Aggregator

FSB Hackers Stripped of 107 Domains Used to Steal Credentials
The U.S. Department of Justice and Microsoft seized more than 100 websites allegedly used by a Russian intelligence cyberespionage operation with a fondness for spear phishing. Targets include the national security apparatus and journalists, think tanks, and non-governmental organizations.

CorrectCare to Settle Lawsuit After 'Inadvertently' Exposing PHI on Web for Months
A misconfigured web server and the exposure of sensitive information for nearly 600,000 prison inmates in 2022 will cost medical claims processing company CorrectCare $6.49 million to settle a consolidated proposed class action lawsuit, according to court records.

Also: Prison Sentences for BEC Scammers and a West African Cybercrime Crackdown
This week, AI nudify sites spread malware, BEC scammers head to prison, London man charged with hacking, and a Spanish insurance company with a breach. Also, a North Korean hacking group and a West African crackdown on online scammers. And, a Schrödinger Windows vulnerability: Is it real?

US Cyber Defense Agency Plans to Review Updated Implementation Plans in November
A top official from the U.S. Cybersecurity and Infrastructure Security Agency said Thursday the agency is planning to review updated federal implementation plans and ensure agencies are aligning with zero trust security objectives and addressing any funding gaps or technical challenges.

© 2024 Packet Storm. All rights reserved.

==========================================================================Ubuntu Security Notice U

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- --------------------------------------------------

Several of the flaws enable remote code execution and denial-of-service attacks, while others enable data theft, session hijacking, and other malicious activity.

### This module requires Metasploit: https://metasploit.com/download# Current source: https://gith

# Exploit Title: dizqueTV 1.5.3 - Remote Code Execution (RCE)# Date: 9/21/2024# Exploit Author: Ah

==========================================================================Ubuntu Security Notice U

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- --------------------------------------------------

Organizations that get relieved of credentials to their cloud environments can quickly

The Dutch government blames a “state actor” for hacking a police system, exposing the contact details of all police officers, according to the justice minister. The Dutch police blame a state actor for the recent data breach that exposed officers’ contact details, the justice minister told lawmakers. The incident took place on September 26, 2024, […]

Two things are true of data online: It will be collected and, just as easily, it will be lost.

Ivanti reports that the bug is being actively exploited in the wild for select customers.

International law enforcement agencies have scored another victory against the LockBit gang, with a

Like something out of Black Mirror, two students have demonstrated a way to use smart glasses a

A vulnerability classified as problematic was found in Memberful Plugin up to 1.73.7 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-9242. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in ShiftController Employee Shift Scheduling Plugin up to 4.9.66 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-9435. It is possible to launch the attack remotely. There is no exploit available.