Posted inNews
From Dark Reading – Novel Exploit Chain Enables Windows UAC Bypass
Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it's not really a vulnerability. Read More
Posted inNews
From Dark Reading – Sloppy Entra ID Credentials Attract Hybrid Cloud Ransomware
Microsoft warns that ransomware group Storm-0501 has shifted from buying initial access to leveraging weak credentials to gain on-premises access before moving laterally to the cloud. Read More
Posted inNews
From Security Week – Torq Secures $70M Series C for HyperSOC
[[{"value":"The New York late-stage startup banks $70 million in a new funding round led by Evolution Equity Partners. The post Torq Secures $70M Series C for HyperSOC appeared first on…
Posted inToolkit
From Security Week – Controversial Windows Recall AI Search Tool Returns With Proof-of-Presence Encryption, Data Isolation
[[{"value":"Microsoft reboots controversial Windows Recall with proof-of-presence encryption, anti-tampering checks, and secure enclave data management. The post Controversial Windows Recall AI Search Tool Returns With Proof-of-Presence Encryption, Data Isolation appeared…
_Artur_Marciniec_Alamy.jpg)
Posted inBreaches
From Dark Reading – Top Allies Executives & Boards Should Leverage During a Cyber Crisis
It is imperative for executives and board members to know who their top allies are, and how to best leverage them to successfully navigate a crisis and minimize the harm…
Posted inArticles
From Graham Cluley – Deepfake Ukrainian diplomat targeted US senator on Zoom call
[[{"value":"The chair of the United States Foreign Relations Committee was targeted by a sophisticated deepfake operation which impersonated a top Ukrainian official, in what was an apparent attempt at election…
Posted inNews
From The Hacker News – Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now
Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities.
The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers -
CVE-2024-46905 (CVSS score: 8.8)
Posted inNews
From Security Week – Five Eyes Agencies Release Guidance on Detecting Active Directory Intrusions
[[{"value":"Five Eyes cybersecurity agencies have released joint guidance on identifying Active Directory compromises. The post Five Eyes Agencies Release Guidance on Detecting Active Directory Intrusions appeared first on SecurityWeek."}]] Read More
_Borka_Kiss_Alamy.jpg)
Posted inNews
From Dark Reading – Could Security Misconfigurations Become No. 1 in OWASP Top 10?
As Superman has kryptonite, software has weaknesses — with misconfigurations leading the pack. Read More
Posted inNews
From Security Week – Visa to Acquire Fraud Protection Firm Featurespace
[[{"value":"Incubated at Cambridge University’s engineering department, Featurespace's algorithmic-based solutions analyze transaction data to detect fraud cases. The post Visa to Acquire Fraud Protection Firm Featurespace appeared first on SecurityWeek."}]] Read More
Posted inVulnerabilities
From Cybersecurity Help – Cyber Security Week in Review: September 27, 2024
In brief: The US sanctions Russian crypto exchanges, the Chinese hackers reportedly infiltrate US ISPs, and more. Read More
Posted inNews
From Security Week – Meta Hit With $102 Million Privacy Fine From European Union Over 2019 Password Security Lapse
[[{"value":"Meta fined more than $100 million by a European Union privacy regulator over a security lapse involving Facebook passwords. The post Meta Hit With $102 Million Privacy Fine From European…
Posted inNews
From Cybercrime Magazine – Cybercriminal Gangs Invade Discord. The Growing Threat To Gamers.
This week in cybersecurity from the editors at Cybercrime Magazine –Listen to the Cybercrime Magazine Podcast Interview Sausalito, Calif. – Sep. 27, 2024 Cybercriminal gangs are infiltrating popular online community…
Posted inToolkit
From Security Week – In Other News: Salt Typhoon Hacks US ISPs, China Doxes Hackers, New Tool for AI Attacks
[[{"value":"Noteworthy stories that might have slipped under the radar: China’s Salt Typhoon has hacked US ISPs, China has doxed Taiwanese hackers, and Bishop Fox has a new tool for AI…
Posted inNews
From Security Week – US Announces Charges, Sanctions Against Russian Administrator of Carding Website
[[{"value":"US offers up to $10 million for information on Timur Shakhmametov, charging him with running the carding website Joker’s Stash. The post US Announces Charges, Sanctions Against Russian Administrator of…