Houthi-Aligned APT Targets Mideast Militaries With...

Jul 9, 2024 | DARKREADING

Attackers Already Exploiting Flaws in Microsoft...

Jul 9, 2024 | DARKREADING

Cloud-Based Investigations Platform Targets Comple...

Jul 9, 2024 | DARKREADING

5 Tips to Minimize the Costly Effects of Data Exfi...

Jul 9, 2024 | DARKREADING

Evolve Bank & Trust Reveals 7M Impacted in Loc...

Jul 9, 2024 | DARKREADING

Trojanized jQuery Packages Spread via ‘Compl...

Jul 9, 2024 | DARKREADING

Chinese Threat Group APT40 Exploits N-Day Vulns at...

Jul 9, 2024 | DARKREADING

Eldorado Ransomware Cruises Onto the Scene to Targ...

Jul 9, 2024 | DARKREADING

CISA Takedown of Ivanti Systems Is a Wake-up Call

Jul 9, 2024 | DARKREADING

People’s Republic of China (PRC) Ministry of State...

Jul 8, 2024 | CISA Advisories

Disinformation, Fortify 24x7 Team, News

The Importance of SOC Analysts

Apr 2, 2024

Enhancing Cybersecurity Through Strategi...

Mar 31, 2024

Cybersecurity News & Resources You Need To Assess Current Threats

The Beers & Bytes Podcast

When you're thirsty for cheesy entertainment AND information security, grab a beer and the latest episode of Beers & Bytes.

Sorry, no posts found.

All

ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks

by Cyberthreat Blog | Jul 9, 2024 | The Hacker News | 0 |

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. “A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to...

Industrial Advisory Committee (IAC) Meeting

by Cyberthreat Blog | Jul 9, 2024 | NIST | 0 |
Houthi-Aligned APT Targets Mideast Militaries With ‘GuardZoo’ Spyware

by Cyberthreat Blog | Jul 9, 2024 | DARKREADING | 0 |
Cross site scripting vulnerability in SSL VPN web UI

by Cyberthreat Blog | Jul 9, 2024 | Fortinet PSIRT Advisories | 0 |

CVE Notifications

CVE-2020-9395

by Cyberthreat Blog | Jul 6, 2020 | CVE Notifications | 0 |

An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2’s 4-way-handshake via a malformed...

CVE-2020-4211

by Cyberthreat Blog | Feb 24, 2020 | CVE Notifications | 0 |
CVE-2019-4595

by Cyberthreat Blog | Feb 24, 2020 | CVE Notifications | 0 |
CVE-2020-4213

by Cyberthreat Blog | Feb 24, 2020 | CVE Notifications | 0 |

CERT Insider Threats

10 Lessons in Security Operations and Incident Management

by Cyberthreat Blog | Mar 4, 2024 | CERT Insider Threats | 0 |

This post outlines 10 lessons learned from more than three decades of building incident response and security teams throughout the globe.

CERT Releases 2 Tools to Assess Insider Risk

by Cyberthreat Blog | Feb 26, 2024 | CERT Insider Threats | 0 |
The 13 Key Elements of an Insider Threat Program

by Cyberthreat Blog | Feb 15, 2024 | CERT Insider Threats | 0 |
The 13 Key Elements of an Insider Threat Program

by Cyberthreat Blog | Oct 23, 2023 | CERT Insider Threats | 0 |

Ashley Madison To Pay Millions In Breach Settlement

by Fortify Security Team | Dec 18, 2016 | Breach | 0 |

Ashley Madison and New York Attorney General Schneiderman Announces $17.5 Million Settlement In Joint Multi-State And FTC Agreement. The settlement follows investigation finding that the adult dating website had lax security...

Millions of University Emails for Sale on Dark Web

by Cyberthreat Blog | Apr 4, 2017 | Breach, Security | 0 |

Researchers have found millions of US University emails (and passwords) for sale on the Dark Web. The stolen email addresses/password combinations are selling for $3.50 – $10 each. This is only a fraction of a lucrative...

Disinformation

Is hate speech covered by the First Amendment?

by Nate | Sep 25, 2020 | Disinformation | 0 |

SHARE AND INFORM OTHERS:.fusion-body .fusion-builder-column-0{width:100% !important;margin-top : 0px;margin-bottom : 20px;}.fusion-builder-column-0 > .fusion-column-wrapper {padding-top : 0px !important;padding-right : 0px...

