The Internet Archive breach continues
Cybersecurity troubles are not over for the Internet Archive (IA), the nonprofit organization behind the popular digital library site: after the recent DDoS attacks, defacement and data breach, an email sent via its Zendesk customer service platform has shown that some of its IT assets remain compromised. Two weeks ago, the Internet Archive was made inaccessible by several DDoS attacks claimed by pro-Palestinian hacktivists. READ MORE...
Tech giant Nidec confirms data breach following ransomware attack
Nidec Corporation is informing that hackers behind a ransomware attack is suffered earlier this year stole data and leaked it on the dark web. The Japanese tech giant says the threat actors tried to extort the company and decided to leak the information after their demands were not met. The attack did not encrypt files and the incident is considered fully remediated at this time. READ MORE...
DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks
The North Korea-backed advanced persistent threat known as APT37 exploited a zero-day vulnerability in Microsoft's Internet Explorer Web browser over the summer, using it to mount a zero-click supply chain campaign on South Korean targets, researchers revealed. While IE reached end of life in 2022 and many organizations don't use it anymore, there are plenty of legacy applications that do. READ MORE...
Jetpack fixes 8-year-old flaw affecting millions of WordPress sites
A critical security update for the near-ubiquitous WordPress plugin Jetpack was released last week. Site administrators should ensure the latest version is installed to keep their sites secure. Jetpack is a WordPress plugin developed by Automattic, offering features like antispam filtering, site analytics, and more. It released security patches for 101 different versions going all the way back to 2016's version 3.9.9, which introduced a flaw that's been present in the product ever since. READ MORE...
Fortinet releases patches for undisclosed critical FortiManager vulnerability
In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese threat actors. The company, which is known for pushing out fixes for critical vulnerabilities before disclosing their existence to the public, has privately notified select customers a week ago and shared temporary mitigation advice. READ MORE...
Open source LLM tool primed to sniff out Python zero-days
Researchers with Seattle-based Protect AI plan to release a free, open source tool that can find zero-day vulnerabilities in Python codebases with the help of Anthropic's Claude AI model. The software, called Vulnhuntr, was announced at the No Hat security conference in Italy on Saturday. "The tool does not simply paste some code from the project and ask for analysis," explained Dan McInerney, lead AI threat researcher at Protect AI. READ MORE...
Microsoft creates fake Azure tenants to pull phishers into honeypots
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. With the collected data, Microsoft can map malicious infrastructure, gain a deeper understanding of sophisticated phishing operations, disrupt campaigns at scale, identify cybercriminals, and significantly slow down their activity. READ MORE...
Roundcube Webmail Vulnerability Exploited in Government Attack
A threat actor was caught attempting to exploit a recent vulnerability in Roundcube Webmail against a governmental organization in a Commonwealth of Independent States (CIS) country, cybersecurity firm Positive Technologies reports. Tracked as CVE-2024-37383 and described as a cross-site scripting (XSS) issue affecting the way Roundcube was handling SVG animate attributes, the bug was patched on May 19 in Roundcube Webmail versions 1.5.7 and 1.6.7. READ MORE...
Unauthorized data access vulnerability in macOS is detailed by Microsoft
The Microsoft Threat Intelligence team disclosed details about a macOS vulnerability, dubbed "HM Surf," that could allow an attacker to gain access to the user's data in Safari. The data the attacker could access without users' consent includes browsed pages, along with the device's camera, microphone, and location. The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update from Apple. READ MORE...
- ...in 1879, Thomas Edison applies for a patent for his design for an incandescent light bulb.
- ...in 1917, jazz trumpeter and composer John Birks "Dizzy" Gillespie, one of the early pioneers of bebop and Afro-Cuban jazz, is born in Cheraw, SC.
- ...in 1940, Ernest Hemingway's novel "For Whom the Bell Tolls" is published.
- ...in 1959, the Solomon R. Guggenheim Museum, designed by architect Frank Lloyd Wright, opens to the public in New York City.
