BEC Scammer Pleads Guilty to Part in $6m Scheme
Nigerian was extradited to the US from Canada
Researchers Spot Novel “Deadglyph” Backdoor
Malware is linked to UAE-backed spies
Almost US 900 Schools Breached Via MOVEit
National Student Clearinghouse reveals more details of incident
Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection
Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time.
"While this activity occurred around the same time and in some instances even simultaneously...
T-mobile exposes some customer data – but don’t call it a breach
PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Infosec in brief T-Mobile has had another bad week on the infosec front – this time stemming from a system glitch that...
Cisco Disrupts Observability & Cybersecurity Markets with Splunk Acquisition
Cisco's acquisition of Splunk benefits Cisco's ongoing b shift towards more software and subscription-based services, but will cause churn in the market,
Point of Sale Security Guide and Checklist
For retail businesses, the POS system is arguably their most important IT system. This TechRepublic Premium guide, and the accompanying checklist, will help you successfully secure a POS system for your business enterprise. From the guide: ACCESS CONTROLS The...
Internet and Email Usage Policy
This policy from TechRepublic Premium sets forth guidelines for the use of the internet, as well as internet-powered communication services, including email, proprietary group messaging services (e.g., Slack) and social networking services in business contexts. It also covers Internet...
Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
Government of...
iOS 17: iPhone Users Report Worrying Privacy Settings Change After Update
Have you updated your iPhone to iOS 17? You should check your privacy settings as they could reveal an unwanted and surprising change.
Don’t make this USB mistake! Protect your data with this encrypted gadget instead
From a military-standardized build to a complex passphrase mode, Kingston's IronKey is one of the most secure USBs you can buy.
Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware
Egyptian opposition politician Ahmed Altantawy was targeted with spyware after announcing a presidential bid, security researchers reported
The post Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware appeared first on SecurityWeek.
The Shocking Data on Kia and Hyundai Thefts in the US
Plus: MGM hackers hit more than just casinos, Microsoft researchers accidentally leak terabytes of data, and China goes on the PR offensive over cyberespionage.
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics
Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign.
"Deadglyph's architecture is unusual as it consists of cooperating components – one a native x64...
New Critical Security Warning For iPhone, iPad, Watch, Mac—Attacks Underway
Citizen Lab alongside Google’s Threat Analysis Group, has uncovered a no-click zero-day exploit chain impacting iPhones, iPads, Apple Watch and Macs.
Apple and Chrome Zero-Days Exploited to Hack Egyptian ex-MP with Predator Spyware
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023.
"The...
3 iOS 0-days, a cellular network compromise, and HTTP used to infect an iPhone
Enlarge (credit: Getty Images)
Apple has patched a potent chain of iOS zero-days that were used to infect the iPhone of an Egyptian presidential candidate with sophisticated spyware developed by...
LastPass: ‘Horse Gone Barn Bolted’ is Strong Password
The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move...
Cisco to Acquire Splunk for $28 Billion, Accelerating AI-Enabled Security and Observability
On Thursday Cisco agreed to buy Splunk in a $28 billion deal intended to address AI-enabled security and observability issues.
K000136957 : Apache struts vulnerability CVE-2023-41835
Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the ...
Debian Security Advisory 5503-1
Debian Linux Security Advisory 5503-1 - Multiple security issues were discovered in Netatalk, an implementation of the Apple Filing Protocol (AFP) for offering file service (mainly) to macOS clients, which may result in the execution of arbitrary code or...
ApexSMS – 23,246,481 breached accounts
In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password. The incident leaked over 80M records with 23M...
[R1] Nessus Version 10.5.5 Fixes Multiple Vulnerabilities
Nessus Version 10.5.5 Fixes Multiple Vulnerabilities
Arnie Cabral
Thu, 09/21/2023 - 10:55
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials...
Rockwell Automation Connected Components Workbench
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.6
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation
Vendor: Rockwell Automation
Equipment: Connected Components Workbench
Vulnerabilities: Use After Free, Out-of-bounds Write
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to exploit heap corruption...