Is the stock market a good measure of the economy?

by Nate | Sep 25, 2020 | Disinformation | 0 |
Is Russia actively interfering in the 2020 election?

by Nate | Sep 25, 2020 | Disinformation | 0 |
Is climate change really responsible for the fires?

by Nate | Sep 25, 2020 | Disinformation | 0 |

CERT-Vulnerabilities, National Cyber Awareness

VU#312260: Use-after-free vulnerability in lighttpd version 1.4.50 and earlier

by Cyberthreat Blog | Jul 9, 2024 | CERT-Vulnerabilities | 0 |

Overview A use-after-free vulnerability in lighttpd in versions 1.4.50 and earlier permits a remote, unauthenticated attacker to read from invalid pointers in CPU memory. The attacker can use crafted HTTP Requests to crash the...

VU#456537: RADIUS protocol susceptible to forgery attacks.

by Cyberthreat Blog | Jul 9, 2024 | CERT-Vulnerabilities | 0 |
VU#163057: BMC software fails to validate IPMI session.

by Cyberthreat Blog | Apr 30, 2024 | CERT-Vulnerabilities | 0 |
VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files

by Cyberthreat Blog | Apr 29, 2024 | CERT-Vulnerabilities | 0 |

SANS ISC Bulletins

Microsoft Patch Tuesday July 2024, (Tue, Jul 9th)

by Cyberthreat Blog | Jul 9, 2024 | SANS ISC Bulletins | 0 |

Microsoft today released patches for 142 vulnerabilities. Only four of the vulnerabilities are rated as “critical”. There are two vulnerabilities that have already been discussed and two that have already been...

Kunai: Keep an Eye on your Linux Hosts Activity, (Mon, Jul 8th)

by Cyberthreat Blog | Jul 8, 2024 | SANS ISC Bulletins | 0 |
Overlooked Domain Name Resiliency Issues: Registrar Communications, (Fri, Jul 5th)

by Cyberthreat Blog | Jul 5, 2024 | SANS ISC Bulletins | 0 |
SSH “regreSSHion” Remote Code Execution Vulnerability in OpenSSH., (Mon, Jul 1st)

by Cyberthreat Blog | Jul 1, 2024 | SANS ISC Bulletins | 0 |

The Ransomware Epidemic in Healthcare

by Fortify Security Team | Dec 13, 2016 | Healthcare, Security | 0 |

Ransomware attacks have plagued business of all sizes, healthcare institutions and even government entities during the first half of 2016, forcing CEO’s and CIO’s into damage control mode as IT teams scramble to beef...

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk

Jul 9, 2024 | The Hacker News

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from...

Privilege escalation from low privilege administrator

Jul 9, 2024 | Fortinet PSIRT Advisories

An improper access control vulnerability [CWE-284] in FortiExtender authentication component may allow a remote authenticated attacker to create users with elevated privileges via a crafted HTTP request.

[FortiWeb] Lack of client-side certificate validation when establishing secure connections

Jul 9, 2024 | Fortinet PSIRT Advisories

An improper certificate validation vulnerability [CWE-295] in FortiWeb may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device...

FortiAIOps – Cross-site request forgery

Jul 9, 2024 | Fortinet PSIRT Advisories

Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute...

FortiAIOps – Improper Session Management

Jul 9, 2024 | Fortinet PSIRT Advisories

Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Jul 9, 2024 | CISA Advisories

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23692 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a...

FortiAIOps – Sensitive Information leak to an Unauthorized Actor

Jul 9, 2024 | Fortinet PSIRT Advisories

Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] may allow an authenticated attacker to retrieve sensitive information from the API endpoint or logs.

Adobe Releases Security Updates for Multiple Products

Jul 9, 2024 | CISA Advisories

Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and...

Improper access control vulnerability in administrative interface

Jul 9, 2024 | Fortinet PSIRT Advisories

An improper access control vulnerability [CWE-284] in FortiADC may allow a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests.

Global Quantum Computing Market Expected to Reach $7.13B By 2031 As Data Protection Needs Increase

Jul 9, 2024 | DARKREADING

Microsoft Releases July 2024 Security Updates

Jul 9, 2024 | CISA Advisories

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and...

FortiOS – IP address validation mishandles zero characters

Jul 9, 2024 | Fortinet PSIRT Advisories

An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiOS and FortiProxy IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted...

