I pulse the truth from a Dittybopper instance to this community
Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software.
Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software. [...]
Sources: in early 2023, a hacker breached OpenAI's internal messaging systems and accessed product details; OpenAI told its staff, but not the public or the FBI (Cade Metz/New York Times)
By Cade Metz / New York Times. View the full context on Techmeme.
Cade Metz / New York Times: Sources: in early 2023, a hacker breached OpenAI's internal messaging systems and accessed product details; OpenAI told its staff, but not the public or the FBI — A security breach at the maker of ChatGPT last year revealed internal discussions among researchers and other employees, but not the code behind OpenAI's systems.
Ransomware scum who hit Indonesian government apologizes, hands over encryption key
Brain Cipher was never getting the $8 million it demanded anyway
Brain Cipher was never getting the $8 million it demanded anyway Brain Cipher, the group responsible for hacking into Indonesia's Temporary National Data Center (PDNS) and disrupting the country's services, has seemingly apologized for its actions and released an encryption key to the government.…
Researchers say GPS spoofing has impacted 60K+ commercial flights so far in 2024; GPS could become a relic as Chinese, Russian, and European systems modernize (New York Times)
From New York Times. View the full context on Techmeme.
New York Times: Researchers say GPS spoofing has impacted 60K+ commercial flights so far in 2024; GPS could become a relic as Chinese, Russian, and European systems modernize — The Global Positioning System runs the modern world. — But it is under daily attack. — This year alone, researchers say …
Linux Defense Evasion Techniques Detected by AhnLab EDR (2)
The blog post “Linux Defense Evasion Techniques Detected by AhnLab EDR (1)” [1] covered methods where the threat actors and malware strains attacked Linux servers before incapacitating security services such as firewalls and security modules and then concealing the installed malware. This post will ...
The blog post “Linux Defense Evasion Techniques Detected by AhnLab EDR (1)” [1] covered methods where the threat actors and malware strains attacked Linux servers before incapacitating security services such as firewalls and security modules and then concealing the installed malware. This post will cover additional defense evasion techniques against Linux systems not covered in the past post. For example, methods of concealing malware include having the running malware delete itself to not be noticed by an administrator, or deleting... The post Linux Defense Evasion Techniques Detected by AhnLab EDR (2) appeared first on ASEC BLOG.
A Chicago pediatrics hospital is notifying nearly 800,000 people that their information was compromised in a ransomware attack earlier this year. Cybercrime group
Chicago Pediatrics Center Refused to Pay Ransom to Rhysida Cybercrime GroupA Chicago pediatrics hospital is notifying nearly 800,000 people that their information was compromised in a ransomware attack earlier this year. Cybercrime group Rhysida had demanded a $3.4 million ransom for data it claims to have stolen in the incident. The hospital said it did not pay.
Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.
Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. [...]
OVHcloud, a global cloud services provider and one of the largest of its kind in Europe, says it mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year that reached an unprecedented packet rate of 840 million packets per second (Mpps).
OVHcloud, a global cloud services provider and one of the largest of its kind in Europe, says it mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year that reached an unprecedented packet rate of 840 million packets per second (Mpps). [...]
Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims' networks.
Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims' networks. [...]
California-based Patelco Credit Union, one of the largest in the U.S., says members can expect intermittent outages at ATMs and other disruptions.
Despite the growing implementation of security awareness training, recent research indicates that over half of cybersecurity professionals are concerned about s
Despite the growing implementation of security awareness training, recent research indicates that over half of cybersecurity professionals are concerned about security behaviours within their organisations. Key Findings from the Survey A survey conducted by ThinkCyber has revealed significant insights into attitudes towards security awareness training. Participants were asked to identify the security behaviours that posed […] The post Fear and Silence: 50% of Employees Hesitant to Report Security Errors first appeared on IT Security Guru. The post Fear and Silence: 50% of Employees Hesitant to Report Security Errors appeared first on IT Security Guru.
