Security Affairs

 "RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 12 September 2024, 0046 UTC.

Content and Source:  https://securityaffairs.com

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

67K followers26 articles per week#security#tech
16

MOST POPULAR

RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR
10 TTPs
38by Pierluigi Paganini / 11h
RansomHub uses TDSSKiller to disable EDR
Researchers observed the RansomHub ransomware group using the TDSSKiller tool to disable endpoint detection and response (EDR) systems. The RansomHub ransomware gang is using the TDSSKiller tool to disable endpoint detection and response (EDR) systems, Malwarebytes ThreatDown Managed Detection and Response (MDR) team observed. TDSSKiller a legitimate tool developed by the cybersecurity firm Kaspe
Highline Public Schools school district suspended its activities following a cyberattack
Highline schools closed due to breach
by Pierluigi Paganini / 10h
Highline Public Schools, a school district in Washington state, remains closed following a cyberattack that occurred two days ago. Two days ago Highline Public Schools (HPS), a school district in Washington state, suffered a cyber attack that caused a significant disruption of its activities. Highline Public Schools (HPS) is a public school district in King County, headquartered in Burien, Washin
Experts demonstrated how to bypass WhatsApp View Once feature
WhatsApp View Once feature compromised
by Pierluigi Paganini / 2d
Users are exploiting a privacy flaw in WhatsApp to bypass the app’s “View once” feature, allowing them to re-view messages. The ‘View Once ‘ feature in WhatsApp allows users to send photos, videos, and voice messages that can only be viewed once by the recipient. Recipients cannot forward, share, or copy the “View Once” media, and they cannot take screenshots or screen recordings of it. However,

YESTERDAY

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)
3 TTPs
by Pierluigi Paganini / 15h
that can let attackers achieve remote code execution on the core server Ivanti Endpoint Management (EPM) software is a comprehensive solution designed to help organizations manage and secure their endpoint devices across various platforms, including Windows, macOS, Chrome OS, and IoT systems. The software firm released security updates to address a maximum security vulnerability, tracked as CVE-
Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days
7 TTPs
by Pierluigi Paganini / 17h
PatchTuesday
Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited zero-day flaws. Microsoft Patch Tuesday security updates for September 2024 addressed 79 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; SQL Server; Windows Hyper-V; Mark of the Web (MOTW); and the Remote Desktop Licen
Quad7 botnet evolves to more stealthy tactics to evade detection
6 TTPs
by Pierluigi Paganini / 1d
Quad7 botnet evolves targeting methods
The Quad7 botnet evolves and targets new SOHO devices, including Axentra media servers, Ruckus wireless routers and Zyxel VPN appliances. The Sekoia TDR team identified additional implants associated with the Quad7 botnet operation. The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously
Poland thwarted cyberattacks that were carried out by Russia and Belarus
Poland thwarts Russian Belarus cyber sabotage
by Pierluigi Paganini / 1d
Poland ‘s security officials announced that they successfully thwarted cyberattacks that were carried out by Russia and Belarus. Poland security services announced they have thwarted a cyber operation orchestrated by Russia and Belarus, aimed at destabilizing the country, according to Deputy Prime Minister and Minister for digital affairs Krzysztof Gawkowski. “The Belarusian and Russian foreign s

SEP 9, 2024

U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog
3 TTPs
by Pierluigi Paganini / 1d
CVE-2024-40766
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions for these vulne
Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals
Slim CD data breach exposes 1.7M
by Pierluigi Paganini / 1d
Payment gateway provider Slim CD disclosed a data breach, credit card and personal data of almost 1.7 million individuals were compromised. The electronic payment gateway Slim CD disclosed a data breach following a cyberattack. Personal data and credit card details of 1,693,000 individuals were compromised. Slim CD’s gateway system allows merchants to accept any kind of electronic payment with a
Predator spyware operation is back with a new infrastructure
Defense Evasion (Enterprise TA0005)
by Pierluigi Paganini / 2d
Predator spyware activity resurfaces again
Researchers warn of a fresh cluster of activity associated with the Predator spyware using a new infrastructure, following the U.S. sanctions against the Intellexa Consortium. Recorded Future researchers warn that the Predator spyware has resurfaced with fresh infrastructure after a decline caused by US sanctions against Intellexa Consortium . In March 2024, the Department of the Treasury’s Offic
TIDRONE APT targets drone manufacturers in Taiwan
17 TTPs
by Pierluigi Paganini / 2d
TIDRONE targets Taiwan military industries
A previously undocumented threat actor tracked TIDRONE targets organizations in military and satellite industries in Taiwan. Trend Micro spotted an allegedly China-linked threat actor, tracked TIDRONE, targeting drone manufacturers in Taiwan. The group, which was previously undocumented, uses enterprise resource planning (ERP) software and remote desktops to deploy advanced malware, including CXC

