Written by: Foti Castelan, Max Thauer, JP Glab, Gabby Roncone, Tufail Ahmed, Jared Wilson < div class=”block-paragraph_advanced”> Summary In October 2024, Mandiant collaborated with Fortinet to investigate the mass exploitation of FortiManager appliances across 50+ potentially compromised FortiManager devices in…
Samsung phone users under attack, Google warns
Don’t ignore this nasty zero day exploit says TAG A nasty bug in Samsung’s mobile chips is being exploited by miscreants as part of an exploit chain to escalate privileges and then remotely execute arbitrary code, according to Google security…
Deep web horror stories from the dark side of the internet
If you thought the surface web was the whole internet, think again. The dark web is where things get really strange—and sometimes dangerous. It’s filled with underground websites that aren’t indexed by search engines, and that’s where some of the…
Penn State pays DoJ $1.25M to settle cybersecurity compliance case
Fight On, State? Not this time Pennsylvania State University has agreed to pay the Justice Department $1.25 million to settle claims of misrepresenting its cybersecurity compliance to the federal government and leaving sensitive data improperly secured. … This article has been…
CVE-2024-47575: Frequently Asked Questions About FortiJump Zero-Day in FortiManager and FortiManager Cloud
Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild. Background The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in…
Warning! FortiManager critical vulnerability under active attack
Security shop and CISA urge rapid action Fortinet has gone public with news of a critical flaw in its software management platform.… This article has been indexed from The Register – Security Read the original article: Warning! FortiManager critical vulnerability…
Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #310 – The Day After PI Planning
<a class=” sqs-block-image-link ” href=”https://www.comicagile.net/comic/the-day-after-pi-planning/” rel=”noopener” target=”_blank”> <img alt=”” height=”441″ src=”https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/409963df-29a3-42bd-9659-9bd963ef3c51/%23310+-+The+Day+After+PI+Planning.png?format=1000w” width=”500″ /> </a><figcaption class=”image-caption-wrapper”> via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé!…
DEF CON 32 – AppSec Village – Speed Bumps and Speed HacksP: Adventures in Car Mfg Security
Authors/Presenters:Paulo Silva, David Sopas Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.…
IT Security News Daily Summary 2024-10-23
Deceptive Google Meet Invites Lure Users Into Malware Scams ‘Satanic’ data thief claims to have slipped into 350M Hot Topic shoppers info Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action Critical Flaw in Open Policy Agent…
Deceptive Google Meet Invites Lure Users Into Malware Scams
A new wave of phishing attacks is targeting Google Meet users with fake conference calls to trick them into downloading malware. Read the details here. The post Deceptive Google Meet Invites Lure Users Into Malware Scams appeared first on eSecurity…
‘Satanic’ data thief claims to have slipped into 350M Hot Topic shoppers info
We know where you got your skinny jeans – big deal A data thief calling themselves Satanic claims to have purloined the records of around 350 million customers of fashion retailer Hot Topic.… This article has been indexed from The…
Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action
Healthcare organizations are an attractive target for ransomware attacks. Read our latest blog post to learn why and get strategies to protect yourself from cyberthreats. The post Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action appeared…
Critical Flaw in Open Policy Agent Exposed NTLM Credentials, Patch Released
A now-resolved security vulnerability in Styra’s Open Policy Agent (OPA) could have exposed New Technology LAN Manager (NTLM) hashes, potentially leading to credential leakage. If exploited, the flaw allowed attackers to capture the NTLM credentials of the OPA server’s…
OpenAI scientist Noam Brown stuns TED AI Conference: ’20 seconds of thinking worth 100,000x more data’
At the TED AI conference, OpenAI’s Noam Brown unveiled the o1 model, showcasing how “System Two Thinking” could transform industries by enabling AI to deliver smarter, more deliberate decision-making. This article has been indexed from Security News | VentureBeat Read…
Microsoft SharePoint RCE flaw exploits in the wild – you’ve had 3 months to patch
Plus, a POC to make it extra easy for attackers A Microsoft SharePoint bug that can allow an attacker to remotely inject code into vulnerable versions is under active exploitation, according to the US Cybersecurity and Infrastructure Security Agency (CISA).……
Fortinet Confirms Zero-Day Exploit Targeting FortiManager Systems
Fortinet confirms zero-day exploits hitting remote code execution bug in the FortiManager platform. CVSS severity score 9.8/10. The post Fortinet Confirms Zero-Day Exploit Targeting FortiManager Systems appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation, as confirmed by Fortinet. CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and…
Are Automatic License Plate Scanners Constitutional?
An advocacy groups is filing a Fourth Amendment challenge against automatic license plate readers. “The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked,…
Apple ‘Sharply Cuts’ Production For Vision Pro Headset – Report
Sales flop? Apple reportedly sharply scaled back production of its Vision Pro mixed-reality headset since the summer This article has been indexed from Silicon UK Read the original article: Apple ‘Sharply Cuts’ Production For Vision Pro Headset – Report
How Federal Agencies Are Achieving Zero Trust With Automation
“Never trust, always verify.” This key principle has been ingrained into the cybersecurity lexicon since Forrester first popularized the concept of zero trust in 2009. Since then, zero trust has emerged as one of the most important frameworks in modern…
Digital Echo Chambers and Erosion of Trust – Key Threats to the US Elections
Resecurity reports a rise in political content related to the 2024 US elections on social media, with increased activity from foreign sources. Resecurity has detected a substantial increase in the distribution of political content related to the 2024 US elections…
Google SynthID Adding Invisible Watermarks to AI-Generated Content
Google has released new technology to embed watermarks and flag AI-generated content across text, images, audio, and video. The post Google SynthID Adding Invisible Watermarks to AI-Generated Content appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
WeChat’s Updated Encryption System Prone to Threats for its Users
More than a billion people send messages over WeChat and as per a new study recently, it discovered some security flaws in terms of the encryption system. While some applications use end-to-end encryption to prevent secret conversations from being…
New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection
New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down…
Congratulations to the Top MSRC 2024 Q3 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q3 Security Researcher Leaderboard are…
Wiz hopes to hit $1B in ARR in 2025 before an IPO, after turning down Google’s $23B
Wiz co-founder Roy Reznik said the company hit $500 million in annual recurring revenue this year, and still thought it could double that in 2025. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed…
TA866 Group Linked to New WarmCookie Malware in Espionage Campaign
Cisco Talos reveals TA866’s (also known as Asylum Ambuscade) sophisticated tactics and its link to the new WarmCookie… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: TA866 Group Linked…