Report: Investment Scams Grow, 13,000 Domains Detected in January 2024

/in

Data from the Federal Trade Commission (FTC) revealed that investment scams resulted in over $4.6 billion in fraud losses in the United States in 2023, marking a troubling 21% rise from the previous year.

Cyware News – Latest Cyber News – ​Read More

Shadow AI – Should I be Worried?

/in

Overzealous policies and blanket bans on AI tools risk forcing users underground to use unknown tools with unknown consequences.

The post Shadow AI – Should I be Worried? appeared first on SecurityWeek.

SecurityWeek – ​Read More

Government Launches Probe Into Change Healthcare Data Breach

/in

The HHS is investigating whether protected health information was compromised in the Change Healthcare data breach.

The post Government Launches Probe Into Change Healthcare Data Breach appeared first on SecurityWeek.

SecurityWeek – ​Read More

Fortinet Warns of Critical RCE Bug in Endpoint Management Software

/in

Fortinet patched a critical SQL injection vulnerability (CVE-2023-48788) in its FortiClient EMS software, allowing unauthenticated attackers to achieve remote code execution with SYSTEM privileges.

Cyware News – Latest Cyber News – ​Read More

Keep Your Network Secure With This $39.99 CompTIA Bundle

/in

This Complete 2024 CompTIA Certification Bundle is both a way for tech entrepreneurs to secure their own systems and a gateway to a career in cybersecurity.

Security | TechRepublic – ​Read More

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

/in

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems.
“An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted

The Hacker News – ​Read More

150K+ UAE Network Devices & Apps Found Exposed Online

/in

Misconfigurations, insecure services leave United Arab Emirates organizations and critical infrastructure vulnerable to bevy of cyber threats.

darkreading – ​Read More

DarkGate Malware Exploits Recently Patched Microsoft Flaw in Zero-Day Attack

/in

A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers.
“During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass

The Hacker News – ​Read More

Magnet Goblin Exploits 1-Day Bugs, Deploys Nerbian RAT

/in
The threat actor group Magnet Goblin is rapidly exploiting newly disclosed vulnerabilities to target public-facing servers and edge devices, warned Check Point. This particular instance was an Ivanti Connect Secure exploitation campaign that resulted in the deployment of a Linux version of a malware called NerbianRAT and a JavaScript credential stealer named WARPWIRE. Exploiting 1-day vulnerabilities, this group’s attacks on public-facing servers underscore the critical importance of timely patching and continuous monitoring to protect against sophisticated cyber threats.

Cyware News – Latest Cyber News – ​Read More

ChatGPT Spills Secrets in Novel PoC Attack

/in

Research is latest in a growing body of work to highlight troubling weaknesses in widely used generative AI tools.

darkreading – ​Read More