attackers – Page 26 – Experimental News Clipping Site

The Register: Fully patched Cleo products under renewed ‘zero-day-ish’ mass attack

Dec 10, 2024

—

by

Source URL: https://www.theregister.com/2024/12/10/cleo_vulnerability/ Source: The Register Title: Fully patched Cleo products under renewed ‘zero-day-ish’ mass attack Feedly Summary: Thousands of servers targeted while customers wait for patches Researchers at security shop Huntress are seeing mass exploitation of a vulnerability affecting three Cleo file management products, even on patched systems.… AI Summary and Description: Yes Summary:…

The Register: Heart surgery device maker’s security bypassed, data encrypted and stolen

Dec 10, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/12/10/artivion_security_incident/ Source: The Register Title: Heart surgery device maker’s security bypassed, data encrypted and stolen Feedly Summary: Sounds like th-aorta get this sorted quickly A manufacturer of devices used in heart surgeries says it’s dealing with “a cybersecurity incident" that bears all the hallmarks of a ransomware attack.… AI Summary and Description: Yes…

The Register: Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket

Dec 9, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/12/09/aws_credentials_stolen/ Source: The Register Title: Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket Feedly Summary: ShinyHunters-linked heist thought to have been ongoing since March Exclusive A massive online heist targeting AWS customers during which digital crooks abused misconfigurations in public websites and stole source code, thousands of…

The Register: OpenWrt orders router firmware updates after supply chain attack scare

Dec 9, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/12/09/openwrt_firmware_vulnerabilities/ Source: The Register Title: OpenWrt orders router firmware updates after supply chain attack scare Feedly Summary: A couple of bugs lead to a potentially bad time OpenWrt users should upgrade their images to the same version to protect themselves from a possible supply chain attack reported to the open source Wi-Fi router…

The Register: Microsoft dangles $10K for hackers to hijack LLM email service

Dec 9, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/12/09/microsoft_llm_prompt_injection_challenge/ Source: The Register Title: Microsoft dangles $10K for hackers to hijack LLM email service Feedly Summary: Outsmart an AI, win a little Christmas cash Microsoft and friends have challenged AI hackers to break a simulated LLM-integrated email client with a prompt injection attack – and the winning teams will share a $10,000…

The Register: Salt Typhoon forces FCC’s hand on making telcos secure their networks

Dec 6, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/12/06/salt_typhoon_fcc_proposal/ Source: The Register Title: Salt Typhoon forces FCC’s hand on making telcos secure their networks Feedly Summary: Proposal pushes stricter infosec safeguards after Chinese state baddies expose vulns The head of America’s Federal Communications Commission (FCC) wants to force telecoms operators to tighten network security in the wake of the Salt Typhoon…

The Register: PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

Dec 6, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/12/06/mitel_micollab_0day/ Source: The Register Title: PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files Feedly Summary: Still unpatched 100+ days later, watchTowr says A zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a now-patched critical bug in the same platform to give attackers access to sensitive…

The Register: Solana blockchain’s popular web3.js npm package backdoored to steal keys, funds

Dec 5, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/12/05/solana_javascript_sdk_compromised/ Source: The Register Title: Solana blockchain’s popular web3.js npm package backdoored to steal keys, funds Feedly Summary: Damage likely limited to those running bots with private key access Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry, according to an advisory issued Wednesday by project…

Slashdot: Backdoor in Compromised Solana Code Library Drains $184,000 from Digital Wallets

Dec 5, 2024

—

by

system automation

in Uncategorized

Source URL: https://news.slashdot.org/story/24/12/05/1848223/backdoor-in-compromised-solana-code-library-drains-184000-from-digital-wallets?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Backdoor in Compromised Solana Code Library Drains $184,000 from Digital Wallets Feedly Summary: AI Summary and Description: Yes Summary: The Solana JavaScript SDK experienced a supply chain attack where malicious code was injected to steal cryptocurrency private keys. This incident highlights the vulnerabilities associated with software supply chains in…

Cloud Blog: Bridging the Gap: Elevating Red Team Assessments with Application Security Testing

Dec 5, 2024

—

by

system automation

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/red-team-application-security-testing/ Source: Cloud Blog Title: Bridging the Gap: Elevating Red Team Assessments with Application Security Testing Feedly Summary: Written by: Ilyass El Hadi, Louis Dion-Marcil, Charles Prevost Executive Summary Whether through a comprehensive Red Team engagement or a targeted external assessment, incorporating application security (AppSec) expertise enables organizations to better simulate the tactics and…

Tag: attackers