from
Crowdstrike BlogTo assist, CrowdStrike Falcon® Exposure Management identifies vulnerabilities and remediation steps across Linux distributions so administrators can reduce risk. Furthermore, CrowdStrike’s certification of its Falcon operator for Red Hat OpenShift has achieved “Level 2 — Auto Upgrade” status. This capability simplifies upgrades between minor versions of the operator, which improves manageability for platform engineering teams that may manage many OpenShift clusters across multiple cloud provide....
from
Security on TechRepublicBlack Basta affiliates have targeted organizations in the U.S., Canada, Japan, U.K., Australia and New Zealand. SEE: In 2022, Black Basta was considered one of the most dangerous and destructive ransomware groups Disclosure: I work for Trend Micro, but the views expressed in this article are mine.....
from
Security AffairsAs part of this assessment, we turned off our computer network.” reads the initial security breach notification. A new update provided by the City of Wichita revealed that threat actors copied certain files containing personal information from its network. These files contained law enforcement incident and traffic information, which include names, Social Security numbers, driver’s license or state identification card numbers, and payment card information.” reads the Notice of Data Event updated....
from
The Cyber ExpressExploiting this flaw, remote attackers can execute malicious code via crafted HTML pages, potentially compromising user data and system integrity. While federal agencies fare better in meeting CISA’s deadlines, technology companies face the highest exposure to critical KEVs, with a faster remediation turnaround of 93 days. Roland Cloutier, a Bitsight advisor, stresses the need for enhanced vulnerability management, citing organizational challenges in assigning responsibility and ensuring visibi....
from
InfoSecurity MagazineCyble observed that this fake update page has been crafted in various languages, including German, French, Spanish, Russian, Portuguese, Romanian, and English. The malware incorporates several features that allow it to deploy a range of malicious activities, including: Only install software from official app stores such as the Google Play Store (Android phones) or the Apple App Store (iOS phones) Use a reputed antivirus and internet security software package Use strong passwords and enforce mul....
from
CSO OnlineMark Rasch, an attorney specializing in cybersecurity issues who used to head the US Justice Department’s high-tech crimes group, told CSO that the new rule instructs companies “to secure that which they have been securing for decades. One SEC Commissioner, Hester Peirce, voted for the new rule, but expressed concerns it might generate notification fatigue, which could lead to people eventually ignoring all security notifications. Brian Levine, an attorney who is the Ernst & Young managing dire....
from
WeSecureApp | A New Age Cyber SecurityMigrating your business to the Amazon Web Services (AWS) cloud can be a game-changer, offering scalability, flexibility, and cost-efficiency. We collaborate with you to develop a clear remediation plan, prioritizing critical fixes and ensuring your AWS environment is effectively patched. Visit their website or contact them directly to book your free consultation – it’s the first step towards a more secure cloud future.....
from
Dark Reading:Seven different Windows privilege escalation vulnerabilities have not yet been addressed by Microsoft, two months after they were revealed at Pwn2Own 2024 in Vancouver. But unlike Apple, Google, and others, Microsoft has not yet patched a host of bugs uncovered by white hats back in March. However, because each has been fully exploited by researchers, Trend Micro's Zero Day Initiative (ZDI), which runs Pwn2Own, considers them "in the wild."....
from
The Record by Recorded FutureThe move, alongside several other high-profile breaches, set off a range of cybersecurity reforms in Australia. These included an updated national cybersecurity strategy that ultimately fell short of the government’s initial intentions to ban ransomware payments in their entirety. Clare O’Neil, Australia’s minister for cybersecurity, said she had been briefed on the incident.....
from
The Cyber ExpressBreachForums had long been a central marketplace for cybercriminals, facilitating the trade of stolen data and hacking tools. The new domains, breachnation.io and databreached.io, are set to launch on July 4, 2024, symbolically coinciding with Independence Day. Source: X.com (@EquationCorp)USDoD’s vision for BreachForums 3.0 includes robust infrastructure, with separate servers to ensure optimal performance and security.....
from
ITPro - SecurityIn one campaign highlighted in the report, hackers spreading the WikiLoader malware were found sending emails containing fake overdue PDF invoices, claiming to be from a logistics firm. Another stealth-oriented technique recorded by HP Wolf Security is its use of DLL sideloading using legitimate programs. Within the directory are installation files for Notepad++, which starts a legitimate, signed Notepad++ executable.....
from
The Cyber ExpressJust days after the cyberattack disrupted operations across its extensive network of 140 hospitals, Ascension is facing two proposed class-action lawsuits. Despite ongoing investigations and assurances of cooperation with authorities, Ascension has yet to disclose whether patients’ sensitive information was compromised during the cyber incident. The Catholic health system, which spans 140 hospitals and 40 senior living facilities nationwide, employs a workforce of approximately 132,000 individu....
from
Security Affairs....
from
Security WeekError....
from
Schneier on SecurityIf law enforcement has gained access to the hacking forum’s backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be used in law enforcement investigations. The FBI is requesting victims and individuals contact them with information about the hacking forum and its members to aid in their investigation. “From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating....
from
watchTowr Labs - BlogWe will, however, be focusing heavily on one in particular - CVE-2024-27130, an unauthenticated stack overflow bug, which allows remote-code execution(albeit with a minor prerequisite). It is hoped that those who store sensitive data on QNAP devices are able to better detect offensive actions when with this information. If you'd like to learn more about the watchTowr Platform, our Attack Surface Management and Continuous Automated Red Teaming solution, please get in touch.....
from
Penetration Testing OnlineIdentified by Bryan Smith of Redline Cyber Security, CVE-2024-22026 is a high-severity vulnerability that allows for local privilege escalation within the EPMM. This lack of validation enables attackers to execute arbitrary commands with root privileges by delivering a malicious RPM package. The appliance does not enforce signature verification or URL filtering, making it vulnerable to exploitation.....
from
InfoSecurity MagazineAustralian healthcare company MediSecure has suffered a “large scale” ransomware attack, putting individuals’ personal and health information at risk. “While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors,” MediSecure commented. The MediSecure incident follows a broader trend of healthcare organizations being targeted by ransomware attacks.....
from
GBHackers On SecurityLinux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target for gaining unauthorized access or spreading malware. This campaign reveals North Korean groups’ inclination toward software supply chain vectors such as Trojanized installers, fake apps, and compromised update channels. Springtail carefully chooses popular software among desired South Korean audiences to Trojanize them on third-party websites where they must be in....