Saturday, September 21, 2024

Iranian Hackers Tried to Give Hacked Trump Campaign Emails to Dems

Plus: The FBI dismantles the largest-ever China-backed botnet, the DOJ charges two men with a $243 million crypto theft, Apple’s MacOS Sequoia breaks cybersecurity tools, and more. This article has been indexed from Security Latest Read the original article: Iranian…

Read more →


https://www.itsecuritynews.info/iranian-hackers-tried-to-give-hacked-trump-campaign-emails-to-dems/?utm_source=dlvr.it&utm_medium=blogger

Threat Actor IntelBroker Allegedly Claims Leak of Deloitte Internal Communications

The notorious threat actor, IntelBroker, allegedly claimed responsibility for leaking internal communications from Deloitte, a leading global auditing firm. The breach reportedly occurred in September 2024, when an Apache Solr server was inadvertently exposed to the internet with default login credentials, allowing unauthorized access. Deloitte, known for its extensive work in auditing and consulting, found […]


The post Threat Actor IntelBroker Allegedly Claims Leak of Deloitte Internal Communications appeared first on Cyber Security News.


https://cybersecuritynews.com/intelbroker-deloitte-data/?utm_source=dlvr.it&utm_medium=blogger

Friday, September 20, 2024

Disney to Stop Using Slack Following Hack that Exposed Company Data

In a major move, the Walt Disney Company announced that it would no longer use Slack for in-house company communication. This decision comes months after a hack that leaked over a terabyte of company data to the public. According to a memo obtained by CNBC, Disney Chief Financial Officer Hugh Johnston informed employees and cast […]


The post Disney to Stop Using Slack Following Hack that Exposed Company Data appeared first on Cyber Security News.


https://cybersecuritynews.com/disney-to-stop-using-slack/?utm_source=dlvr.it&utm_medium=blogger

Star Health Data Leak: 31 Million Customers’ Data Exposed via Telegram

India’s largest health insurance provider, Star Health, and Allied Insurance, recently experienced a significant data breach, resulting in the exposure of sensitive personal information belonging to more than 31 million customers. This breach has been facilitated through chatbots on the popular messaging app Telegram, raising serious concerns about data security and the misuse of technology […]


The post Star Health Data Leak: 31 Million Customers’ Data Exposed via Telegram appeared first on Cyber Security News.


https://cybersecuritynews.com/star-health-data-leak/?utm_source=dlvr.it&utm_medium=blogger

CISA Releases Six New Advisories For Industrial Control Systems

The Cybersecurity and Infrastructure Security Agency (CISA) has issued six new advisories concerning industrial control systems (ICS) on September 19, 2024. These advisories highlight critical vulnerabilities in various ICS products, offering crucial information for users to safeguard their systems against potential threats. Rockwell Automation RSLogix 5 And RSLogix 500 CISA’s advisory on Rockwell Automation’s RSLogix […]


The post CISA Releases Six New Advisories For Industrial Control Systems appeared first on Cyber Security News.


https://cybersecuritynews.com/cisa-industrial-control-systems-advisories/?utm_source=dlvr.it&utm_medium=blogger

Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East

An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to target networks.
Google-owned Mandiant is tracking the activity cluster under the moniker UNC1860, which it said shares similarities with intrusion sets tracked by Microsoft, Cisco Talos, and


https://thehackernews.com/2024/09/iranian-apt-unc1860-linked-to-mois.html?utm_source=dlvr.it&utm_medium=blogger

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild.
The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the company as part of CSA 4.6 Patch 519 and CSA 5.0.
"Path Traversal in the Ivanti CSA before 4.6 Patch


https://thehackernews.com/2024/09/critical-ivanti-cloud-appliance.html?utm_source=dlvr.it&utm_medium=blogger

Thursday, September 19, 2024

CISA boss: Makers of insecure software are the real cyber villains

Write better code, urges Jen Easterly. And while you’re at it, give crime gangs horrible names like ‘Evil Ferret’ Software developers who ship buggy, insecure code are the real villains in the cyber crime story, Jen Easterly, boss of the…

Read more →


https://www.itsecuritynews.info/cisa-boss-makers-of-insecure-software-are-the-real-cyber-villains/?utm_source=dlvr.it&utm_medium=blogger

Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw

Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability that is being exploited in attacks in the wild against a limited number of customers. Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability, tracked as CVE-2024-8963 (CVSS score…

Read more →


https://www.itsecuritynews.info/ivanti-warns-of-a-new-actively-exploited-cloud-services-appliance-csa-flaw/?utm_source=dlvr.it&utm_medium=blogger

New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit

The cryptojacking operation known as TeamTNT has likely resurfaced as part of a new campaign targeting Virtual Private Server (VPS) infrastructures based on the CentOS operating system.
"The initial access was accomplished via a Secure Shell (SSH) brute force attack on the victim's assets, during which the threat actor uploaded a malicious script," Group-IB researchers Vito Alfano and Nam Le


https://thehackernews.com/2024/09/new-teamtnt-cryptojacking-campaign.html?utm_source=dlvr.it&utm_medium=blogger