USN-6862-1: Firefox vulnerabilities
Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-5689, CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5697, CVE-2024-5698, CVE-2024-5699, CVE-2024-5700, CVE-2024-5701)
Lukas Bernhard discovered that Firefox did not properly manage memory during garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-5688)
Lukas Bernhard discovered that Firefox did not properly manage memory in the JavaScript engine. An attacker could potentially exploit this issue to obtain sensitive information. (CVE-2024-5694)
Irvan Kurniawan discovered that Firefox did not properly handle certain allocations in the probabilistic heap checker. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-5695)
Irvan Kurniawan discovered that Firefox did not properly handle certain text fragments in input tags. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-5696)
Record Breaking DDoS Attack 840 Mpps Attack Spotted
The DDoS attacks have evolved tremendously since 2016, with Mirai-like botnets setting new records. Attack frequency and intensity increased notably in 2023, with 1+ Tbps attacks almost becoming daily by 2024. Cybersecurity researchers at OVHcloud spotted record-breaking DDoS attacks of 840 Mpps and asserted that peaks of ~2.5 Tbps were also observed. Record-Breaking DDoS Attack […] The post Record Breaking DDoS Attack 840 Mpps Attack Spotted appeared first on Cyber Security News.
Traeger Grill D2 Wi-Fi Controller, Version 2.02.04
Discover critical vulnerabilities in the Traeger Grill D2 Wi-Fi Controller that could impact your grill's security. Read our advisory.
Discover critical vulnerabilities in the Traeger Grill D2 Wi-Fi Controller that could impact your grill's security. Read our advisory to learn about the issues identified.
A look at a US State Department program to train diplomats in cybersecurity, privacy, and other tech issues, allowing them to spot threats and advance US policy (Eric Geller/Wired)
By Eric Geller / Wired. View the full context on Techmeme.
Eric Geller / Wired: A look at a US State Department program to train diplomats in cybersecurity, privacy, and other tech issues, allowing them to spot threats and advance US policy — The US State Department is training diplomats in cybersecurity, privacy, telecommunications, and other technology issues, allowing them to advance US policy abroad.
Companies spend more on cybersecurity but struggle to track expenses
Despite increasing budgets, only 36% of organizations have a formal approach to determining cybersecurity budgets.
Most companies do not know how effectively they are investing money to fight the cybersecurity threat, according to Optiv. Cybersecurity budgets are increasing and cyber incidents are rampant, and yet only a small percentage of respondents have a formal approach to determining cybersecurity budgets, which can lead to inefficiencies and missed opportunities to address critical security gaps. Lack of formal approach to cybersecurity budgets Based on an independent Ponemon Institute survey, the report reveals a … More → The post Companies spend more on cybersecurity but struggle to track expenses appeared first on Help Net Security.
The U.S. Department of Health and Human Services has hit a Pennsylvania-based healthcare system with a $950,000 settlement for potential HIPAA violations found
Settlement Is Another Signal of HHS OCR's Latest Enforcement PriorityThe U.S. Department of Health and Human Services has hit a Pennsylvania-based healthcare system with a $950,000 settlement for potential HIPAA violations found during an investigation into a 2017 ransomware attack. It's HHS' third HIPAA enforcement action in a ransomware case so far.
Global fintech and money transfer company Wise has confirmed the compromise of some of its customers' data as a result of the LockBit ransomware attack against U.S. banking-as-a-service provider Evolve Bank & Trust, with which it has shared USD account information between 2020 and 2023, TechCrunch r...
Global fintech and money transfer company Wise has confirmed the compromise of some of its customers' data as a result of the LockBit ransomware attack against U.S. banking-as-a-service provider Evolve Bank & Trust, with which it has shared USD account information between 2020 and 2023, TechCrunch reports.
Almost Every Apple Device Vulnerable To CocoaPods Supply Chain Attack
Dependency manager used in millions of apps leaves a bitter taste
Splunk Patches High-Severity Vulnerabilities In Enterprise Product
Splunk has patched multiple vulnerabilities in Splunk Enterprise, including high-severity remote code execution bugs.