Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection (www.darkreading.com)
Cisco Finds New Zero Day Bug, Pledges Patches in Days (www.darkreading.com)
CISA Issues Emergency Directive After Midnight Blizzard Microsoft Hits (www.darkreading.com)
CISA has issued an emergency directive in response to Midnight Blizzard, or Cozy Bear, a Russian threat actor targeting Microsoft email accounts. The group is extracting information to access Microsoft customer systems. Strict security measures, including strong passwords and multi-factor authentication, are strongly recommended...
GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories (www.darkreading.com)
Critical Bugs in Canon Printers Allow Code Execution, DDoS (www.darkreading.com)
No exploitations have been observed in the wild as of yet, according to the company’s European site, but owners should scan for indicators of compromise given that the bugs have been publicly known but unpatched for months....
More Okta Customers Hacked (www.darkreading.com)
Cisco IOS Bugs Allow Unauthenticated, Remote DoS Attacks (www.darkreading.com)
Several Cisco products, including IOS, IOS XE, and AP software, need patching against various high-risk security vulnerabilities.
ChatGPT Spills Secrets in Novel PoC Attack (www.darkreading.com)
Amex Customer Data Exposed in Third-Party Breach (www.darkreading.com)
American Express is alerting customers of a data breach through a third-party service provider affecting credit card details. The breach, external to American Express systems, compromised card numbers, names, and expiration dates. Customers are advised to monitor their accounts for fraud and use the American Express Mobile app...
Ivanti Keeps Security Teams Scrambling With 2 More Vulns (www.darkreading.com)
Since the beginning of this year, the company has disclosed some seven critical bugs so far, almost all of which attackers have quickly exploited in mass attacks.
'Conversation Overflow' Cyberattacks Bypass AI Security to Target Execs (www.darkreading.com)
The company Intellexa is working with ISPs to use Predator spyware (www.darkreading.com)
Linux Ransomware Poses Significant Threat to Critical Infrastructure (www.darkreading.com)
Organizations running Linux distributions need to prepare to defend their systems against ransomware attacks. Steps to ensure resiliency and basics such as access control reduce major disruptions.
Nigeria & Romania Ranked Among Top Cybercrime Havens (www.darkreading.com)
A survey of cybercrime experts assessing the top cybercrime-producing nations results in some expected leaders — Russia, Ukraine, and China — but also some surprises.
LockBit 3.0 Variant Generates Custom, Self-Propagating Malware (www.darkreading.com)
Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously (www.darkreading.com)
Apple Security Bug Opens iPhone, iPad to RCE (www.darkreading.com)
CVE-2024-1580 allows remote attackers to execute arbitrary code on affected devices.
'PhantomBlu' Cyberattackers Backdoor Microsoft Office Users via OLE (www.darkreading.com)
How Not to Become the Target of the Next Microsoft Hack (www.darkreading.com)
Nothing fancy or new on this article, but the basics should prevent tears:...
67K Customers Impacted by Data Breach, According to U-Haul (www.darkreading.com)
67K Customers Impacted by Data Breach, According to U-Haul (www.darkreading.com)
Critical Bugs in Canon Printers Allow Code Execution, DDoS (www.darkreading.com)
cross-posted from: infosec.pub/post/8070199...