The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program. Last month, the Department of Homeland Security announced the availability of $279.9 million in grant funding for the Fiscal Year (FY) 2024 State and Local Cybersecurity Grant Program…
Read More
Oct 31, 2024Ravie LakshmananSpyware / Mobile Security Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up. “While the iOS implant delivery method closely mirrors that of the macOS version, the…
Read More
qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application’s DownloadManager, a component that manages downloads throughout the app. The flaw, introduced in a commit on April 6, 2010, was eventually fixed in the latest release, version 5.0.1, on October 28, 2024, more than 14 years…
Read MoreCISA released four Industrial Control Systems (ICS) advisories on October 31, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol
Read More
Microsoft has fixed a known issue that prevents some apps launched from non-admin accounts from starting on Windows 10 22H2 systems after installing the September preview cumulative update. These launch issues are caused by the affected apps’ child processes running with low Integrity levels instead of medium. “After installing the September 2024 preview update (KB5043131),…
Read More
Oct 31, 2024Ravie LakshmananCryptocurrency / Software Development LottieFiles has revealed that its npm package “lottie-player” was compromised as part of a supply chain attack, prompting it to release an updated version of the library. “On October 30th ~6:20 PM UTC – LottieFiles were notified that our popular open source npm package for the web player…
Read More
The popular LottieFiles Lotti-Player project was compromised in a supply chain attack to inject a crypto drainer into websites using the library that steals visitors’ cryptocurrency. Blockchain threat monitoring platform Scam Sniffer reports that at least one victim allegedly lost $723,000 worth of Bitcoin due to the LottieFiles supply chain compromise. As discovered yesterday, following multiple…
Read More
Cost savings and business benefits were quantified in “The Total Economic Impact™ of Cynet All-in-One Security,” a commissioned study conducted by Forrester Consulting on behalf of Cynet in October 2024. The Total Economic Impact™ Study framework helps organizations understand the financial effects of their strategic technology investments. Based on interviewed customers with experience using Cynet, Forrester found…
Read More
A phishing campaign dubbed ‘Phish n’ Ships’ has been underway since at least 2019, infecting over a thousand legitimate online stores to promote fake product listings for hard-to-find items. Unsuspecting users clicking on those products are redirected to a network of hundreds of fake web stores that steal their personal details and money without shipping…
Read More
“The addition of Altair’s capabilities in simulation, high performance computing, data science, and artificial intelligence together with Siemens Xcelerator will create the world’s most complete AI-powered design and simulation portfolio,” said Roland Busch, President and CEO of Siemens AG. Software star Altair is being acquired by Siemens for a whopping $10.6 billion which Siemens says…
Read More