The Buffer Curse (infosecwriteups.com)
A tale of unusual exploitation in Web Application
BlackCat, Clop claim ransomware attack on cosmetics maker Estee Lauder (therecord.media)
U.S. cosmetics manufacturer Estee Lauder has suffered a cyberattack, the company confirmed on Tuesday.
Facebook Flooded with Ads and Pages for Fake ChatGPT, Google Bard and other AI services, Tricking Users into downloading Malware (blog.checkpoint.com)
Highlights...
Major Security Flaws in Popular QuickBlox Chat and Video Framework Expose Sensitive Data of Millions - Check Point Research (research.checkpoint.com)
Executive Summary Introduction Real-time chat and video services available within telemedicine, finance, and smart IoT device applications used by millions of people, rely on the popular QuickBlox framework. QuickBlox supplies mobile and web application developers with a SDK and APIs to deliver not only user management,...
Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability (thehackernews.com)
Adobe releases fresh updates to address an incomplete fix for a critical ColdFusion flaw (CVE-2023-38205).
Google restricting internet access to some employees to reduce cyberattack risk (www.cnbc.com)
Some workers who need the internet to do their job will get exceptions, the company stated in materials.
The US government wants to label secure IoT devices with a 'Cyber Trust Mark' | Engadget (www.engadget.com)
It could label qualifying items like smart fridges..
Russian hacking group Armageddon increasingly targets Ukrainian state services (therecord.media)
The Moscow-linked hacking group Armageddon remains one of the most active and dangerous threat actors targeting Ukraine during its war with Russia, according to recent research.
Chatbot Honeypot: How AI Companions Could Weaken National Security - … (archive.is)
AI chatbots blur the line between intimacy and secrecy, posing risks for users with national security interests and access to sensitive information
Iran is on a hacking spree. The reason why may be ominous. | Semafor (www.semafor.com)
Experts say it could be related to revenge assassinations Tehran is plotting against former U.S. officials.
WormGPT, a generative AI tool to launch sophisticated BEC attacks (securityaffairs.com)
The WormGPT case: How Generative AI can improve the capabilities of cybercriminals and allows them to launch sophisticated attacks.
CERT-UA Uncovers Gamaredon's Rapid Data Exfiltration Tactics Following Initial Compromise (thehackernews.com)
New report reveals the alarming activities of Gamaredon, a notorious Russian hacking crew. They exploit email and messaging platforms to compromise.
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)
A malicious actor expands their target beyond AWS. Azure and Google Cloud Platform (GCP) services are now at risk.
To Threads or Not to Threads? That is the privacy question (www.kaspersky.com)
Discussing privacy in Threads, and whether you should sign up to Zuckerberg’s Twitter clone.
Killnet as a private military hacking company? For now, it's probably just a dream (therecord.media)
The cybercrime group known as Killnet is skilled at grabbing attention, even if some of its claims are hard to prove. Its leader now has a vision for organizing the pro-Russia hacker underground.
Ransomware gangs have extorted $449 million this year: Chainalysis (therecord.media)
Ransomware gangs have operated at a near-record profit in the first six months of the year, extorting more than $449 million from victims, according to blockchain research firm Chainalysis.
Android Security Bulletin—July 2023 | Android Open Source Project (source.android.com)
Patch Tuesday July 2023 – Microsoft Publishes Bug Fixes for 142 Vulnerabilities (heimdalsecurity.com)
Heimdal® returns with the July edition of our Patch Tuesday series. Stay tuned for more awesome content on patches and fixes.
NATO’s Christian-Marc Lifländer on how the alliance can take a ‘proactive’ cyber stance (therecord.media)
An interview with Christian-Marc Lifländer, the head of NATO's cyber and hybrid policy section, about NATO’s changing approach to cyber, and what will happen if attacks targeting Western states continue to increase.
The Seven Phases of a Ransomware Attack: A Step-by-Step Breakdown of the Attack Lifecycle (flashpoint.io)
We break down each stage of a ransomware attack and how to leverage intelligence to minimize risk for your organization and its assets.
Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari (thehackernews.com)
Apple just released critical updates to combat an actively exploited zero-day flaw. Update to iOS 16.5.1 (a), iPadOS 16.5.1 (a), macOS Ventura 13.
New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security (thehackernews.com)
Mozilla has introduced a new feature called Quarantined Domains, which blocks certain add-ons on specific sites due to security risks.
New Ransomware Strain Discovered: Big Head (heimdalsecurity.com)
A new ransomware strain emerged: Big Head uses fake Windows updates and Microsoft Word installers to spread.
A New Banking Trojan on the Rise: TOITOIN Banking Trojan (heimdalsecurity.com)
TOITOIN is a new banking trojan active since 2023, and it targets businesses from Latin America, employing a multi-stage infection chain.
The five-day job: A BlackByte ransomware intrusion case study (www.microsoft.com)
As ransomware attacks continue to grow in number and sophistication, threat actors can quickly impact business operations if organizations are not well prepared. In a recent investigation by Microsoft Incident Response (previously known as Microsoft Detection and Response Team – DART) of an intrusion, we found that the threat...