2024 SANS SOC Survey Reveals Critical Trends and Technologies in Cyber Defense

Jul 9, 2024 | DARKREADING

Citrix Releases Security Updates for Multiple Products

Jul 9, 2024 | CISA Advisories

Citrix released security updates to address vulnerabilities in multiple Citrix products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and...

Multiple lack of client-side certificate validation when establishing secure connections

Jul 9, 2024 | Fortinet PSIRT Advisories

An improper certificate validation vulnerability [CWE-295] in FortiADC may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote...

Insecure Direct Object Reference in policy API Endpoint

Jul 9, 2024 | Fortinet PSIRT Advisories

An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortiportal organization interface may allow an authenticated attacker to view resources of other organizations via HTTP or HTTPS requests.

FortiAIOps – CSV Injection in export device inventory feature

Jul 9, 2024 | Fortinet PSIRT Advisories

An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps may allow a remote authenticated attacker to execute arbitrary commands on a client’s workstation via poisoned CSV...

OpenSSH regreSSHion Attack (CVE-2024-6387)

Jul 9, 2024 | Fortinet PSIRT Advisories

CVE-2024-6387A signal handler race condition was found in OpenSSH’s server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd’s SIGALRM...

Johnson Controls Illustra Pro Gen 4

Jul 9, 2024 | CISA ICS Advisories

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Pro Gen 4 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful...

CISA Releases Seven Industrial Control Systems Advisories

Jul 9, 2024 | CISA Advisories

CISA released seven Industrial Control Systems (ICS) advisories on July 9, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-191-01 Delta...

[FortiADC] Lack of client-side certificate validation when establishing secure connections with public SDN connectors

Jul 9, 2024 | Fortinet PSIRT Advisories

Delta Electronics CNCSoft-G2

Jul 9, 2024 | CISA ICS Advisories

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer...

Mitsubishi Electric MELIPC Series MI5122-VW

Jul 9, 2024 | CISA Advisories

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: MI5122-VW Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this...

Johnson Controls Software House C●CURE 9000

Jul 9, 2024 | CISA ICS Advisories

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Johnson Controls, Inc. Equipment: Software House C●CURE 9000 Vulnerability: Use of Weak Credentials 2. RISK EVALUATION...

Johnson Controls Software House C●CURE 9000

Jul 9, 2024 | CISA Advisories

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Johnson Controls Inc. Equipment: Software House C●CURE 9000 Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION...

RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks

Jul 9, 2024 | The Hacker News

Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass...

Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks

Jul 9, 2024 | The Hacker News

Cybersecurity researchers have found that it’s possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining....

GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel

Jul 9, 2024 | The Hacker News

Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo. The campaign, believed to have commenced as early as October...

HUMINT: Diving Deep into the Dark Web

Jul 9, 2024 | The Hacker News

Clear Web vs. Deep Web vs. Dark Web Threat intelligence professionals divide the internet into three main components: Clear Web – Web assets that can be viewed through public search engines, including media, blogs, and...

Cybersecurity Agencies Warn of China-linked APT40’s Rapid Exploit Adaptation

Jul 8, 2024 | The Hacker News

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about a China-linked cyber espionage group called APT40, warning about its ability to...

Notice of Funding Opportunity (NOFO) for a Standardization Center of Excellence

Jul 8, 2024 | NIST

NIST will host a webinar information session for applicants who are interested in learning about this funding opportunity on July 11, 2024, from 1:00 p.m. to 2:00 p.m. Eastern Time. The webinar will provide general information...

Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories

Jul 8, 2024 | The Hacker News

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a “complex and persistent” supply chain attack. “This attack...

CISA and Partners join ASD’S ACSC to Release Advisory on PRC State-Sponsored Group, APT 40

Jul 8, 2024 | CISA Advisories

CISA has collaborated with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) to release an advisory, People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action...

Cyber-Insurance Prices Plummet as Market Competition Grows

Jul 8, 2024 | DARKREADING

Now may be a good time to find good deals on insurance coverage for ransomware and security...

‘CloudSorcerer’ Leverages Cloud Services in Cyber-Espionage Campaign

Jul 8, 2024 | DARKREADING

The newly discovered APT’s main weapon is a malware tool that can change behavior depending...

10B Passwords Pop Up on Dark Web ‘RockYou2024’ Release

Jul 8, 2024 | DARKREADING

The passwords, dumped on a cyber-underground forum on July 4 by a hacker called...

