- CVE-2024-9379: Ivanti Cloud Service Appliance Authenticated SQL Injection
November 1, 2024
The SonicWall Capture Labs threat research team became aware of an authenticated SQL injection vulnerability affecting Ivanti Cloud Service Appliances (CSA). Identified as CVE-2024-9379 and with a moderate score of 6.5 CVSSv3, the vulnerability is more severe than it initially appears due to reported exploitation attempts. Recently, in its October security update, Ivanti announced, “We are ...
- UK: Council website back online after cyber attack
November 1, 2024
Burnley Council website is back online after being disrupted by a cyber attack yesterday afternoon. Services across numerous councils in the North West, including Tameside Council and Salford City Council were targeted with a Distributed Denial of Service attack (DDoS). IT teams have now successfully restored the website, and no data has been compromised. Read more… Source: MSN ...
- Milipol Qatar 2024 Successfully Concludes with Historic Milestones
October 31, 2024
More than 14,500 visitors and 360 official delegates attend 15th Milipol Qatar edition QAR 842 million worth of deals signed on event sidelines Milipol Qatar 2026 scheduled for 20-22 October 2026 Doha, Qatar – October 31, 2024: Milipol Qatar 2024, the 15th edition of the Global Event for Homeland Security and Safety, successfully concluded yesterday after a three-day run ...
- Phish ’n’ Ships Fakes Online Shops to Steal Money and Credit Card Information
October 31, 2024
HUMAN’s Satori Threat Intelligence and Research team recently uncovered and disrupted a sprawling fraud operation centered on fake web shops that abuse digital payment providers to steal consumers’ money and credit card information. The threat, dubbed Phish ’n’ Ships, is made up of hundreds of fake web shops offering in-demand items. The threat actors, whose internal ...
- Loose-lipped neural networks and lazy scammers
October 31, 2024
One topic being actively researched in connection with the breakout of LLMs is capability uplift – when employees with limited experience or resources in some area become able to perform at a much higher level thanks to LLM technology. This is especially important in information security, where cyberattacks are becoming increasingly cost-effective and larger-scale, causing ...
- Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
October 31, 2024
Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is publishing ...
- Android malware FakeCall intercepts your calls to the bank
October 31, 2024
An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device. The default call handler app is responsible for managing ...
- Peru: Cybercriminals demand 4 million dollars for Interbank customer data
October 31, 2024
Organized crime in Peru has taken a worrying turn, extending its activities from attacks on public transport companies and kidnapping businessmen to cybercrime. These criminals use advanced technology to extort money from large companies, including the recent attack on Interbank bank. Reportedly criminals have breached Interbank’s security systems, stealing the database of millions of customers and ...
- Bedfordshire is the UK’s cyber crime capital
October 30, 2024
The rate in Bedfordshire was nearly four times higher than neighbouring Hertfordshire, which saw 1,300 incidents among its 1.2 million population, reveals analysis of National Fraud Intelligence Bureau (NFIB) data by IT experts Computer Care. Lincolnshire was the police area least affected by cyber crime, with only 438 reports among the one million population – equal ...
- Patch now! New Chrome update for two critical vulnerabilities
October 30, 2024
Google has released an update for its Chrome browser which includes patches for two critical vulnerabilities. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never ...
- New Tradecraft of Iranian Cyber Group Aria Sepehr Ayandehsazan aka Emennet Pasargad
October 30, 2024
The Federal Bureau of Investigation (FBI), U.S. Department of Treasury, and Israel National Cyber Directorate are releasing this Cybersecurity Advisory (CSA) to warn network defenders of new cyber tradecraft of the Iranian cyber group Emennet Pasargad, which has been operating under the company name Aria Sepehr Ayandehsazan (ASA) and is known by the private sector ...