A week in security (July 17 – 23)
Last week on Malwarebytes Labs: CISA: You’ve got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519 Estée Lauder targeted by Cl0p and BlackCat ransomware groups Google fixes “Bad.Build” Cloud Build flaw, researchers say it’s not enough Accidental VirusTotal upload is a valuable reminder to double check what you share Amazon in-van delivery driver footage makes […]
From Power Grids to Airports: TETRA Radio Hacking Risks Global Infrastructure
By Waqas These vulnerabilities have been dubbed TETRA:BURST by researchers. This is a post from HackRead.com Read the original post: From Power Grids to Airports: TETRA Radio Hacking Risks Global Infrastructure
Cl0p Ransomware Gang Leaks MOVEit Data on Clearweb Sites
By Deeba Ahmed The Cl0p Ransomware Gang has begun its clearweb journey by leaking data stolen from PWC.com. This is a post from HackRead.com Read the original post: Cl0p Ransomware Gang Leaks MOVEit Data on Clearweb Sites
Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks
Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and
Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol
Google has announced that it intends to add support for Message Layer Security (MLS) to its Messages service for Android and open source implementation of the specification. “Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform,” Giles Hogben, privacy […]
New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection
Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. “This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent,” Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.
Artificial Intelligence Governance Professional Certification – AIGP
For anyone who follows industry trends and related news I am certain you have been absolutely inundated by the torrent of articles and headlines about ChatGPT, Google’s Bard, and AI in general. Let me apologize up front for adding yet another article to the pile. I promise this one is worth a read, especially for […]
Banking Sector Targeted in Open-Source Software Supply Chain Attacks
Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. “These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it,” Checkmarx said in a report published last week. “The attackers
VirusTotal issues apology for recent sensitive data leak
By Habiba Rashid The incident, first reported by The STANDARD, an Austrian news outlet. This is a post from HackRead.com Read the original post: VirusTotal issues apology for recent sensitive data leak
10 Essential Cybersecurity Tips for Small Businesses
By Owais Sultan This article presents ten essential cybersecurity tips tailored specifically for small businesses. So let’s get to it! In… This is a post from HackRead.com Read the original post: 10 Essential Cybersecurity Tips for Small Businesses