Apple Geolocation API Exposes Wi-Fi Access Points Worldwide

Jul 8, 2024 | DARKREADING

Beyond the devices that use them, Wi-Fi hubs themselves can leak interesting data, thanks to some...

Identity Orchestration Is Gaining Traction

Jul 8, 2024 | DARKREADING

Identity orchestration products are increasingly projected to be introduced to the market in the...

New APT Group “CloudSorcerer” Targets Russian Government Entities

Jul 8, 2024 | The Hacker News

A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration....

Deconstructing Security Assumptions to Ensure Future Resilience

Jul 8, 2024 | DARKREADING

By breaking down fundamental assumptions, we can proactively plan for, and begin to achieve,...

Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites

Jul 8, 2024 | The Hacker News

An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material (CSAM), indicating how such information could be used to combat serious...

New Ransomware-as-a-Service ‘Eldorado’ Targets Windows and Linux Systems

Jul 8, 2024 | The Hacker News

An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate...

5 Ways to Run Security as a Meritocracy

Jul 8, 2024 | DARKREADING

Actions speak louder than words. Here are five tips for encouraging a security culture based on...

5 Key Questions CISOs Must Ask Themselves About Their Cybersecurity Strategy

Jul 8, 2024 | The Hacker News

Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore. Yet businesses, and the people that lead them, are justifiably...

Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries

Jul 8, 2024 | The Hacker News

Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz). That’s according to findings from Trend Micro, which said it recently observed a surge in cyber attacks...

Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service

Jul 8, 2024 | The Hacker News

Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or wipe source...

Apple Removes VPN Apps from Russian App Store Amid Government Pressure

Jul 7, 2024 | The Hacker News

Apple removed a number of virtual private network (VPN) apps in Russia from its App Store on July 4, 2024, following a request by Russia’s state communications watchdog Roskomnadzor, Russian news media reported. This...

A CISO’s Guide to Avoiding Jail After a Breach

Jul 5, 2024 | DARKREADING

Yahoo, Uber, SolarWinds — increasingly, the government is incentivizing better corporate security...

Euro Vishing Fraudsters Add Physical Intimidation to Arsenal

Jul 5, 2024 | DARKREADING

The persistent threat of social engineering tactics sees cybercriminals blending technology with...

Are SOC 2 Reports Sufficient for Vendor Risk Management?

Jul 5, 2024 | DARKREADING

SOC 2 reports are a valuable tool for evaluating vendor security, but they shouldn’t be the...

Why Cyber Teams Should Invest in Strong Communicators

Jul 5, 2024 | DARKREADING

As automation spreads and relieves security pros of time-consuming management tasks, their ability...

Ensuring AI Safety While Balancing Innovation

Jul 5, 2024 | DARKREADING

Experts will explore the oft-neglected necessity of AI safety and its integration with security...

OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers

Jul 5, 2024 | The Hacker News

French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps). This is just above the...

Euro 2024 Becomes Latest Sporting Event to Attract Cyberattacks

Jul 5, 2024 | DARKREADING

Cybercriminals are selling credentials linked to the tournament on underground markets, with some...

Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks

Jul 5, 2024 | The Hacker News

Identity theft isn’t just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware...

Blueprint for Success: Implementing a CTEM Operation

Jul 5, 2024 | The Hacker News

The attack surface isn’t what it once was and it’s becoming a nightmare to protect. A constantly expanding and evolving attack surface means risk to the business has skyrocketed and current security measures are struggling to...

GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks

Jul 5, 2024 | The Hacker News

The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts. “Updates to the GootLoader payload have resulted in several versions of...

Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies

Jul 4, 2024 | The Hacker News

The supply chain attack targeting widely-used Polyfill[.]io JavaScript library is wider in scope than previously thought, with new findings from Censys showing that over 380,000 hosts are embedding a polyfill script linking to...

New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks

Jul 4, 2024 | The Hacker News

Cybersecurity researchers have uncovered a new botnet called Zergeca that’s capable of conducting distributed denial-of-service (DDoS) attacks. Written in Golang, the botnet is so named for its reference to a string named...

Software Productivity Tools Hijacked to Deliver Infostealers

Jul 4, 2024 | DARKREADING

Innocuous little Windows programs were carrying cheap malware for weeks, exposing customers of the...