Your daily dose of relevant cybersecurity advisories, industry news, and product updates for August 24, 2023.
For the latest news on malware and ransomware, check out our weekly Malware Roundup.
Advisories
- More than 3,000 Openfire servers exposed to attacks using a new exploit
- Hackers use public ManageEngine exploit to breach internet org
- New stealthy techniques let hackers gain Windows SYSTEM privileges
- New Variant of XLoader macOS Malware Disguised as ‘OfficeNote’ Productivity App
- Ivanti Issues Fix for Critical Vuln in Its Sentry Gateway Technology
- Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist
- New Juniper Junos OS Flaws Expose Devices to Remote Attacks – Patch Now
- Akira ransomware gang spotted targeting Cisco VPN products to hack organizations
- FBI: Patches for Recent Barracuda ESG Zero-Day Ineffective
- Traders Targeted by Cybercriminals in Attack Exploiting WinRAR Zero-Day
- Rockwell ThinManager Vulnerabilities Could Expose Industrial HMIs to Attacks
- New Telegram Bot “Telekopye” Powering Large-scale Phishing Scams from Russia
- TP-Link Tapo L530E smart bulb flaws allow hackers to steal user passwords
- Apache XML Graphics Batik Flaw Exposes Sensitive Information
- FBI Warns of Cryptocurrency Heists by North Korea’s Lazarus Group
- Attackers Dangle AI-Based Facebook Ad Lures to Hijack Business Accounts
Industry News
- Confusion Surrounds SEC’s New Cybersecurity Material Rule
- Hosting Provider CloudNordic Loses All Customer Data in Ransomware Attack
- Defense contractor Belcan leaks admin password with a list of flaws
- Chinese APT Targets Hong Kong in Supply Chain Attack
- UK court finds teenagers guilty of carrying out LAPSUS$ hacking spree
- Tornado Cash Founders Charged in Billion-Dollar Crypto Laundering Scandal
- GroundPeony Group Exploiting Zero-day Flaw to Attack Government Agencies
- Snatch gang claims the hack of the Department of Defence South Africa
- Tesla Data Breach Investigation Reveals Inside Job
- Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection
- Google Workspace Introduces Notable Security Enhancements
- Meta Set to Enable Default End-to-End Encryption on Messenger by Year End
- New NCUA Rule Requires Credit Unions to Report Cyberattacks Within 3 Days
- Bomb scare causes mass evacuation at DEFCON
Products & Services
- Bitwarden releases free and open-source E2EE Secrets Manager
- Fastly Launches Certainly CA
- eSentire introduces LLM Gateway to help businesses secure generative AI
- Dope Security wants to help CISOs get a handle on shadow IT
- Prelude Security Tackles Continuous Security Testing in Containers
- eSentire Labs Open Sources Project to Monitor LLMs
- New Relic enhances its AIOps capabilities with recommended alerts
- ProjectDiscovery Announces $25M Series A Financing and Launch of Cloud Platform
- ImmuniWeb introduces ImmuniWeb Neuron Mobile, an automated mobile app security testing solution
- Trulioo enhances identity verification with “person match” intelligent routing