"Microsoft's Recall criticized for security shortcomings. Cyber espionage in Ukraine."
Views expressed in this cybersecurity, cyber crime, and cyber espionage update are those of the reporters and correspondents. Accessed on 09 June 2024, 1326 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing/13/111
Please scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Save 25% off of N2K practice tests, training courses, and practice labs.
N2K offers affordable exam prep training for top certifications from AWS, CompTIA, ISC2, Microsoft, Cisco, and many others. Get access to simulated exams, custom quizzes, e-flashcards, and more. Explore N2K’s expansive learning library of premium practice tests, training courses, and practice labs to help supplement your studies and accelerate your career journey. Save 25% with promo code "JUMP25" and get started today.
V13 | Issue 111 | 6.7.24
Daily Briefing for 06.07.24
ANNOUNCEMENT
Listen to our newest podcast, “Only Malware in the Building.”
N2K and Proofpoint have teamed up to launch “Only Malware in the Building,” the newest podcast on the N2K CyberWire network. Each month our hosts Selena Larson, Proofpoint’s staff threat researcher, and N2K’s Rick Howard and Dave Bittner, will explore the mysteries around today’s most intriguing cyber threats. Listen and subscribe now.
2024 N2K CyberWire Audience Survey.
We're always looking for ways to improve the N2K CyberWire network to give you an intelligence-driven news experience. Please take a few minutes to tell us about your network experience and share your feedback by completing our 2024 Audience Survey, and you will have a chance to win a $100 Amazon gift card. Take the survey.
SUMMARY
By the CyberWire staff
At a glance.
Microsoft's Recall criticized for security shortcomings.
Cyberespionage in Ukraine.
Exploit code released for critical Apache HugeGraph flaw.
Critical RCE flaw affects PHP.
Microsoft's Recall criticized for security shortcomings.
WIRED offers a summary of security concerns associated with Microsoft's upcoming Recall feature. Recall is an AI-powered tool that allows Windows to save snapshots of the screen every five seconds in order to allow users to search through their past activity using natural language. Microsoft insisted that a hacker would need physical access to a device to access this information, but security researcher Kevin Beaumont found that malware can easily exfiltrate the data from a compromised device. Beaumont says he's "deliberately holding back technical details until Microsoft ship the feature as I want to give them time to do something." Additionally, James Forshaw, a researcher with Google's Project Zero, found that a threat actor could access a PC's Recall data without administrative privileges.
Initial Compromise Insights: VPN and Phishing Attacks Exposed
Join us for an exclusive deep dive into initial compromise risks, focusing on threats posed by VPN vulnerabilities and sophisticated phishing attacks, and share insights from recent research and reports by Zscaler ThreatLabz group. Register now.
Cyberespionage in Ukraine.
The Computer Emergency Response Team of Ukraine (CERT-UA) has outlined a cyberespionage campaign by the UAC-0020 threat actor that's using SPECTR malware to target the Defense Forces of Ukraine. The malware is distributed via spearphishing emails with malicious RAR archive attachments. CERT-UA says the malware is used to "download stolen documents, files, passwords and other information from the computer."
UAC-0020 has been attributed to the law enforcement agencies of occupied Luhansk.
Exploit code released for critical Apache HugeGraph flaw.
The Register warns that a proof-of-concept exploit has been released for a critical remote code execution flaw (CVE-2024-27348) affecting Apache HugeGraph. Apache issued a patch for the vulnerability in April. Users are urged to ensure Apache HugeGraph is updated to version 1.3.0.
Webinar | Initial Compromise Insights: VPN and Phishing Attacks Exposed
Join us for an exclusive deep dive into initial compromise risks, focusing on threats posed by VPN vulnerabilities and sophisticated phishing attacks, and share insights from recent research and reports by Zscaler ThreatLabz group. Register now.
Want to dive deep into trending topics like AI, machine learning, or cloud? Or looking to reinforce concepts for top certifications from AWS, CompTIA, or ISC2? Explore N2K’s expansive learning library of on-demand training courses to help supplement your studies and accelerate your career journey. Get started today.
Critical RCE flaw affects PHP.
Researchers at DEVCORE have discovered a critical remote code execution vulnerability affecting PHP. The researchers explain, "While implementing PHP, the team did not notice the Best-Fit feature of encoding conversion within the Windows operating system. This oversight allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences. Arbitrary code can be executed on remote PHP servers through the argument injection attack."
PHP's development team released a patch for the flaw yesterday.
Notes.
Today's issue includes events affecting Russia, Ukraine, and the United States.
SPONSORED EVENTS
Upcoming Cyber Security Summits (Multiple Cities, May 14 - Jun 14, 2024) Join us In-Person and network over breakfast, lunch & a cocktail reception on 5/17 in Austin, 5/17 in Denver, 6/6 in Salt Lake City and 6/14 in Oklahoma City! Learn about the latest threats and solutions from The FBI, U.S. DHS/CISA, U.S. Secret Service & more. Earn CPE/CEU credits with your attendance. Get 50% off admission w/ code CSS24-CYBERWIRE at CyberSecuritySummit.com (Only $125 with code).
