Security News Bundle

"Microsoft Power Toys adds Window registry preview feature."

Views expressed in this cybersecurity, cybercrime, cyber espionage update are those of the reporters and correspondents. Accessed on 09 April 2023, 2358 UTC. Content supplied by "Security News Bundle" via https://feedly.com.

Source: https://feedly.com/i/collection/content/user/f401222a-bca6-4c45-9cc1-183f239e8d86/category/7737d3c9-5fe2-4b34-8708-85e57085f895 ("Security News Bundle").

Please click link or scroll down to read your selections. Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

PowerToys v0.69.0 released

•

96BleepingComputer / 3h

Microsoft PowerToys, a set of free utilities for Windows 10 users, has introduced a new feature allowing users to preview registry file contents before importing them. [...]

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

2 TTPs

•

Security Affairs / 5h

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog Apple addressed two actively exploited zero-day flaws MSI confirms security breach after Money Message ransomware attack Microsoft aims at stopping cybercrimi

Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days

79SecurityWeek / 2d

The newest iOS 16.4.1 and iPadOS 16.4.1 patches a pair of code execution flaws that have already been exploited in the wild. The post appeared first on SecurityWeek .

TODAY

Researchers disclose critical sandbox escape bug in vm2 sandbox library

2 TTPs

•

Security Affairs / 3h

The development team behind the vm2 JavaScript sandbox library addressed a critical Remote Code Execution vulnerability. The developers behind the vm2 JavaScript sandbox module have addressed a critical vulnerability, tracked as CVE-2023-29017 (CVSS score 9.8), that could be exploited to execute arbitrary shellcode. vm2 is a sandbox that can run untrusted code in an isolated context on Node.js se

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Security Affairs / 7h

Andrey Shevlyakov, an Estonian national, was charged in the US with conspiracy and other charges related to acquiring U.S.-made electronics on behalf of the Russian government and military. The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. The defendant was arrested in Estonia on March 28, 2023, he used several Esto

All Dutch govt networks to use RPKI to prevent BGP hijacking

25BleepingComputer / 8h

The Dutch government will adopt the RPKI (Resource Public Key Infrastructure) standard on all its systems before the end of 2024 to upgrade the security of its internet routing. [...]

YESTERDAY

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

2 TTPs

•

Security Affairs / 1d

US CISA has added Veritas Backup Exec flaws, which were exploited in ransomware attacks, to its Known Exploited Vulnerabilities catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog : CVE-2021-27876 – Veritas Backup Exec Agent File Access Vulnerability CVE-2021-27877 – Veritas Backup Exec Agent

Breached shutdown sparks migration to ARES data leak forums

48BleepingComputer / 1d

A threat group called ARES is gaining notoriety on the cybercrime scene by selling and leaking databases stolen from corporations and public authorities. [...]

Western Digital struggles to fix massive My Cloud outage, offers workaround

Data Destruction (Enterprise T1485)

•

200+BleepingComputer / 1d

On Friday, five days into a massive outage impacting its cloud services, Western Digital finally provided customers with a workaround to access their files. [...]

Taiwanese PC Company MSI Falls Victim to Ransomware Attack

Ransomware MSI Gang

•

100+The Hacker News / 1d

Taiwanese PC company MSI (short for Micro-Star International) officially confirmed it was the victim of a cyber attack on its systems. The company said it "promptly" initiated incident response and recovery measures after detecting "network anomalies." It also said it alerted law enforcement agencies of the matter. That said, MSI did not disclose any specifics about when the attack took place

Microsoft delays Exchange Online CARs deprecation until 2024

100+BleepingComputer / 1d

Microsoft announced today that Client Access Rules (CARs) deprecation in Exchange Online will be delayed by one year until September 2024. [...]

APR 07

SecurityWeek Briefing

"New RAMBO attack allows air-gapped data theft." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 10 September 2024, 0035 UTC. Content and Source: https://www.securityweek.com Please check link or scroll down to read your selections. Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Monday, September 9 , 2024 Are you worried about unmanaged devices and apps? LATEST CYBERSECURITY HEADLINES New RAMBO Attack Allows Air-Gapped Data Theft Predator Spyware Resurfaces With Fresh Infrastructure Google Pushes Rust in Legacy Firmware to Tackle Memory Safety Flaws 300,000 Impacted by Data Breach at Car Rental Firm Avis One Million US Kaspersky Customers Transferred to Pango’s UltraAV Two Indicted in US for Running Dark Web Marketplaces Offering Stolen Information Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks CISA Breaks Silence on Controvers...

Hawaii Cybersecurity Journal

Search This Blog