Latest News Articles
--- TLP:WHITE ---
News
− Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance
Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through a SQL Server instance. "The attackers initially exploited a SQL injection vulnerability in an application within the target's environment," security researchers Sunders Bruskin, Hagai Ran Kestenberg, and Fady Nasereldeen said in a Tuesday report.
https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/− Blackbaud agrees to $49.5 million settlement for ransomware data breach
Cloud computing provider Blackbaud reached a $49.5 million agreement with attorneys general from 49 U.S. states to settle a multi-state investigation of a May 2020 ransomware attack and the resulting data breach.
https://www.bleepingcomputer.com/news/security/blackbaud-agrees-to-495-million-settlement-for-ransomware-data-breach/− Ukraine cyber-conflict: Hacking gangs vow to de-escalate
Two major hacktivist groups involved in the Ukraine conflict, Killnet and the IT Army of Ukraine, have pledged to comply with the International Committee of the Red Cross (ICRC) rules for civilian hackers. These rules, dubbed a “Geneva Code of cyber-war,” are designed to reduce cyberattacks that impact civilians.
https://www.bbc.com/news/technology-67029296− Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks
Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.
https://www.securityweek.com/hackers-join-in-on-israel-hamas-war-with-disruptive-cyberattacks/− Researchers warn of 100,000 industrial control systems exposed online
About 100,000 industrial control systems (ICS) were found on the public web, exposed to attackers probing them for vulnerabilities and at risk of unauthorized access. Among them are power grids, traffic light systems, security and water systems.
https://www.bitsight.com/blog/bitsight-identifies-nearly-100000-exposed-industrial-control-systems− CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation, while removing five bugs from the list due to lack of adequate evidence.
https://thehackernews.com/2023/10/cisa-warns-of-active-exploitation-of.html− Patches Prepared for ‘Probably Worst’ cURL Vulnerability
High-severity vulnerability in the data transfer project cURL will be addressed with libcurl and curl updates this week.
https://www.securityweek.com/patches-prepared-for-probably-worst-curl-vulnerability/Vulnerabilities
− New critical Citrix NetScaler flaw exposes 'sensitive' data
Citrix NetScaler ADC and NetScaler Gateway are impacted by a critical severity flaw that allows the disclosure of sensitive information from vulnerable appliances.
https://www.bleepingcomputer.com/news/security/new-critical-citrix-netscaler-flaw-exposes-sensitive-data/− Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability
Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023.
https://thehackernews.com/2023/10/microsoft-warns-of-nation-state-hackers.htmlCommunity News
− Why the Technical Community's Voice Matters
Find out why it's an extremely important time for the technical community to contribute to Internet governance, and how you can make your voice heard.
https://labs.ripe.net/author/suzanne_taylor_muzzin/why-the-technical-communitys-voice-matters/--- TLP:WHITE ---