CISA Issues New Directive for Patching Known Exploited Vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new directive that will now require federal agencies to patch known exploited vulnerabilities within specific time frames. CISA has published a catalog listing approximately 290 vulnerabilities going back to 2017 that threat actors are currently actively exploiting in attacks against federal entities and other organizations. The catalog sets hard deadlines within which federal agencies are required to patch them. READ MORE...
UK Labour Party discloses data breach after ransomware attack
The U.K. Labour Party notified members that some of their information was impacted in a data breach after a ransomware attack hit a supplier managing the party's data. The data breach was announced in a data breach notification published on the party's website after informing relevant authorities about the incident. "On 29 October 2021, we were informed of the cyber incident by the third party." the breach notice reads. READ MORE...
Suspect in scheme to breach major Twitter accounts is now charged with hacking crypto executives
Federal prosecutors on Wednesday unsealed an indictment against a 22-year-old British man accused of stealing $784,000 in cryptocurrency from a Manhattan-based holding company. U.S. attorneys in the Southern District of New York say Joseph James O'Connor and his associates SIM-swapped three executives between March and May in 2019 at a company that maintained cryptocurrency wallet infrastructure for various international exchanges. READ MORE...
'Tortilla' Wraps Exchange Servers in ProxyShell Attacks
A new-ish threat actor sometimes known as "Tortilla" is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware. Cisco Talos researchers said in a Wednesday report that they spotted the malicious campaign a few weeks ago, on Oct. 12. Tortilla, an actor that's been operating since July, is predominantly targeting U.S. victims. READ MORE...
Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar
A new Magecart threat actor is stealing people's payment card info from their browsers using a digital skimmer that uses a unique form of evasion to bypass virtual machines (VM) so it targets only actual victims and not security researchers. The Malwarebytes team discovered the new campaign, which adds an extra browser process that uses the WebGL JavaScript API to check a user's machine to ensure it's not running on a VM, researchers revealed in a blog post published Wednesday. READ MORE...
Google wants every account to use 2FA, starts auto-enrolling users
Google announced earlier this year that it is planning to forcefully transition as many of its users as possible to two-factor authentication (2FA). The company elaborated further in October, saying it was planning to auto-enroll 150 million Google accounts in 2FA by the end of the year. Now, with just two months left in the year, Android Police has found a few reports showing that the process has started, with some users finally being auto-enrolled in 2FA. READ MORE...
Sonos, HP, and Canon devices hacked at Pwn2Own Austin 2021
During the first day of Pwn2Own Austin 2021, contestants won $362,500 after exploiting previously unknown security flaws to hack printers, routers, NAS devices, and speakers from Canon, HP, Western Digital, Cisco, Sonos, TP-Link, and NETGEAR. At Pwn2Own Austin (previously known as Pwn2Own Mobile), security researchers will target mobile phones, printers, routers, network-attached storage, smart speakers, televisions, external storage, and other devices, all up to date and in their default configuration. READ MORE...
Google warns Android users of zero-day vulnerability being actively attacked
Google's latest monthly security patches for the Android operating system contains fixes for 39 flaws, including one security vulnerability that the tech giant says is being actively exploited in the wild. The security hole is described as a use-after-free (UAF) vulnerability in the Android operating system's kernel. UAF vulnerabilities can occur when a program uses dynamic memory incorrectly, giving attackers an opportunity to trick it into running their own malicious code. READ MORE...
Tens of thousands unpatched GitLab servers under attack via CVE-2021-22205
Attackers are actively exploiting an "old" vulnerability (CVE-2021-22205) to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The additional bad news is that at least half of the 60,000 internet-facing GitLab installations the company detects are not patched against this issue. What are the attackers doing with these servers? Damian Menscher, a security reliability engineer responsible for DDoS defense at Google, says that some of them are used to generate DDoS attacks: READ MORE...
- ...in 1916, American broadcast journalist Walter Cronkite, known as "the most trusted man in America", is born in Saint Joseph, MO.
- ...in 1922, archaeologist Howard Carter's expedition finds the entrance to the tomb of of the Egyptian pharaoh Tutankhamun.
- ...in 1979, the Iran hostage crisis begins when supporters of the Ayatollah Khomeini overrun the US embassy in Tehran, taking more than 90 hostages.
- ...in 2010, former Cincinnati Reds manager George "Sparky" Anderson, who led the team to two consecutive championships in 1975 and 1976, passes away at his home.
