BuzzSec

Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition. "The [remote code execution] vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device," security researcher from The Hacker News https://thehackernews.com/2024/07/microsoft-uncovers-critical-flaws-in.html

Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing users' personal data to train the company's artificial intelligence (AI) algorithms. The ANPD said it found "evidence of processing of personal data based on inadequate legal hypothesis, lack of transparency, limitation of the rights of data subjects, and risks to from The Hacker News https://thehackernews.com/2024/07/brazil-halts-metas-ai-data-processing.html

A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the Cobalt Strike.  The crackdown targeted older, unlicensed versions of the Cobalt Strike red teaming framework between June 24 and 28, according to Europol. Of the 690 IP addresses that were flagged to from The Hacker News https://thehackernews.com/2024/07/global-police-operation-shuts-down-600.html

Recently the Office of the Director of National Intelligence (ODNI) unveiled a new strategy for open-source intelligence (OSINT) and referred to OSINT as the “INT of first resort”. Public and private sector organizations are realizing the value that the discipline can provide but are also finding that the exponential growth of digital data in recent years has overwhelmed many traditional OSINT from The Hacker News https://thehackernews.com/2024/07/the-emerging-role-of-ai-in-open-source.html

Unknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance tool called MerkSpy as part of a campaign primarily targeting users in Canada, India, Poland, and the U.S. "MerkSpy is designed to clandestinely monitor user activities, capture sensitive information, and establish persistence on compromised systems," Fortinet FortiGuard from The Hacker News https://thehackernews.com/2024/07/microsoft-mshtml-flaw-exploited-to.html

The loader-as-a-service (LaaS) known as FakeBat has become one of the most widespread loader malware families distributed using the drive-by download technique this year, findings from Sekoia reveal. "FakeBat primarily aims to download and execute the next-stage payload, such as IcedID, Lumma, RedLine, SmokeLoader, SectopRAT, and Ursnif," the company said in a Tuesday analysis. Drive-by attacks from The Hacker News https://thehackernews.com/2024/07/fakebat-loader-malware-spreads-widely.html

An unnamed South Korean enterprise resource planning (ERP) vendor's product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor. The AhnLab Security Intelligence Center (ASEC), which identified the attack in May 2024, did not attribute it to a known threat actor or group, but noted that the tactics overlap with that of Andariel, a sub-cluster within the from The Hacker News https://thehackernews.com/2024/07/south-korean-erp-vendors-server-hacked.html

from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-14-27-important-alert-teamviewer-network-breached-as-russian-apt29-hackets-strike-again

At our recent Take Command summit, experts delved into the pressing challenges faced by SOC teams. With 2,365 more data breaches in 2023 than in 2022 (74% of which were a direct result of cyber attacks), the need for robust security operations has never been greater. Key takeaways from the 25 minute panel: Emphasizing Proactive Defense : SOC teams must prioritize proactive threat detection and intelligence gathering to stay ahead of evolving cyber threats. Enhancing Response Times : Reducing incident response times is crucial for mitigating the impact of security breaches and minimizing damage. Leveraging Advanced Tools : Utilizing advanced threat detection technologies, such as AI and machine learning, can significantly improve the ability to identify and respond to sophisticated attacks. Key Quote: "The increasing use of native tools by threat actors means they can stay hidden longer, complicating our detection efforts."  - Lonnie Best, Detection & Response Se

This article about an app that lets people remotely view bars to see if they’re crowded or not is filled with commentary—on both sides—about privacy and openness. from Schneier on Security https://www.schneier.com/blog/archives/2024/07/public-surveillance-of-bars.html

In March 2024 I collected and analyzed 203 events dominated by malware attacks. Cyber Crime continued to lead the Motivations chart with 72.9%, ahead of Cyber Espionage with 13.3%, Cyber Warfare (5.9%) and Hacktivism (2.5%). from HACKMAGEDDON https://www.hackmageddon.com/2024/07/02/march-2024-cyber-attacks-statistics/

A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected from The Hacker News https://thehackernews.com/2024/07/chinese-hackers-exploiting-cisco.html

An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data. The unnamed 42-year-old "allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them," the Australian Federal Police (AFP) said in a press from The Hacker News https://thehackernews.com/2024/07/australian-man-charged-for-fake-wi-fi.html

Check out the June updates in Compliance Plus so you can stay on top of featured compliance training content. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-cmp-content-updates-june-2024

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. “An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor from The Hacker News https://thehackernews.com/2024/07/juniper-networks-releases-critical.html