Today, the Federal Bureau of Investigation (FBI)—in partnership with CISA, the National Security Agency (NSA), and other U.S. and international partners—released a joint Cybersecurity Advisory Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. This advisory provides overlapping cybersecurity industry cyber threat intelligence, tactics, techniques, and procedures (TTPs) and Indicators of Compromise (IOCs) associated with…
Read MoreCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…
Read More
Image: MidjourneyUpdate September 09, 08:32 EDT: Revised title and story to include that the Avis data breach impacted over 299,000 customers. American car rental giant Avis notified customers that unknown attackers breached one of its business applications last month and stole some of their personal information. According to data breach notification letters sent to impacted…
Read More
Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals. In the notification sent to impacted clients, the company says that hackers had access to its network for nearly a year, between August 2023 and June 2024. Slim CD is a provider of…
Read More
A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof. In sextortion emails, scammers pretend to have hacked your computer to steal images or videos of you performing sexual acts and demand that you send a…
Read More
From zero-day exploits to polymorphic malware, today’s organizations must protect themselves against increasingly sophisticated cyber threats. But while these types of complex attack vectors may be making the news, the reality is that your organization can’t afford to neglect the persistent threat of brute force attacks. What brute force methods lack in finesse, they make up for in sheer…
Read More3ds — 3dexperience A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user’s browser session. 2024-09-02 5.4 CVE-2024-7932 3DS.Information-Security@3ds.com 3ds — 3dexperience A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows…
Read More
Sep 09, 2024Ravie LakshmananCyber Espionage / Malware The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia. “This threat actor used Visual Studio Code’s embedded reverse shell feature to gain a foothold in target networks,”…
Read More
Sep 09, 2024Ravie LakshmananFinancial Security / Malware The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) known as Quasar RAT since June 2024. “Attacks have originated with phishing emails impersonating the Colombian…
Read More
Sep 09, 2024The Hacker NewsData Protection / Threat Detection The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However, this approach not only fails to address the fundamental…
Read More