my window, which I really must make more time to start enjoying. Anyway, this week is super casual due to having had zero prep time, but I hope the discussion about the ABC's piece on HIBP and I in particular is interesting.
Tech Republic Security
SEPTEMBER 29, 2023
We talked to Proofpoint researchers about this new malware threat and how it infects Windows systems to steal information.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We Live Security
SEPTEMBER 29, 2023
ESET researchers uncover a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, including a publicly undocumented backdoor we named LightlessCan.
Tech Republic Security
SEPTEMBER 29, 2023
These open directories could leak sensitive data, intellectual property or technical data and let an attacker compromise the entire system. Follow these security best practices for open directories.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
SEPTEMBER 29, 2023
Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. [.
Tech Republic Security
SEPTEMBER 29, 2023
Google and Mozilla have patched the zero-day vulnerability, which originates in the libvpx library.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
SEPTEMBER 29, 2023
Many Discord users attempting to access the popular instant messaging and VoIP social platform today have been met with a scary "Sorry, you have been blocked" message. [.
Malwarebytes
SEPTEMBER 29, 2023
Google has updated the Stable Channel for Chrome to 117.0.5938.132 for Windows, Mac and Linux. This update includes ten security fixes. According to Google there is an active exploit for one of the patched vulnerabilities, which means cybercriminals are aware of the vulnerability and are using it. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention.
Bleeping Computer
SEPTEMBER 29, 2023
A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers. [.
Tech Republic Security
SEPTEMBER 29, 2023
Automatically create and save passwords, fill in forms and logins, even securely share passwords and sync across all of your devices via WiFi.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
SEPTEMBER 29, 2023
Malicious ads served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools. The findings come from Malwarebytes, which revealed that unsuspecting users can be tricked into visiting booby-trapped sites and installing malware directly from Bing Chat conversations.
Security Affairs
SEPTEMBER 29, 2023
The World Baseball Softball Confederation (WBSC) left open a data repository exposing nearly 50,000 files, some of which were highly sensitive, the Cybernews research team has discovered. On June 5th, our researchers discovered a misconfigured Amazon Web Services (AWS) bucket storing nearly 48,000 files. A bucket is a container for storing data within AWS’s cloud storage system.
Graham Cluley
SEPTEMBER 29, 2023
Three Californian residents have been convicted of laundering millions of dollars tricked out of older adults who had fallen victim to government-imposter and tech support scams. Read more in my article on the Hot for Security blog.
Bleeping Computer
SEPTEMBER 29, 2023
The North Korean 'Lazarus' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown 'LightlessCan' backdoor. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Malwarebytes
SEPTEMBER 29, 2023
GitHub is experiencing issues of the “breached account and malicious code” variety. ITPro reports that unnamed individuals have been compromising accounts and using them to install malware capable of password theft. It’s a fairly elaborate scam which even includes imitation of GitHub’s popular Dependabot feature. To make this scam work, attackers first obtained access tokens belonging to their targets.
Security Affairs
SEPTEMBER 29, 2023
China-linked threat actors stole around 60,000 emails from U.S. State Department after breaching Microsoft’s Exchange email platform in May. China-linked hackers who breached Microsoft’s email platform in May have stolen tens of thousands of emails from U.S. State Department accounts, a Senate staffer told Reuters this week. During a briefing by U.S.
Digital Guardian
SEPTEMBER 29, 2023
Going forward, customers of Digital Guardian Secure Collaboration, formerly Vera, can find everything they need about the product, including support on Digital Guardian's website.
Dark Reading
SEPTEMBER 29, 2023
In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Graham Cluley
SEPTEMBER 29, 2023
Attackers are using the "ZeroFont" technique to manipulate the preview of a message to suggest it had already been scanned for threats. Read more in my article in the Tripwire State of Security blog.
SecureWorld News
SEPTEMBER 29, 2023
Single Sign-On (SSO) is a technology that allows users to access multiple applications with a single set of login credentials. This can make it easier for users to log in to applications and can also help to improve security. There are many different SSO vendors available, each with its own strengths and weaknesses. When choosing an SSO vendor, it is important to consider the following factors: Features: What features are important to you?
The Hacker News
SEPTEMBER 29, 2023
Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.," Kaspersky said in an analysis published this week.
Bleeping Computer
SEPTEMBER 29, 2023
Sebastien Raoult, a 22-year-old from France, has pleaded guilty in the U.S. District Court of Seattle to conspiracy to commit wire fraud and aggravated identity theft as part of his activities in the ShinyHunters hacking group. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
SEPTEMBER 29, 2023
Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114 (CVSS score: 3.
Dark Reading
SEPTEMBER 29, 2023
Cybersecurity's constant stream of shiny new things shouldn't distract managers from their focus on the people they're protecting.
The Hacker News
SEPTEMBER 29, 2023
The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta.
Dark Reading
SEPTEMBER 29, 2023
The federal department that oversees the US diplomatic corps abroad suffers a serious lack of visibility into the cyber threats it faces and the security vulnerabilities it's harboring.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
SecureWorld News
SEPTEMBER 29, 2023
As the clock ticks down to another potential shutdown of the U.S. federal government, concerns are mounting over the impact such an event could have on the cybersecurity of the United States. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the agency tasked with safeguarding the nation's critical infrastructure and defending against cyber threats, is facing the possibility of losing a significant portion of its workforce.
Dark Reading
SEPTEMBER 29, 2023
Securing AI within your organization starts with understanding how AI differs from traditional business tools. Google's Secure AI Framework provides a model for what to do next.
Bleeping Computer
SEPTEMBER 29, 2023
This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed. [.
Heimadal Security
SEPTEMBER 29, 2023
Zero Trust security is evolving from “nice to have” to an absolute must for organizations everywhere. Fortunately, Zero Trust offers numerous advantages to companies of all sizes, including medium-sized ones. While achieving full Zero Trust is a long-term goal, even partial Zero Trust environments help businesses of this size enhance their security posture and benefit […] The post 12 Benefits of Zero Trust for Mid-Sized Businesses appeared first on Heimdal Security Blog.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
231 
Let's personalize your content