Aggregator
Ransomware negotiator who betrayed clients sentenced to 70 months in prison
A former ransomware negotiator at incident response firm DigitalMint has been sentenced to 70 months in prison after admitting he shared confidential client information with the BlackCat ransomware group and later helped carry out ransomware attacks. Prosecutors say Angelo Martino, 41, abused his role at DigitalMint beginning in April 2023 by providing BlackCat operators with sensitive information gathered during ransomware negotiations. The information included victims’ negotiating positions, insurance policy limits, and internal assessments, helping the … More →
The post Ransomware negotiator who betrayed clients sentenced to 70 months in prison appeared first on Help Net Security.
CISA Warns of Joomla Sites Running iCagenda or Balbooa Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added two high-risk Joomla extension flaws to its Known Exploited Vulnerabilities (KEV) Catalog. Both vulnerabilities allow unrestricted file uploads, a weakness that attackers can abuse to upload malicious files and potentially take control of vulnerable websites. The affected products are iCagenda and Balbooa Forms, two extensions used […]
The post CISA Warns of Joomla Sites Running iCagenda or Balbooa Exploited in Attacks appeared first on Cyber Security News.
AI-Powered ‘Intelligent Worm’ Could Regenerate Exploits and Adapt to Defenses in Real Time
A new threat model is raising hard questions about how quickly self-spreading malware could change during an attack. The proposed Intelligent Worm is not a confirmed strain found in the wild, but a scenario in which a worm uses an onboard reasoning loop to revise its attack methods after defenses block its original route. Like […]
The post AI-Powered ‘Intelligent Worm’ Could Regenerate Exploits and Adapt to Defenses in Real Time appeared first on Cyber Security News.
Fake OAuth client IDs are helping attackers slip past sign-in logs
Attackers running account enumeration against Microsoft cloud tenants have added a step that keeps their probing out of the usual telemetry. They spoof the OAuth client ID, the globally unique identifier assigned to an application and passed as client_id in an authentication request. Microsoft Entra ID records that value as the application ID in its sign-in logs, and the way it handles unfamiliar identifiers opens a gap that operators have started to work through. Entra … More →
The post Fake OAuth client IDs are helping attackers slip past sign-in logs appeared first on Help Net Security.
Загрузил PNG с котиком, потерял все пароли проекта. GhostCommit – новый способ обмануть ИИ
Progress Software Warns of "External Security Threat" to ShareFile
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2008-4128 Cisco IOS Cross-Site Request Forgery Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied.
While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form. Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.
UK and Allies urge critical sectors to improve defences against Russian intelligence targeting
Meta Files Patent for AI That Can Listen All Day and Track How You're Feeling
Linus Torvalds 谈 AI 和垃圾补丁
Security threat prompts Progress to disable ShareFile accounts, tell customers to shut down servers
A “credible external security threat” targeting Progress Software’s ShareFile Storage Zone Controllers (SZC) – the on-premises, customer-managed server components where organizations store files shared via this popular enterprise platform – has spurred the company to disable access to ShareFile accounts that are using them. The warning was sent to customers via email on July 10, urging them to manually shut down the server that is hosting their Storage Zone Controllers. The initial email alert from … More →
The post Security threat prompts Progress to disable ShareFile accounts, tell customers to shut down servers appeared first on Help Net Security.
iPhone and MacBook Forensics Investigation Exposes £113,000 Property Fraud Operation
A digital forensics investigation from Belkasoft into an iPhone and a damaged MacBook has helped secure the conviction of Jason Cunningham, a rent-to-rent property operator who defrauded landlords and investors of more than £113,000 through forged contracts and false promises. Cunningham ran several companies in the rent-to-rent sector, leasing properties from landlords and subletting them […]
The post iPhone and MacBook Forensics Investigation Exposes £113,000 Property Fraud Operation appeared first on Cyber Security News.