Webinar—2024 and beyond: Top six cloud security trends (Virtual, May 21 - Jun 11, 2024) Watch this webinar to find out about six emerging trends that are dominating the cloud cybersecurity landscape. You’ll also discover a range of solutions that can help you protect the security of your cloud environments. Watch Now.
Webinar | Initial Compromise Insights: VPN and Phishing Attacks Exposed (, May 28 - Jun 20, 2024) Join us for an exclusive deep dive into initial compromise risks, focusing on threats posed by VPN vulnerabilities and sophisticated phishing attacks, and share insights from recent research and reports by Zscaler ThreatLabz group. Register now.
SELECTED READING
Attacks, Threats, and Vulnerabilities
Wineloader - Analysis of the Infection Chain (Binary Defense) ARC Labs analyzed a sample of the Wineloader backdoor for infection chain analysis and detection opportunities to help defenders protect their organizations.
For a complete running list of events, please visit the Event Tracker.
Events
AWS re: Inforce (Philadelphia, Pennsylvania, USA, Jun 10 - 12, 2024) AWS re: Inforce is a conference that addresses AWS security and confidentiality for customers. The conference covers: Proactive security: Considerations and approaches; How AWS secures data, even from trusted operators and services; Identity and access management; Security mindfulness; Cryptography from the future: Research & innovation to protect customer data; Compliance and governance; Data protection and privacy; and Security operations.
Cyber Civil Defense Summit (Washington DC, Jun 13, 2024) The Cyber Civil Defense Summit brings together a community of cyber defenders, academics, and policymakers with the shared mission of protecting our most vulnerable public infrastructure against cybersecurity threats. This in-person event hosts exclusive keynotes and panels with government and industry leaders in cybersecurity, creating an intimate space for cross-sector conversations between academics, volunteers, and policymakers on how we can work together to protect vulnerable community organizations like hospitals, cities, school districts, and nonprofits.
SANS Rocky Mountain Summer 2024 (Denver (and virtual), Colorado, USA, Jun 17 - 22, 2024) At SANS Rocky Mountain Summer 2024, choose from 48 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
ISA OT Cybersecurity Summit (London, England, UK, Jun 18 - 19, 2024) Strategic OT Cybersafety | Intelligent Innovation for a Secure World The future of intelligence evolution and IoT cybersecurity relies on a strategic approach that integrates supply chain sustainability and security. By leveraging intelligent technologies and prioritizing standards and conformance, we can create a more resilient and secure future for all.
Initial Compromise Insights: VPN and Phishing Attacks Exposed (Virtual, Jun 20, 2024) Join us for an exclusive deep dive into initial compromise risks, focusing on threats posed by VPN vulnerabilities and sophisticated phishing attacks, and share insights from recent research and reports by Zscaler ThreatLabz group. Register now.
SPONSOR & SUPPORT
Grow your brand, generate leads, and fill your funnel.
With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
"International Defence Cooperation: A key to regional stability." Views expressed in this cybersecurity, cyber espionage, and cyber crime update are those of the reporters and correspondents. Accessed on 15 December 2024, 0134 UTC. Content and Source: https://cyberwar.einnews.com/news/cyber-war-news?n=2&code=FA9GNesSTpp2rjO1&utm_source=NewsletterNews&utm_medium=email&utm_campaign=Cyber+War+News&utm_content=navig Please check link or scroll down to read your selections. Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Cyber War News Monitoring Get by Email • RSS Published on Dec 13, 2024 The Cyber Warfare Market Size Reach USD 127.1 Billion by 2032 Exhibiting CAGR at 13.3% WILMINGTON, DE, UNITED STATES, December 13, 2024 /EINPresswire.com/ -- According to the report, The Cyber Warfare Market Size Reach USD 127.1 Billion by 2032 Exhibiting CAGR at 1...
"Progress LoadMaster vulnerable to 10/10 severity RCE flaw." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 08 September 2024, 1458 UTC. Content and Source: https://www.bleepingcomputer.com/ Please check link or scroll down to read your selections. Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Latest Articles Security Progress LoadMaster vulnerable to 10/10 severity RCE flaw Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device. Bill Toulas September 08, 2024 10:11 AM 0 Deals Get started learning about cybersecurity with this course bundle deal Take a real step towards a job in information security with this intro to cybersecurity. Get the 2...
"Fortinet confirms breach of customer data." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 15 September 2024, 1339 UTC. Content and Source: https://thecyberwire.com/newsletters/daily-briefing/13/176 Please check link or scroll down to read your selections. Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). V13 | Issue 176 | 9.13.24 Daily Briefing for 09.13.24 Announcement Cloud Security in the Age of Generative AI. Artificial Intelligence is revolutionizing business, but it also introduces new risks. Join us on Wednesday, September 18th at 2pm EDT for a compelling live webinar on "Good vs. Evil: Cloud Security in the Age of Generative AI" with N2K CyberWire’s Dave Bittner and Sysdig’s Loris Degioanni. Learn more and register now . Summary By the CyberWire staff At a glance. Fortinet confirms breach of customer data. Iran's Scarred Manticore deplo...
Comments
Post a Comment
Please leave a comment about our recent post.