SEP 8, 2024

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401
6 TTPs
by Pierluigi Paganini / 2d
CVE-2024-36401
Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. Researchers at Fortinet FortiGuard Labs reported that threat actors exploited the recently disclosed OSGeo GeoServer GeoTools flaw ( CVE-2024-36401 ) to deliver various malware families, including cryptocurrency miners, bots, and the SideWalk backdoor. GeoServe
Progress Software fixed a maximum severity flaw in LoadMaster
2 TTPs
by Pierluigi Paganini / 2d
Progress Software released an emergency to address a maximum severity vulnerability in its LoadMaster products. Progress Software released an emergency fix for a critical vulnerability, tracked as CVE-2024-7591 , that affects its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products. The vulnerability is an improper input validation issue, that could allow an unauthenticated, remote att
Feds indicted two alleged administrators of WWH Club dark web marketplace
IoC > 1 domain
by Pierluigi Paganini / 3d
FBI indicts dark web marketplace operators
Russian And Kazakhstani men indicted for operating the Dark Web cybercriminals marketplace WWH Club and other crime forums and markets. Alex Khodyrev (35) from Kazakhstan) and Pavel Kublitskii (37) from Russia have been indicted in Tampa, Florida, for conspiracy to commit access device fraud and wire fraud. Between 2014 and 2024, the duo operated the dark web marketplace WWH Club (wwh-club[.]ws)
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 10
CVE-2024-36401
by Pierluigi Paganini / 3d
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. BlackSuit Ransomware Dissecting the Cicada Year-Long Campaign of Malicious npm Packages Targeting Roblox Users Rocinante: The trojan horse that wanted to fly Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads Earth Lusca Uses KTLVd
Security Affairs newsletter Round 488 by Pierluigi Paganini – INTERNATIONAL EDITION
by Pierluigi Paganini / 3d
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog A flaw in WordPress LiteSpeed Cache Plugin

END OF FEED

Comments

Post a Comment

Please leave a comment about our recent post.

Popular posts from this blog

Cyber War News Today.

Image
"International Defence Cooperation:  A key to regional stability." Views expressed in this cybersecurity, cyber espionage, and cyber crime update are those of the reporters and correspondents.  Accessed on 15 December 2024, 0134 UTC. Content and Source:   https://cyberwar.einnews.com/news/cyber-war-news?n=2&code=FA9GNesSTpp2rjO1&utm_source=NewsletterNews&utm_medium=email&utm_campaign=Cyber+War+News&utm_content=navig Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Cyber War News Monitoring Get by    Email    •     RSS Published on  Dec 13, 2024 The Cyber Warfare Market Size Reach USD 127.1 Billion by 2032 Exhibiting CAGR at 13.3% WILMINGTON, DE, UNITED STATES, December 13, 2024 /⁨EINPresswire.com⁩/ -- According to the report, The Cyber Warfare Market Size Reach USD 127.1 Billion by 2032 Exhibiting CAGR at 1...
Read more

BleepingComputer.com

Image
"Progress LoadMaster vulnerable to 10/10 severity RCE flaw." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 08 September 2024, 1458 UTC. Content and Source:   https://www.bleepingcomputer.com/ Please check link or scroll down to read your selections. Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Latest Articles   Security Progress LoadMaster vulnerable to 10/10 severity RCE flaw Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device. Bill Toulas   September 08, 2024   10:11 AM     0   Deals Get started learning about cybersecurity with this course bundle deal Take a real step towards a job in information security with this intro to cybersecurity. Get the 2...
Read more

The Cyberwire Daily Briefing

Image
"Fortinet confirms breach of customer data." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 15 September 2024, 1339 UTC. Content and Source:   https://thecyberwire.com/newsletters/daily-briefing/13/176 Please check link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). V13 | Issue 176 | 9.13.24 Daily Briefing for 09.13.24 Announcement Cloud Security in the Age of Generative AI. Artificial Intelligence is revolutionizing business, but it also introduces new risks. Join us on Wednesday, September 18th at 2pm EDT for a compelling live webinar on "Good vs. Evil: Cloud Security in the Age of Generative AI" with N2K CyberWire’s Dave Bittner and Sysdig’s Loris Degioanni.  Learn more and register now . Summary By the CyberWire staff At a glance. Fortinet confirms breach of customer data. Iran's Scarred Manticore deplo...
Read more